Summary: 2025/04/29 18:01
First reported date: 2017/11/14
Inquiry period : 2025/03/30 18:01 ~ 2025/04/29 18:01 (1 months), 1 search results
전 기간대비 신규 트렌드를 보이고 있습니다.
기관 및 기업 Microsoft 도 새롭게 확인됩니다.
기타 Office MSO Build NTLMv 신규 키워드도 확인됩니다.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/03 [remote] Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
Trend graph by period
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
No data.
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Technique
This is an attack technique that is becoming an issue.
No data.
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| Microsoft |
|
1 (100%) |
Threat info
Last 5SNS
(Total : 0)No data.
News
(Total : 1)
Total keyword
| No | Title | Date |
|---|---|---|
| 1 | [remote] Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure - Exploit-DB.com | 2025.04.03 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Transforming Malware Defense for the AI Era - Malware.News | 2025.04.29 |
| 2 | People should be ‘outraged’ by efforts to shrink federal cyber teams, former CISA head says - Malware.News | 2025.04.29 |
| 3 | NXP Announces New CEO, Warns of ‘Very Uncertain Environment’ - Bloomberg Technology | 2025.04.29 |
| 4 | FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023 - Malware.News | 2025.04.29 |
| 5 | US intensifies Salt Typhoon crackdown with public info request - Malware.News | 2025.04.29 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | [remote] Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure - Exploit-DB.com | 2025.04.03 |
| 2 | Cisco, 치명적인 MSO 인증 우회 취약점 수정 - 이스트시큐리티 알약 블로그... | 2021.02.25 |
| 3 | Cisco fixes maximum severity MSO auth bypass vulnerability - Bleepingcomputer | 2021.02.25 |
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 | http://185.246.221.126/bins/bi... PWS[m] Downloader Malicious Packer UPX Malicious Library Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSO | af4268c094f2a9c6e6a85f8626b9a5c7 | 38892 | 2023.03.05 |
| 2 | http://185.246.221.126/bins/Am... PWS[m] Downloader Malicious Packer UPX Malicious Library Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSO | 17a8f85f937d8106c020a366d7c6ccb4 | 38833 | 2023.03.05 |
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic) |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An application raised an exception which may be indicative of an exploit crash |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | One or more processes crashed |
| Network | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
| Network | ET INFO Executable Download from dotted-quad Host |
| Network | ET INFO TLS Handshake Failure |
| Network | ET MALWARE Possible MalDoc Payload Download Nov 11 2014 |
| Network | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
| Network | ET POLICY PE EXE or DLL Windows file download HTTP |
| Network | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) |
No data
No data
Beta Service, If you select keyword, you can check detailed information.