ET MALWARE Possible OwlProxy activity M1

SID: 2048235Rev: 249 views
History
Sourceet/open
CreatedSeptember 25, 2023
UpdatedAugust 27, 2025
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible OwlProxy activity M1"; flow:established,to_server; http.uri; content:"/s?pa="; isdataat:4,relative; fast_pattern; reference:url,unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia; reference:url,www.telsy.com/microsoft-exchange-servers-backdoored-with-owlproxy-fuscom-dll; classtype:trojan-activity; sid:2048235; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2023_09_25, deployment Perimeter, deployment Internal, deployment SSLDecrypt, malware_family OwlProxy, performance_impact Low, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_08_27, reviewed_at 2023_09_25; target:dest_ip;)

References

urlunit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia
urlwww.telsy.com/microsoft-exchange-servers-backdoored-with-owlproxy-fuscom-dll

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_and_Server
created at2023_09_25
deploymentSSLDecrypt
malware familyOwlProxy
performance impactLow
confidenceLow
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2025_08_27
reviewed at2023_09_25

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!