A sophisticated backdoor targeting Exchange servers of high-value organizations in Asia has been discovered. The malware, named GhostContainer, is a multi-functional backdoor that can be dynamically extended with additional modules. It leverages several open-source projects and employs various evasion techniques to avoid detection. The backdoor grants attackers full control over the Exchange server and can function as a proxy or tunnel. The malware is believed to be part of an APT campaign targeting government and high-tech companies in Asia. It includes components for C2 parsing, virtual page injection, and web proxy functionality. The attackers demonstrated expertise in exploiting Exchange systems and assembling sophisticated espionage tools.