Esc
Spearphishing via Service - T1566.003
(ATT&CK® Technique)
Definition
Adversaries may send spearphishing messages via third-party services in an attempt to gain access to victim systems. Spearphishing via service is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of third party services rather than directly via enterprise email channels.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1566003["Spearphishing via Service"] --> |produces| File["File"]; class T1566003 OffensiveTechniqueNode; class File ArtifactNode; click File href "/dao/artifact/d3f:File"; click T1566003 href "/offensive-technique/attack/T1566.003/"; click File href "/dao/artifact/d3f:File"; T1566003["Spearphishing via Service"] --> |produces| URL["URL"]; class T1566003 OffensiveTechniqueNode; class URL ArtifactNode; click URL href "/dao/artifact/d3f:URL"; click T1566003 href "/offensive-technique/attack/T1566.003/"; click URL href "/dao/artifact/d3f:URL"; IdentifierActivityAnalysis["Identifier Activity Analysis"] --> | analyzes | URL["URL"]; IdentifierActivityAnalysis["Identifier Activity Analysis"] -.-> | May Detect | T1566003["Spearphishing via Service"] ; class IdentifierActivityAnalysis DefensiveTechniqueNode; class URL ArtifactNode; click IdentifierActivityAnalysis href "/technique/d3f:IdentifierActivityAnalysis"; HomoglyphDetection["Homoglyph Detection"] --> | analyzes | URL["URL"]; HomoglyphDetection["Homoglyph Detection"] -.-> | May Detect | T1566003["Spearphishing via Service"] ; class HomoglyphDetection DefensiveTechniqueNode; class URL ArtifactNode; click HomoglyphDetection href "/technique/d3f:HomoglyphDetection"; URLAnalysis["URL Analysis"] --> | analyzes | URL["URL"]; URLAnalysis["URL Analysis"] -.-> | May Detect | T1566003["Spearphishing via Service"] ; class URLAnalysis DefensiveTechniqueNode; class URL ArtifactNode; click URLAnalysis href "/technique/d3f:URLAnalysis"; DecoyFile["Decoy File"] --> | spoofs | File["File"]; DecoyFile["Decoy File"] -.-> | May Deceive | T1566003["Spearphishing via Service"] ; class DecoyFile DefensiveTechniqueNode; class File ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; FileIntegrityMonitoring["File Integrity Monitoring"] --> | analyzes | File["File"]; FileIntegrityMonitoring["File Integrity Monitoring"] -.-> | May Detect | T1566003["Spearphishing via Service"] ; class FileIntegrityMonitoring DefensiveTechniqueNode; class File ArtifactNode; click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; URLReputationAnalysis["URL Reputation Analysis"] --> | analyzes | URL["URL"]; URLReputationAnalysis["URL Reputation Analysis"] -.-> | May Detect | T1566003["Spearphishing via Service"] ; class URLReputationAnalysis DefensiveTechniqueNode; class URL ArtifactNode; click URLReputationAnalysis href "/technique/d3f:URLReputationAnalysis"; FileAnalysis["File Analysis"] --> | analyzes | File["File"]; FileAnalysis["File Analysis"] -.-> | May Detect | T1566003["Spearphishing via Service"] ; class FileAnalysis DefensiveTechniqueNode; class File ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; FileEviction["File Eviction"] --> | deletes | File["File"]; FileEviction["File Eviction"] -.-> | May Evict | T1566003["Spearphishing via Service"] ; class FileEviction DefensiveTechniqueNode; class File ArtifactNode; click FileEviction href "/technique/d3f:FileEviction"; FileEncryption["File Encryption"] --> | encrypts | File["File"]; FileEncryption["File Encryption"] -.-> | May Harden | T1566003["Spearphishing via Service"] ; class FileEncryption DefensiveTechniqueNode; class File ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; LocalFilePermissions["Local File Permissions"] --> | restricts | File["File"]; LocalFilePermissions["Local File Permissions"] -.-> | May Harden | T1566003["Spearphishing via Service"] ; class LocalFilePermissions DefensiveTechniqueNode; class File ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; RestoreFile["Restore File"] --> | restores | File["File"]; RestoreFile["Restore File"] -.-> | May Restore | T1566003["Spearphishing via Service"] ; class RestoreFile DefensiveTechniqueNode; class File ArtifactNode; click RestoreFile href "/technique/d3f:RestoreFile";