Esc
Spearphishing Attachment - T1566.001
(ATT&CK® Technique)
Definition
No definition available.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1566001["Spearphishing Attachment"] --> |produces| InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; class T1566001 OffensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click InboundInternetMailTraffic href "/dao/artifact/d3f:InboundInternetMailTraffic"; click T1566001 href "/offensive-technique/attack/T1566.001/"; click InboundInternetMailTraffic href "/dao/artifact/d3f:InboundInternetMailTraffic"; T1566001["Spearphishing Attachment"] --> |produces| Email["Email"]; class T1566001 OffensiveTechniqueNode; class Email ArtifactNode; click Email href "/dao/artifact/d3f:Email"; click T1566001 href "/offensive-technique/attack/T1566.001/"; click Email href "/dao/artifact/d3f:Email"; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] --> | analyzes | InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class ProtocolMetadataAnomalyDetection DefensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click ProtocolMetadataAnomalyDetection href "/technique/d3f:ProtocolMetadataAnomalyDetection"; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] --> | analyzes | InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class RemoteTerminalSessionDetection DefensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click RemoteTerminalSessionDetection href "/technique/d3f:RemoteTerminalSessionDetection"; Client-serverPayloadProfiling["Client-server Payload Profiling"] --> | analyzes | InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; Client-serverPayloadProfiling["Client-server Payload Profiling"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class Client-serverPayloadProfiling DefensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click Client-serverPayloadProfiling href "/technique/d3f:Client-serverPayloadProfiling"; InboundSessionVolumeAnalysis["Inbound Session Volume Analysis"] --> | analyzes | InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; InboundSessionVolumeAnalysis["Inbound Session Volume Analysis"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class InboundSessionVolumeAnalysis DefensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click InboundSessionVolumeAnalysis href "/technique/d3f:InboundSessionVolumeAnalysis"; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] --> | analyzes | InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class NetworkTrafficCommunityDeviation DefensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click NetworkTrafficCommunityDeviation href "/technique/d3f:NetworkTrafficCommunityDeviation"; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] --> | analyzes | InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class PerHostDownload-UploadRatioAnalysis DefensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click PerHostDownload-UploadRatioAnalysis href "/technique/d3f:PerHostDownload-UploadRatioAnalysis"; EmulatedFileAnalysis["Emulated File Analysis"] --> | analyzes | Email["Email"]; EmulatedFileAnalysis["Emulated File Analysis"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class EmulatedFileAnalysis DefensiveTechniqueNode; class Email ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; DynamicAnalysis["Dynamic Analysis"] --> | analyzes | Email["Email"]; DynamicAnalysis["Dynamic Analysis"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class DynamicAnalysis DefensiveTechniqueNode; class Email ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; HomoglyphDetection["Homoglyph Detection"] --> | analyzes | Email["Email"]; HomoglyphDetection["Homoglyph Detection"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class HomoglyphDetection DefensiveTechniqueNode; class Email ArtifactNode; click HomoglyphDetection href "/technique/d3f:HomoglyphDetection"; DecoyFile["Decoy File"] --> | spoofs | Email["Email"]; DecoyFile["Decoy File"] -.