ET MALWARE Odyssey Stealer Data Exfiltration Attempt

SID: 2067760Rev: 10 views

Sourceet/open

CreatedFebruary 17, 2026

UpdatedFebruary 17, 2026

Classificationtrojan-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Odyssey Stealer Data Exfiltration Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:4; content:"/log"; http.header_names; content:"|0d 0a|buildid|0d 0a|"; fast_pattern; content:"|0d 0a|username|0d 0a|"; content:"|0d 0a|repeat|0d 0a|"; reference:url,censys.com/blog/odyssey-stealer-macos-crypto-stealing-operation; classtype:trojan-activity; sid:2067760; rev:1; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_02_17, deployment Perimeter, malware_family Stealer, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2026_02_17, mitre_tactic_id TA0009, mitre_tactic_name Collection, mitre_technique_id T1005, mitre_technique_name Data_from_local_system; target:src_ip;)

References

url	censys.com/blog/odyssey-stealer-macos-crypto-stealing-operation

Metadata

affected productMac_OSX

attack targetClient_Endpoint

tls stateTLSDecrypt

created at2026_02_17

deploymentPerimeter

malware familyStealer

performance impactLow

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2026_02_17

mitre tactic idTA0009

mitre tactic nameCollection

mitre technique idT1005

mitre technique nameData_from_local_system

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!