ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Outlook Backdoor

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Outlook Backdoor

NamesOutlook Backdoor
FACADE
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
Description(ESET) The Turla Outlook backdoor has two interesting functionalities.
First, it steals emails by forwarding all outgoing emails to the attackers. It mainly targets Microsoft Outlook, a widely used mail client, but also targets The Bat!, a mail client very popular in Eastern Europe.
Second, it uses email messages as a transport layer for its Command & Control (C&C) protocol. Data, such as files requested via a command of the backdoor, is exfiltrated in specially-crafted PDF documents attached to emails, and commands are also received in PDF attachments. Thus, its behavior is particularly stealthy. It is important to note that no vulnerabilities were used either in PDF readers nor in Outlook. What actually happens is that the malware is able to decode data from the PDF documents and interpret it as commands for the backdoor.
Information<https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.outlook_backdoor>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

Previous: OSInfo
Next: OwaAuth

All groups using tool Outlook Backdoor

ChangedNameCountryObserved

APT groups

XTurla, Waterbug, Venomous BearRussia1996-Jun 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key