Outlook Backdoor

Description

(ESET) The Turla Outlook backdoor has two interesting functionalities. First, it steals emails by forwarding all outgoing emails to the attackers. It mainly targets Microsoft Outlook, a widely used mail client, but also targets The Bat!, a mail client very popular in Eastern Europe. Second, it uses email messages as a transport layer for its Command & Control (C&C) protocol. Data, such as files requested via a command of the backdoor, is exfiltrated in specially-crafted PDF documents attached to emails, and commands are also received in PDF attachments. Thus, its behavior is particularly stealthy. It is important to note that no vulnerabilities were used either in PDF readers nor in Outlook. What actually happens is that the malware is able to decode data from the PDF documents and interpret it as commands for the backdoor.

Names

Name
Outlook Backdoor
FACADE

Type

Backdoor
Info stealer
Exfiltration

Information

https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.outlook_backdoor

Other Information

Uuid

4deb4745-67e2-4865-ad95-c02d48c33726

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

Outlook Backdoor

Outlook Backdoor

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks