Home/ MITRE Matrix/ Initial Access/ T1566.003

T1566.003Spearphishing via Service

T1566.003 — Spearphishing via Service is a MITRE ATT&CK technique in the Initial Access tactic. Clankerusecase tracks 5 detection use cases covering it and 2 threat-intel articles citing it.

Initial Access

View on the matrix → Filter Detection Library MITRE official spec ↗

5Use cases

2Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1566 · Phishing

Use cases covering this technique (5)

Detect DNS requests to Phishing Sites leveraging EvilGinx2 ESCU actions · alerting P [LLM] External MS Teams chat invite from IT-impersonating unmanaged or federated tenant Bespoke delivery · hunting DSPDD [LLM] MFA approval within minutes of inbound external Microsoft Teams chat Bespoke exploit · alerting DSPDDCS [LLM] Activity involving ommicrosoft.com Cloaked-Ursa Teams typosquat Bespoke delivery · alerting DSΣPDDCS [LLM] Endpoint DNS or web traffic to fake FIFA World Cup 2026 typosquat domain Bespoke delivery · alerting DSΣPDDCS

Articles citing this technique (2)

high When “Hi, This Is IT” Comes Through Microsoft Teams art-98

med Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise art-220