Skip to content

Setup Email Deletion Rule

Description

setup email deletion rule module deploys a new mailbox rule on a target mailbox that deletes emails matching a user specified criteria. This allows to hide emails that could indicate compromise such as security alerts, responses to Internal Spearphishing emails, etc.

Trigger

MAAD Attack Arsenal -> "Exchange" -> 4

MITRE ATT&CK Information

Tactic Technique
Defense Evasion Hide Artifacts: Email Hiding Rules

Additional Details

Revert module changes: Yes

Microsoft services accessed by module:

External PowerShell module used: