T1137.003 - Outlook Forms
Sub-technique
Tattiche:
Persistence
Persistence
Piattaforme:
Windows Office Suite
Windows Office Suite
Rilevamento:
Not specified
Not specified
Description:
Adversaries may abuse Microsoft Outlook forms to obtain persistence on a compromised system. Outlook forms are used as templates for presentation and functionality in Outlook messages. Custom Outlook forms can be created that will execute code when a specifically crafted email is sent by an adversary utilizing the same custom Outlook form.(Citation: SensePost Outlook Forms)
Once malicious forms have been added to the user’s mailbox, they will be loaded when Outlook is started. Malicious forms will execute when an adversary sends a specifically crafted email to the user.(Citation: SensePost Outlook Forms)
Once malicious forms have been added to the user’s mailbox, they will be loaded when Outlook is started. Malicious forms will execute when an adversary sends a specifically crafted email to the user.(Citation: SensePost Outlook Forms)
Malware (1)
Metadata
| MITRE ID: | T1137.003 |
| STIX ID: | attack-pattern--a9e2cea0-c805-... |
| Piattaforme: | Windows, Office Suite |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |