Skip to content

S0413 MailSniper

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used by a non-administrative user to search their own email, or by an Exchange administrator to search the mailboxes of every user in a domain.1

Item Value
ID S0413
Associated Names
Version 1.1
Created 05 October 2019
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1087 Account Discovery -
enterprise T1087.003 Email Account MailSniper can be used to obtain account names from Exchange and Office 365 using the Get-GlobalAddressList cmdlet.2
enterprise T1110 Brute Force -
enterprise T1110.003 Password Spraying MailSniper can be used for password spraying against Exchange and Office 365.1
enterprise T1114 Email Collection -
enterprise T1114.002 Remote Email Collection MailSniper can be used for searching through email in Exchange and Office 365 environments.1

Groups That Use This Software

ID Name References
G0077 Leafminer 3