Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 12:36:36 UTC
Home > List all groups > List all tools > List all groups using tool MAILSLOT
 Tool: MAILSLOT
Names MAILSLOT
Category Malware
Type Backdoor
Description
(Mandiant) In one instance, FIN13 deployed a backdoor called MAILSLOT, which
communicates over SMTP/POP over SSL, sending and receiving emails to and from a
configured attacker-controlled email account for its command and control. MAILSLOT makes
FIN13 a rare case of a threat actor who has used email communications for C2.
Information <https://www.mandiant.com/resources/fin13-cybercriminal-mexico>
Last change to this tool card: 26 December 2021
Download this tool card in JSON format
All groups using tool MAILSLOT
Changed Name Country Observed
APT groups
  FIN13 [Unknown] 2016  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=54b14ce8-f706-41fc-bd4a-fd7174a4366a
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=54b14ce8-f706-41fc-bd4a-fd7174a4366a
Page 1 of 1