-> | May Deceive | T1566001["Spearphishing Attachment"] ; class DecoyFile DefensiveTechniqueNode; class Email ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; FileIntegrityMonitoring["File Integrity Monitoring"] --> | analyzes | Email["Email"]; FileIntegrityMonitoring["File Integrity Monitoring"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class FileIntegrityMonitoring DefensiveTechniqueNode; class Email ArtifactNode; click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; SenderMTAReputationAnalysis["Sender MTA Reputation Analysis"] --> | analyzes | Email["Email"]; SenderMTAReputationAnalysis["Sender MTA Reputation Analysis"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class SenderMTAReputationAnalysis DefensiveTechniqueNode; class Email ArtifactNode; click SenderMTAReputationAnalysis href "/technique/d3f:SenderMTAReputationAnalysis"; SenderReputationAnalysis["Sender Reputation Analysis"] --> | analyzes | Email["Email"]; SenderReputationAnalysis["Sender Reputation Analysis"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class SenderReputationAnalysis DefensiveTechniqueNode; class Email ArtifactNode; click SenderReputationAnalysis href "/technique/d3f:SenderReputationAnalysis"; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] --> | analyzes | InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class UserGeolocationLogonPatternAnalysis DefensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click UserGeolocationLogonPatternAnalysis href "/technique/d3f:UserGeolocationLogonPatternAnalysis"; FileEncryption["File Encryption"] --> | encrypts | Email["Email"]; FileEncryption["File Encryption"] -.-> | May Harden | T1566001["Spearphishing Attachment"] ; class FileEncryption DefensiveTechniqueNode; class Email ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; LocalFilePermissions["Local File Permissions"] --> | restricts | Email["Email"]; LocalFilePermissions["Local File Permissions"] -.-> | May Harden | T1566001["Spearphishing Attachment"] ; class LocalFilePermissions DefensiveTechniqueNode; class Email ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; RestoreFile["Restore File"] --> | restores | Email["Email"]; RestoreFile["Restore File"] -.-> | May Restore | T1566001["Spearphishing Attachment"] ; class RestoreFile DefensiveTechniqueNode; class Email ArtifactNode; click RestoreFile href "/technique/d3f:RestoreFile"; FileAnalysis["File Analysis"] --> | analyzes | Email["Email"]; FileAnalysis["File Analysis"] -.-> | May Detect | T1566001["Spearphishing Attachment"] ; class FileAnalysis DefensiveTechniqueNode; class Email ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; EmailRemoval["Email Removal"] --> | deletes | Email["Email"]; EmailRemoval["Email Removal"] -.-> | May Evict | T1566001["Spearphishing Attachment"] ; class EmailRemoval DefensiveTechniqueNode; class Email ArtifactNode; click EmailRemoval href "/technique/d3f:EmailRemoval"; InboundTrafficFiltering["Inbound Traffic Filtering"] --> | filters | InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; InboundTrafficFiltering["Inbound Traffic Filtering"] -.-> | May Isolate | T1566001["Spearphishing Attachment"] ; class InboundTrafficFiltering DefensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click InboundTrafficFiltering href "/technique/d3f:InboundTrafficFiltering"; FileRemoval["File Removal"] --> | deletes | Email["Email"]; FileRemoval["File Removal"] -.-> | May Evict | T1566001["Spearphishing Attachment"] ; class FileRemoval DefensiveTechniqueNode; class Email ArtifactNode; click FileRemoval href "/technique/d3f:FileRemoval"; NetworkTrafficFiltering["Network Traffic Filtering"] --> | filters | InboundInternetMailTraffic["Inbound Internet Mail Traffic"]; NetworkTrafficFiltering["Network Traffic Filtering"] -.-> | May Isolate | T1566001["Spearphishing Attachment"] ; class NetworkTrafficFiltering DefensiveTechniqueNode; class InboundInternetMailTraffic ArtifactNode; click NetworkTrafficFiltering href "/technique/d3f:NetworkTrafficFiltering"; EmailFiltering["Email Filtering"] --> | filters | Email["Email"]; EmailFiltering["Email Filtering"] -.-> | May Isolate | T1566001["Spearphishing Attachment"] ; class EmailFiltering DefensiveTechniqueNode; class Email ArtifactNode; click EmailFiltering href "/technique/d3f:EmailFiltering"; RestoreEmail["Restore Email"] --> | restores | Email["Email"]; RestoreEmail["Restore Email"] -.-> | May Restore | T1566001["Spearphishing Attachment"] ; class RestoreEmail DefensiveTechniqueNode; class Email ArtifactNode; click RestoreEmail href "/technique/d3f:RestoreEmail";