https://community.isc2.org/t5/Industry-News/CISA-Releases-Malware-Analysis-Report-Associated-with-Microsoft/m-p/82904#M7601 <P>Dear All,</P><P>&nbsp;</P><P>CISA published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities:<BR /><BR /></P><P>CVE-2025-49704 [CWE-94: Code Injection],<BR />CVE-2025-49706 [CWE-287: Improper Authentication],<BR />CVE-2025-53770 [CWE-502: Deserialization of Untrusted Data], and<BR />CVE-2025-53771 [CWE-287: Improper Authentication]<BR /><BR />Cyber threat actors have chained CVE-2025-49704 and CVE-2025-49706 (in an exploit chain publicly known as “ToolShell”) to gain unauthorized access to on-premises SharePoint servers. CISA analyzed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.<BR /><BR /></P><P>CISA added CVE-2025-49704 and CVE-2025-49706 to its Known Exploited Vulnerabilities Catalog on July 22, 2025, and CVE-2025-53770 on July 20, 2025.</P><P>CISA encourages organizations to use the indicators of compromise (IOCs) and detection signatures in this MAR to identify malware.<BR /><BR /></P><P>Downloadable copy of IOCs associated with this malware:<BR /><BR /><A href="https://www.cisa.gov/news-events/alerts/2025/08/06/cisa-releases-malware-analysis-report-associated-microsoft-sharepoint-vulnerabilities" target="_blank">https://www.cisa.gov/news-events/alerts/2025/08/06/cisa-releases-malware-analysis-report-associated-microsoft-sharepoint-vulnerabilities</A></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 07 Aug 2025 01:19:33 GMT Kyaw_Myo_Oo 2025-08-07T01:19:33Z https://community.isc2.org/t5/Industry-News/CISA-Releases-Malware-Analysis-Report-Associated-with-Microsoft/m-p/82904#M7601 <P>Dear All,</P><P>&nbsp;</P><P>CISA published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities:<BR /><BR /></P><P>CVE-2025-49704 [CWE-94: Code Injection],<BR />CVE-2025-49706 [CWE-287: Improper Authentication],<BR />CVE-2025-53770 [CWE-502: Deserialization of Untrusted Data], and<BR />CVE-2025-53771 [CWE-287: Improper Authentication]<BR /><BR />Cyber threat actors have chained CVE-2025-49704 and CVE-2025-49706 (in an exploit chain publicly known as “ToolShell”) to gain unauthorized access to on-premises SharePoint servers. CISA analyzed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.<BR /><BR /></P><P>CISA added CVE-2025-49704 and CVE-2025-49706 to its Known Exploited Vulnerabilities Catalog on July 22, 2025, and CVE-2025-53770 on July 20, 2025.</P><P>CISA encourages organizations to use the indicators of compromise (IOCs) and detection signatures in this MAR to identify malware.<BR /><BR /></P><P>Downloadable copy of IOCs associated with this malware:<BR /><BR /><A href="https://www.cisa.gov/news-events/alerts/2025/08/06/cisa-releases-malware-analysis-report-associated-microsoft-sharepoint-vulnerabilities" target="_blank">https://www.cisa.gov/news-events/alerts/2025/08/06/cisa-releases-malware-analysis-report-associated-microsoft-sharepoint-vulnerabilities</A></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 07 Aug 2025 01:19:33 GMT https://community.isc2.org/t5/Industry-News/CISA-Releases-Malware-Analysis-Report-Associated-with-Microsoft/m-p/82904#M7601 Kyaw_Myo_Oo 2025-08-07T01:19:33Z