Tool: Ruler

Description

[Ruler](https://attack.mitre.org/software/S0358) is a tool to abuse Microsoft Exchange services. It is publicly available on GitHub and the tool is executed via the command line. The creators of [Ruler](https://attack.mitre.org/software/S0358) have also released a defensive tool, NotRuler, to detect its usage.(Citation: SensePost Ruler GitHub)(Citation: SensePost NotRuler)

External References

• mitre-attack
• SensePost Ruler GitHub
• SensePost NotRuler

Techniques Used by This Tool

• T1087.003 — Email Account
• T1137.003 — Outlook Forms
• T1137.004 — Outlook Home Page
• T1137.005 — Outlook Rules

APT Groups Using This Tool

• APT33