LookBack is a modular remote access trojan (RAT) observed in July 2019 targeting US utilities sector with phishing attacks and impersonating a US-based engineering licensing board. The emails contain a malicious Microsoft Word attachment using macros to install and run the malware. This malware consists of a RAT module and a proxy mechanism used for C&C communications. More specifically, the Microsoft Word document attachment invoked the failed examination pretense with the filename of “Result Notice.doc.”
Reporting and Technical Details
Proofpoint provides extensive technical details and indicators of compromise (IOCs) of the LookBack trojan in their threat analysis.