LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

MITRE ATT&CK  /  T1137.003

T1137.003

Outlook Forms

SUB-TECHNIQUE Persistence

Description

Adversaries may abuse Microsoft Outlook forms to obtain persistence on a compromised system. Outlook forms are used as templates for presentation and functionality in Outlook messages. Custom Outlook forms can be created that will execute code when a specifically crafted email is sent by an adversary utilizing the same custom Outlook form.(Citation: SensePost Outlook Forms)Once malicious forms have been added to the user’s mailbox, they will be loaded when Outlook is started. Malicious forms will execute when an adversary sends a specifically crafted email to the user.(Citation: SensePost Outlook Forms)

Platforms

WindowsOffice Suite

Mitigations

  • M1051 — Update Software
  • M1040 — Behavior Prevention on Endpoint
Look up any technique

Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.

Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →

Scroll to Top