Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
3 Days |
Required Data |
- Requires one of the following data sources:
- Gmail Email Log
OR - Office 365 Mail
|
Detection Modules |
Email |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
This email has been categorized by X-Forefront-Antispam-Report as a threat, suggesting it is likely malicious in nature (e.g., spam, phishing, impersonation, etc.).
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
Variations
EMAIL BETA - X-Forefront-Antispam-Report has categorized this email as containing malware (AMP)
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
This email has been classified by X-Forefront-Antispam-Report as containing malware, indicating a high likelihood that it includes malicious content.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - X-Forefront-Antispam-Report has categorized this email as containing malware (MALW)
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
This email has been classified by X-Forefront-Antispam-Report as containing malware, indicating a high likelihood that it includes malicious content.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - Email contains an attachment flagged by X-Forefront-Antispam-Report as malware due to its file type
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
X-Forefront-Antispam-Report has automatically flagged certain attachment types as malware based on file type (without deeper content analysis). This email includes such attachments.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - Email identified by X-Forefront-Antispam-Report as a phishing attempt
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
X-Forefront-Antispam-Report has classified this email as a phishing attempt in its anti-spam headers, indicating a high likelihood that it is designed to deceive the recipient into disclosing sensitive information.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - Email flagged by X-Forefront-Antispam-Report as a highly confident phishing attempt
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
X-Forefront-Antispam-Report has identified this email as a phishing attempt with high confidence in its anti-spam headers, suggesting a significant risk of deceptive intent aimed at stealing sensitive information.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - Email flagged by X-Forefront-Antispam-Report as impersonating internal communication
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
X-Forefront-Antispam-Report has categorized this email as an attempt to mimic or impersonate internal organizational communication, suggesting a potential internal compromise or impersonation attempt.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - X-Forefront-Antispam-Report has strongly flagged this email as spam
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
X-Forefront-Antispam-Report has classified this email as spam with high confidence in its anti-spam headers, indicating it is likely unsolicited and potentially harmful.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - X-Forefront-Antispam-Report flagged this email as spam
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
X-Forefront-Antispam-Report has classified this email as spam in its anti-spam headers, indicating it is likely unsolicited and potentially harmful.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - X-Forefront-Antispam-Report has flagged this email as a bulk email
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
X-Forefront-Antispam-Report has categorized this email as a bulk message in its anti-spam headers, indicating it is part of mass communication that may be unsolicited or irrelevant to the recipient.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - X-Forefront-Antispam-Report has flagged an internal email as spam
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
X-Forefront-Antispam-Report has classified this email as spam originating from within the organization in its anti-spam headers, indicating a potential internal security issue, such as a compromised account or misconfigured system sending unsolicited messages.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - X-Forefront-Antispam-Report has flagged this email as attempting to forge the sender's identity
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
This email has been classified by X-Forefront-Antispam-Report as spoofing the sender's identity in its anti-spam headers, indicating a high likelihood that the sender's identity has been forged to appear as a trusted source.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - X-Forefront-Antispam-Report has flagged this email as impersonating a specific user within the organization
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
X-Forefront-Antispam-Report has categorized this email as impersonating a specific user within the organization in its anti-spam headers, suggesting a targeted attempt to deceive recipients by mimicking a trusted internal user.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - X-Forefront-Antispam-Report has flagged this email as impersonating the organization's domain
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
This email has been identified by X-Forefront-Antispam-Report as an attempt to impersonate the organization's domain in its anti-spam headers, indicating a deceptive effort to make the email appear as if it originates from the organization's legitimate domain.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - X-Forefront-Antispam-Report has flagged this email as using advanced impersonation techniques
Synopsis
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
X-Forefront-Antispam-Report has categorized this email as using advanced impersonation techniques in its anti-spam headers, indicating the use of sophisticated methods where the sender mimics typical communication patterns to appear credible.
Attacker's Goals
Achieve financial gain, distribute malware, or phish for sensitive information through mass unsolicited emails.
Investigative actions
- Examine email headers to trace origins and check for signs of spoofing.
- Analyze the email content for spam indicators like suspicious links and aggressive marketing language.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.