S0072Windows

S0072OwaAuth

Platforms
1
ATT&CK
14.1
References
2

Description

[OwaAuth](https://attack.mitre.org/software/S0072) is a Web shell and credential stealer deployed to Microsoft Exchange servers that appears to be exclusively used by [Threat Group-3390](https://attack.mitre.org/groups/G0027). (Citation: Dell TG-3390) Documented platforms: Windows. Attributed to ATT&CK group: Threat Group-3390. Catalogued in ATT&CK 14.1. 2 references curated.

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupThreat Group-3390g0027100%live

References

  1. https://attack.mitre.org/software/S0072
  2. https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
ASPXSpy
Software
OLDBAIT
Software
OopsIE
Software
LockerGoga
Software
OutSteel
Software
Wiarp
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.