Owowa

Description

(Kaspersky) While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020. Analyzing the code, we determined that the previously unknown binary is an IIS module, aimed at stealing credentials and enabling remote command execution from OWA. We named the malicious module ‘Owowa’, and identified several compromised servers located in Asia.

Names

Name
Owowa

Type

Credential stealer

Information

https://securelist.com/owowa-credential-stealer-and-remote-access/105219/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.owowa

Other Information

Uuid

02cb4fac-80e9-42d0-9722-552fb9a706b2

Last Card Change

2022-12-27

Threat Intelligence Garden

Explorer

Owowa

Owowa

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks