Uncover gaps in your Microsoft Identity Security.
Book an identity exposure gap analysis today.
Back to all detections

M365 Attacker Tool: Ruler

M365 Attacker Tool: Ruler
Overview
Possible Root Causes
Example Scenarios
Business Impact
Steps to Investigate
MITRE ATT&CK Techniques
Related Detections
FAQ

Detection overview

Triggers

  • The Ruler attack tool has been observed.

Possible Root Causes

  • An adversary has used compromised account credentials in conjunction with the Ruler attack tool to enable malicious code or command execution.
  • As this is a known attacker tool, there are no non-malicious use cases.

Business Impact

  • Use of this tool may allow an adversary to install malware or execute commands on the endpoint running the exchange client associated with this compromised account. Malware or arbitrary command execution may be used for a variety of malicious activities, such as additional credential compromise, data collection and exfiltration, or to further attack progression.

Steps to Verify

  • Investigate the compromised account for additional malicious actions and respond according to findings.
M365 Attacker Tool: Ruler

Possible root causes

Malicious Detection

Benign Detection

M365 Attacker Tool: Ruler

Example scenarios

M365 Attacker Tool: Ruler

Business impact

If this detection indicates a genuine threat, the organization faces significant risks:

M365 Attacker Tool: Ruler

Steps to investigate

M365 Attacker Tool: Ruler

MITRE ATT&CK techniques covered

Email Collection

T1114

Office Application Startup

T1137
M365 Attacker Tool: Ruler

Related detections

No items found.

See our detections in action

Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.

Don't just read about the possibilities – experience them.

Launch the free tour
Ask for a custom demo

FAQs