LookBack is a modular remote access trojan (RAT) observed in July 2019 targeting US utilities sector with phishing attacks and impersonating a US-based engineering licensing board. The emails contain a malicious Microsoft Word attachment using macros to install and run the malware. This malware consists of a RAT module and a proxy mechanism used for C&C communications. More specifically, the Microsoft Word document attachment invoked the failed examination pretense with the filename of “Result Notice.doc.”

Reporting and Technical Details

  • Proofpoint provides extensive technical details and indicators of compromise (IOCs) of the LookBack trojan in their threat analysis.