Host Sending Excessive Email

Description

Alerts when an host not designated as an e-mail server sends excessive e-mail to one or more target hosts.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat

Category

Endpoint Compromise, Data Exfiltration, Insider Threat

Alert Volume

Alerts when an host not designated as an e-mail server sends excessive e-mail to one or more target hosts.

SPL Difficulty

Advanced

Journey

Stage 4

MITRE ATT&CK Tactics

Initial Access

MITRE ATT&CK Techniques

Spearphishing Attachment
Spearphishing Link

Spearphishing Attachment
Spearphishing Link

MITRE Threat Groups

APT-C-36
APT1
APT12
APT19
APT28
APT29
APT30
APT32
APT33
APT37
APT39
APT41
BRONZE BUTLER
BlackTech
Cobalt Group
DarkHydrus
Darkhotel
Dragonfly 2.0
Elderwood
FIN4
FIN6
FIN7
FIN8
Frankenstein
Gallmaker
Gamaredon Group
Gorgon Group
Inception
Kimsuky
Lazarus Group
Leviathan
Machete
Magic Hound
Mofang
Molerats
MuddyWater
Naikon
Night Dragon
OilRig
PLATINUM
Patchwork
RTM
Rancor
Sandworm Team
Sharpshooter
Silence
Stolen Pencil
TA459
TA505
The White Company
Tropic Trooper
Turla
Windshift
Wizard Spider
admin@338
menuPass

Data Sources

Email