Website
attachment.outlook.live.net
Tags
Phishing Download Exfiltration
Phishing
Attackers can compose an email, attach a file and use the direct download link to phish users. The caveat with using this method is the phishing link expires in approximately 15 minutes.
Command and Control
None
Exfiltration
Attackers can compose an email, attach file(s) to exfiltrate and send the download link to themselves. This method is not ideal for large files due to the file size restriction in place.
Download
Attackers can compose an email on Outlook and attach a file and then use the file's download link to directly download the file. Restricted file types would first need to have their file extension modified (e.g. mimikatz.exe becomes mimikatz.exe.txt) and then upon download the file extension is modified back to the original extension.
Service Provider
Microsoft
Created: 2021-11-22
Last Update: 2021-11-22
Credits: mr.d0x, @JohnnyCiocca, @ryanlevier