OwaAuth

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[OwaAuth](https://attack.mitre.org/software/S0072) is a Web shell and credential stealer deployed to Microsoft Exchange servers that appears to be exclusively used by [Threat Group-3390](https://attack.mitre.org/groups/G0027). (Citation: Dell TG-3390)

Associated Techniques (8)

ID	ATT&CK	Tactics
T1036.005	Match Legitimate Resource Name or Location	-
T1056.001	Keylogging	-
T1070.006	Timestomp	-
T1071.001	Web Protocols	-
T1083	File and Directory Discovery	-
T1505.003	Web Shell	-
T1505.004	IIS Components	-
T1560.003	Archive via Custom Method	-

Metadata

ID:	472
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00