The analysis examines NotDoor, a backdoor utilizing Outlook macros for persistence and lateral movement. It stages files in C:\ProgramData, employing DLL sideloading with OneDrive.exe. The malware creates directories, executes encoded PowerShell commands, and modifies registry entries to enable macros and disable security dialogs. Key tactics include using Outlook functions for C2 communication and email monitoring. The blog provides detection strategies, including monitoring for suspicious PowerShell commands, registry modifications, and creation of VbaProject.OTM files by non-Outlook processes. Splunk-based detection rules are offered to identify these malicious activities.