Trusted Design

Fidelis Threat Advisory #1017: Phishing in Plain Sight

概要

Fidelis Cybersecurity analysis has identified unrelated cyber criminal activity leveraging the vulnerability cited in CVE-2014-4114, which was initially exploited by advanced persistent threat (APT) actors in October 2014. Notably, some of this recent activity demonstrated actors implementing a technique that bypassed antivirus detection by saving a PowerPoint document in which malware executed once the document was opened in Slide Show presentation format. The identification of cyber crime actors, particularly Nigerian 419 scam operators, attempting to exploit CVE-2014-4114 demonstrates how quickly cyber criminals are trying to exploit a vulnerability previously associated with espionage actors, using similar tactics, techniques, and procedures (TTP) to maximize their chances of success, with additional innovation as seen with these samples.

Created: 2026-02-23

Indicators

• FileHash-MD5 - f2f45d410533ee38750fc24035a89b32 -
• FileHash-SHA1 - 1d51a21a130f5c1bd56dea59e3be7662414f9bbc -
• FileHash-MD5 - f90ad27e8d2345b84361189dbc9c9f3d -
• FileHash-SHA1 - 4a8fe7cd0ba3582d9bdf29e2e4ddcd1ff7cca03b -
• FileHash-MD5 - fd5a753347416484ab01712786c407c4 -
• hostname - trusplus.ddns.net -
• FileHash-MD5 - 94576ca20488d444802b874c324867ac -
• hostname - trusplusinc.gotdns.ch -
• domain - streamdating.ru -
• FileHash-SHA256 - 57c180a828aab91860de196f1d7a8c0a387b179aae829dd50a8d7c1c0d167e3f -
• hostname - davd6651234.serveftp.com -
• FileHash-SHA1 - 9cf9c4c0a5552820850be34a752a43134351c2e6 -
• CVE - CVE-2014-4114 -
• FileHash-SHA1 - 5bac1da1f52f25d636c88442f9d57fbd744e03e0 -
• FileHash-MD5 - 5300a967825b13d8873f0f01d1e21849 -
• FileHash-SHA1 - 3ffc167e9b0c20e22b09e3f806fc00b563b54eef -
• FileHash-MD5 - c1cee41ef83a62d0b78a9f0cd6891072 -
• FileHash-SHA1 - 3d0a657b13b31a05f8ef7a02fe7bbe12d1574f18 -
• FileHash-SHA1 - b8b628f4919a81e15ad23e11c9a9cc74c4f5eb0b -
• FileHash-MD5 - 1e479d02dde72b7bb9dd1335c587986b -
• FileHash-SHA1 - a61abc1de7c0988d79be623fbb8a932f598b24e6 -
• CVE - CVE-2014-6352 -
• FileHash-SHA1 - 36847ac57b1a24c02c421ad045e5c7531f5f937d -
• FileHash-SHA1 - 0e6e292c2715597387d9aa0286270d0f6536740b -
• domain - globeways.website -
• FileHash-SHA1 - 8251e5f23a512210b3d546133a9836e2478e3633 -
• FileHash-MD5 - cd102ef39bab23b1c17fa3ec7f6c39ee -
• hostname - trusplus.redirectme.net -
• FileHash-SHA1 - 8822869ef49f563a9c1c42454872cfed0be3aa2d -
• FileHash-MD5 - a2601a0ef3bb2e817c8f3bcd3083edd0 -
• FileHash-MD5 - 2303c3ad273d518cbf11824ec5d2a88e -
• FileHash-SHA1 - 9a382a362d0485822809d837e891f91e4a37c80c -
• FileHash-SHA1 - fae726d1056118a819498592dbf2a0d62b53d105 -
• FileHash-MD5 - ad9c15b11075bc9c99c547fbffc43b3f -

類似Pulses

• Stealthy Cyberespionage Campaign Attacks With Social Engineering (score: 0.69)
• FBI Cyberwatch A-000067-DM (score: 0.66)
• New Attacks Linked to C0d0s0 Group (score: 0.65)
• TA17-117A Intrusions Affecting Multiple Victims Across Multiple Sectors (score: 0.65)
• Banking Trojan Attempts To Steal Brazillion$ (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る