DET0814 Detection of Email Addresses

Technique Detected: T1589.002 (Email Addresses)

Analytics

PRE

AN1946

Monitor for suspicious network traffic that could be indicative of probing for email addresses and/or usernames, such as large/iterative quantities of authentication requests originating from a single source (especially if the source is known to be associated with an adversary/botnet). Analyzing web metadata may also reveal artifacts that can be attributed to potentially malicious activity, such as referer or user-agent string HTTP/S fields.

Log Sources

Mutable Elements