Versions (3)
Version DetailsCurrent
Rev: 1 • Sep 25, 2023, 12:00 PMET MALWARE Possible OwlProxy activity M6
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible OwlProxy activity M6"; flow:established,to_server; http.uri; content:"/px/s?pp="; fast_pattern; reference:url,unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia; reference:url,www.telsy.com/microsoft-exchange-servers-backdoored-with-owlproxy-fuscom-dll; reference:url,lab52.io/blog/chimera-apt-updates-on-its-owlproxy-malware; classtype:trojan-activity; sid:2048240; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2023_09_25, deployment Perimeter, deployment Internal, deployment SSLDecrypt, malware_family OwlProxy, performance_impact Low, confidence Low, signature_severity Major, updated_at 2023_09_25, reviewed_at 2023_09_25; target:dest_ip;)
Sep 25, 2023, 12:00 PM
Sep 25, 2023, 12:00 PM
Sep 25, 2023, 10:00 PM
Sep 25, 2023, 10:00 PM
rules/emerging-malware.rules