Search

Description Name: CVE-2018-8581 MS Exchange Server NTLM Authentication Bypass HTTP - (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this type of networ...

CVE-2012-0141,CVE-2012-0142,CVE-2012-0143,CVE-2012-0184,CVE-2012-0185,CVE-2012-1847 Several vulnerabilities in some versions of MS Excel are resolved in this particular bulletin. To exploit this

%Windows%\ms spool32.exe (Note: %Windows% is the Windows folder, which is usually C:\Windows.) Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every

drops the following files: __tmp_rar_sfx_access_check_40828 OGA_171110\FILE_ID.DIZ OGA_171110\MS Excel 2007.bmp OGA_171110\MS Word 2007.bmp OGA_171110\OGA_v1.7.111.0_crack.exe OGA_171110

Description Name: CVE-2022-41040 - MS Exchange Server Side Request Forgery Exploit- HTTP(REQUEST) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this ...

Description Name: CVE-2022-41080 - MS Exchange Server Outlook Web Access Exploit - HTTP(Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this t...

Description Name: CVE-2018-8278 MS Edge Spoofing Exploit - HTTP (Response) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this typ...

Description Name: Possible CVE-2019-1040 MS NTLM Tampering Exploit - SMB (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting ...

Description Name: CVE-2017-11774 MS Outlook Security Bypass Remote Code Execution - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The ...

Description Name: CVE-2022-41082 - MS EXCHANGE POWERSHELL RCE EXPLOIT - HTTP(REQUEST) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiti...

Description Name: CVE-2022-37958 - MS WINDOWS NEGOEX REQUEST - SMB2 (Exploit) . This is Trend Micro detection for SMB2 network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this ...

Description Name: CVE-2023-36745 - MS Exchange Powershell RCE EXPLOIT - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibit...

Description Name: CVE-2023-28288 - MS Sharepoint Information Disclosure Exploit - HTTP(Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The hos...

Description Name: CVE-2024-38077 - MS RDL RCE EXPLOIT - DCERPC (Request) . This is Trend Micro detection for DCERPC network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this typ...

file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan adds the following processes: %Application Data%\MS WM Player

adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MS Service Manager = "%User Temp%

Description Name: CVE-2021-26858 - Possible MS Exchange SSRF Exploit - HTTP (Response) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Exploit activities which can be a potential intrusion. Below are ...

its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MS Windows Update = "ydvtdw.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows

execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run MS Scandisk = "%Windows%\scandisk.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run MS

attacks and leading to remote access tools (RATs). Additional details of the mentioned vulnerability can be found here: MS Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code