Esc
Additional Email Delegate Permissions - T1098.002

(ATT&CK® Technique)
Definition

Adversaries may grant additional permission levels to maintain persistent access to an adversary-controlled email account.
D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.
        graph LR;

     T1098002["Additional Email Delegate Permissions"] --> |modifies| DomainUserAccount["Domain User Account"]; class T1098002 OffensiveTechniqueNode;
        class DomainUserAccount ArtifactNode; click DomainUserAccount href "/dao/artifact/d3f:DomainUserAccount";
        click T1098002 href "/offensive-technique/attack/T1098.002/"; click DomainUserAccount href "/dao/artifact/d3f:DomainUserAccount";    T1098002["Additional Email Delegate Permissions"] --> |modifies| UserAccount["User Account"]; class T1098002 OffensiveTechniqueNode;
        class UserAccount ArtifactNode; click UserAccount href "/dao/artifact/d3f:UserAccount";
        click T1098002 href "/offensive-technique/attack/T1098.002/"; click UserAccount href "/dao/artifact/d3f:UserAccount";          AccountLocking["Account Locking"] -->
          | disables | DomainUserAccount["Domain User Account"];

          AccountLocking["Account Locking"] -.->
            | May Evict | T1098002["Additional Email Delegate Permissions"] ;
          class AccountLocking DefensiveTechniqueNode;
          class DomainUserAccount ArtifactNode;
          click AccountLocking href "/technique/d3f:AccountLocking"; UserAccountPermissions["User Account Permissions"] -->
          | restricts | DomainUserAccount["Domain User Account"];

          UserAccountPermissions["User Account Permissions"] -.->
            | May Harden | T1098002["Additional Email Delegate Permissions"] ;
          class UserAccountPermissions DefensiveTechniqueNode;
          class DomainUserAccount ArtifactNode;
          click UserAccountPermissions href "/technique/d3f:UserAccountPermissions"; Multi-factorAuthentication["Multi-factor Authentication"] -->
          | authenticates | DomainUserAccount["Domain User Account"];

          Multi-factorAuthentication["Multi-factor Authentication"] -.->
            | May Harden | T1098002["Additional Email Delegate Permissions"] ;
          class Multi-factorAuthentication DefensiveTechniqueNode;
          class DomainUserAccount ArtifactNode;
          click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication"; One-timePassword["One-time Password"] -->
          | authenticates | DomainUserAccount["Domain User Account"];

          One-timePassword["One-time Password"] -.->
            | May Harden | T1098002["Additional Email Delegate Permissions"] ;
          class One-timePassword DefensiveTechniqueNode;
          class DomainUserAccount ArtifactNode;
          click One-timePassword href "/technique/d3f:One-timePassword"; StrongPasswordPolicy["Strong Password Policy"] -->
          | strengthens | DomainUserAccount["Domain User Account"];

          StrongPasswordPolicy["Strong Password Policy"] -.->
            | May Harden | T1098002["Additional Email Delegate Permissions"] ;
          class StrongPasswordPolicy DefensiveTechniqueNode;
          class DomainUserAccount ArtifactNode;
          click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy";                AccountLocking["Account Locking"] -->
          | disables | UserAccount["User Account"];

          
          class AccountLocking DefensiveTechniqueNode;
          class UserAccount ArtifactNode;
          click AccountLocking href "/technique/d3f:AccountLocking";   Multi-factorAuthentication["Multi-factor Authentication"] -->
          | authenticates | UserAccount["User Account"];

          
          class Multi-factorAuthentication DefensiveTechniqueNode;
          class UserAccount ArtifactNode;
          click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication";  One-timePassword["One-time Password"] -->
          | authenticates | UserAccount["User Account"];

          
          class One-timePassword DefensiveTechniqueNode;
          class UserAccount ArtifactNode;
          click One-timePassword href "/technique/d3f:One-timePassword";  StrongPasswordPolicy["Strong Password Policy"] -->
          | strengthens | UserAccount["User Account"];

          
          class StrongPasswordPolicy DefensiveTechniqueNode;
          class UserAccount ArtifactNode;
          click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy";                                               BiometricAuthentication["Biometric Authentication"] -->
          | authenticates | DomainUserAccount["Domain User Account"];

          BiometricAuthentication["Biometric Authentication"] -.->
            | May Harden | T1098002["Additional Email Delegate Permissions"] ;
          class BiometricAuthentication DefensiveTechniqueNode;
          class DomainUserAccount ArtifactNode;
          click BiometricAuthentication href "/technique/d3f:BiometricAuthentication";    UserAccountPermissions["User Account Permissions"] -->
          | restricts | UserAccount["User Account"];

          
          class UserAccountPermissions DefensiveTechniqueNode;
          class UserAccount ArtifactNode;
          click UserAccountPermissions href "/technique/d3f:UserAccountPermissions"; BiometricAuthentication["Biometric Authentication"] -->
          | authenticates | UserAccount["User Account"];

          
          class BiometricAuthentication DefensiveTechniqueNode;
          class UserAccount ArtifactNode;
          click BiometricAuthentication href "/technique/d3f:BiometricAuthentication";           DomainAccountMonitoring["Domain Account Monitoring"] -->
          | monitors | DomainUserAccount["Domain User Account"];

          DomainAccountMonitoring["Domain Account Monitoring"] -.->
            | May Detect | T1098002["Additional Email Delegate Permissions"] ;
          class DomainAccountMonitoring DefensiveTechniqueNode;
          class DomainUserAccount ArtifactNode;
          click DomainAccountMonitoring href "/technique/d3f:DomainAccountMonitoring";               RestoreUserAccountAccess["Restore User Account Access"] -->
          | restores | DomainUserAccount["Domain User Account"];

          RestoreUserAccountAccess["Restore User Account Access"] -.->
            | May Restore | T1098002["Additional Email Delegate Permissions"] ;
          class RestoreUserAccountAccess DefensiveTechniqueNode;
          class DomainUserAccount ArtifactNode;
          click RestoreUserAccountAccess href "/technique/d3f:RestoreUserAccountAccess";         RestoreUserAccountAccess["Restore User Account Access"] -->
          | restores | UserAccount["User Account"];

          
          class RestoreUserAccountAccess DefensiveTechniqueNode;
          class UserAccount ArtifactNode;
          click RestoreUserAccountAccess href "/technique/d3f:RestoreUserAccountAccess";                    UnlockAccount["Unlock Account"] -->
          | restores | DomainUserAccount["Domain User Account"];

          UnlockAccount["Unlock Account"] -.->
            | May Restore | T1098002["Additional Email Delegate Permissions"] ;
          class UnlockAccount DefensiveTechniqueNode;
          class DomainUserAccount ArtifactNode;
          click UnlockAccount href "/technique/d3f:UnlockAccount";    UnlockAccount["Unlock Account"] -->
          | restores | UserAccount["User Account"];

          
          class UnlockAccount DefensiveTechniqueNode;
          class UserAccount ArtifactNode;
          click UnlockAccount href "/technique/d3f:UnlockAccount";
json