{
	"id": "f4c1e9c8-5868-4086-b2dc-349a7f4fd02e",
	"created_at": "2026-04-06T00:16:22.656504Z",
	"updated_at": "2026-04-10T03:33:30.090228Z",
	"deleted_at": null,
	"sha1_hash": "c8380faf74f4653ba260d133ee925938dcc41df0",
	"title": "Owowa (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 33749,
	"plain_text": "Owowa (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 20:14:30 UTC\r\nwin.owowa (Back to overview)\r\nOwowa\r\nKaspersky describes this as a OWA add-on that has credential stealing capabilities.\r\nReferences\r\n2025-04-10 ⋅ Kaspersky Labs ⋅ Oleg Kupreev\r\nGOFFEE continues to attack organizations in Russia\r\nOwowa GOFFEE\r\n2021-12-14 ⋅ Kaspersky Labs ⋅ Paul Rascagnères, Pierre Delcher\r\nOwowa: the add-on that turns your OWA into a credential stealer and remote access panel\r\nOwowa\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.owowa\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.owowa\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.owowa"
	],
	"report_names": [
		"win.owowa"
	],
	"threat_actors": [
		{
			"id": "120b98af-cc15-468d-ae91-52d5af9216e4",
			"created_at": "2025-05-29T02:00:03.189197Z",
			"updated_at": "2026-04-10T02:00:03.84415Z",
			"deleted_at": null,
			"main_name": "GOFFEE",
			"aliases": [],
			"source_name": "MISPGALAXY:GOFFEE",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434582,
	"ts_updated_at": 1775792010,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c8380faf74f4653ba260d133ee925938dcc41df0.pdf",
		"text": "https://archive.orkl.eu/c8380faf74f4653ba260d133ee925938dcc41df0.txt",
		"img": "https://archive.orkl.eu/c8380faf74f4653ba260d133ee925938dcc41df0.jpg"
	}
}