MITRE Shield will be retired on October 18th in favor of MITRE Engage. To learn more, click here.
Email Manipulation
Modify the flow or contents of email.
Email flow manipulation includes changing which mail appliances process mail flows, to which systems they forward mail, or moving mail after it arrives in an inbox. Email content manipulation includes altering the contents of an email message.
Opportunities
| ID | Description |
|---|---|
| DOS0017 | A phishing email can be detected and blocked from arriving at the intended recipient. |
Use Cases
| ID | Description |
|---|---|
| DUC0015 | A defender can intercept emails that are detected as suspicious or malicious by email detection tools and prevent deliver to the intended target. |
Procedures
| ID | Description |
|---|---|
| DPR0036 | Modify the destination of inbound email to facilitate the collection of inbound spearphishing messages. |
| DPR0064 | Modify the contents of an email message to maintain continuity when it is used for adversary engagement purposes. |
ATT&CK® Techniques
ID | Name | ATT&CK Tactics |
|---|---|---|
| T1566 | Phishing | Initial Access |