From 678b2a56219906b17a40b84b4c5ab6bc4c262a72 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 12 May 2019 18:25:01 +0200
Subject: [PATCH] chg: [o365-exchange-techniques] Actions on Intent added
 (finalized)

---
 clusters/o365-exchange-techniques.json | 40 ++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/clusters/o365-exchange-techniques.json b/clusters/o365-exchange-techniques.json
index 2f9816f..782dd9f 100644
--- a/clusters/o365-exchange-techniques.json
+++ b/clusters/o365-exchange-techniques.json
@@ -329,6 +329,46 @@
       },
       "uuid": "a69da576-7ed2-4b29-8c4a-6c16bd2c2a54",
       "value": "On-Prem Exchange - Delegation"
+    },
+    {
+      "description": "O365 - MailSniper: Search Mailbox for content",
+      "meta": {
+        "kill_chain": [
+          "tactics:Actions on Intent"
+        ]
+      },
+      "uuid": "ae6eb93b-503f-49b5-98db-3f282551facb",
+      "value": "O365 - MailSniper: Search Mailbox for content"
+    },
+    {
+      "description": "O365 - Search for Content with eDiscovery",
+      "meta": {
+        "kill_chain": [
+          "tactics:Actions on Intent"
+        ]
+      },
+      "uuid": "8ac66795-5e59-4993-973b-b6efd78fb1c8",
+      "value": "O365 - Search for Content with eDiscovery"
+    },
+    {
+      "description": "O365 - Exfiltration email using EWS APIs with PowerShell",
+      "meta": {
+        "kill_chain": [
+          "tactics:Actions on Intent"
+        ]
+      },
+      "uuid": "4d67a417-169c-47d0-a7fa-d710b9e2f611",
+      "value": "O365 - Exfiltration email using EWS APIs with PowerShell"
+    },
+    {
+      "description": "O365 - Download documents and email",
+      "meta": {
+        "kill_chain": [
+          "tactics:Actions on Intent"
+        ]
+      },
+      "uuid": "1ccc00f8-d4b5-4c72-a7c0-a53127497a7c",
+      "value": "O365 - Download documents and email"
     }
   ],
   "version": 1