Trusted Design

CVE-2015-0097 Exploited in the Wild

概要

In March 2015, Microsoft patched a remote code execution (RCE) vulnerability (CVE-2015-0097) in Microsoft Office. In July 2015, Eduardo Prado released a Proof of Concept (PoC) exploit for this vulnerability here. It did not take long for attackers to repackage this PoC and use it in attacks in the wild. We observed a few variants of attacks exploiting CVE-2015-0097 that are using the same PoC to create a .doc exploit. This vulnerability could also be exploited using other Office file formats.

Created: 2026-02-23

Indicators

類似Pulses

Ongoing analysis of unknown exploit targeting Office 2007-2013 (score: 0.76)
FIREEYE: Office Encapsulated PostScript & Priv Escalation 0days (score: 0.74)
Microsoft Office OLE2Link vulnerability samples - a quick triage (score: 0.73)
Microsoft Office Zero-Day CVE-2015-2424 Leveraged By Tsar Team (score: 0.72)
MS Office exploit analysis – CVE-2015-1641 (score: 0.72)

このPulseに関連する脅威アクター (事実ベース)

Cobalt Group

Score: 14.83

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1598.004 - Spearphishing Voice
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

FIN7

Score: 13.34

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1011.001 - Exfiltration Over Bluetooth
T1059.001 - PowerShell
T1622 - Debugger Evasion

MITREへのリンク →

MuddyWater

Score: 16.81

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1558.001 - Golden Ticket
T1059.001 - PowerShell
T1218.010 - Regsvr32
T1059.013 - Container CLI/API

MITREへのリンク →

Sidewinder

Score: 5.90

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

APT28

Score: 20.88

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.001 - PowerShell
T1218.010 - Regsvr32
T1146 - Clear Command History
T1200 - Hardware Additions
T1588.003 - Code Signing Certificates

MITREへのリンク →

APT37

Score: 10.03

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1078 - Valid Accounts
T1218.010 - Regsvr32

MITREへのリンク →

Gallmaker

Score: 4.41

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link

MITREへのリンク →

Leviathan

Score: 13.45

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1622 - Debugger Evasion
T1546.017 - Udev Rules

MITREへのリンク →

BITTER

Score: 5.90

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

TA505

Score: 10.08

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1138 - Application Shimming

MITREへのリンク →

Patchwork

Score: 9.38

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

APT12

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Kimsuky

Score: 12.02

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1027.014 - Polymorphic Code
T1622 - Debugger Evasion
T1003.003 - NTDS

MITREへのリンク →

Elderwood

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Transparent Tribe

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Dragonfly

Score: 12.53

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1059.001 - PowerShell
T1218.010 - Regsvr32
T1200 - Hardware Additions
T1622 - Debugger Evasion

MITREへのリンク →

WIRTE

Score: 4.41

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1027.014 - Polymorphic Code

MITREへのリンク →

Tropic Trooper

Score: 6.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1200 - Hardware Additions

MITREへのリンク →

Dark Caracal

Score: 4.23

Matched TTPs:

T1087.002 - Domain Account
T1048 - Exfiltration Over Alternative Protocol

MITREへのリンク →

DarkHydrus

Score: 4.81

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1200 - Hardware Additions

MITREへのリンク →

menuPass

Score: 6.06

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.001 - PowerShell
T1622 - Debugger Evasion

MITREへのリンク →

TA551

Score: 4.41

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1027.014 - Polymorphic Code

MITREへのリンク →

FIN8

Score: 5.14

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1622 - Debugger Evasion

MITREへのリンク →

Threat Group-3390

Score: 10.88

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1059.001 - PowerShell
T1218.010 - Regsvr32
T1546.017 - Udev Rules

MITREへのリンク →

APT39

Score: 3.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1622 - Debugger Evasion

MITREへのリンク →

Higaisa

Score: 6.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1546.017 - Udev Rules

MITREへのリンク →

Wizard Spider

Score: 7.89

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1059.001 - PowerShell
T1622 - Debugger Evasion

MITREへのリンク →

OilRig

Score: 10.07

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1048 - Exfiltration Over Alternative Protocol
T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

Sandworm Team

Score: 7.00

Matched TTPs:

T1087.002 - Domain Account
T1686.003 - Windows Host Firewall
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Magic Hound

Score: 4.27

Matched TTPs:

T1087.002 - Domain Account
T1059.009 - Cloud API
T1622 - Debugger Evasion

MITREへのリンク →

Inception

Score: 9.05

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1200 - Hardware Additions

MITREへのリンク →

EXOTIC LILY

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Saint Bear

Score: 4.99

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1218.010 - Regsvr32

MITREへのリンク →

Lazarus Group

Score: 8.94

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1622 - Debugger Evasion

MITREへのリンク →

FIN6

Score: 3.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1622 - Debugger Evasion

MITREへのリンク →

TA459

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Gorgon Group

Score: 3.49

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API

MITREへのリンク →

APT19

Score: 6.24

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1027.014 - Polymorphic Code

MITREへのリンク →

TA2541

Score: 4.81

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1546.017 - Udev Rules

MITREへのリンク →

Earth Lusca

Score: 5.36

Matched TTPs:

T1087.002 - Domain Account
T1059.009 - Cloud API
T1059.001 - PowerShell

MITREへのリンク →

Mofang

Score: 4.81

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1546.017 - Udev Rules

MITREへのリンク →

Tonto Team

Score: 5.90

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.001 - PowerShell
T1218.010 - Regsvr32

MITREへのリンク →

Andariel

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

BRONZE BUTLER

Score: 7.00

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1592.004 - Client Configurations
T1218.010 - Regsvr32

MITREへのリンク →

APT38

Score: 10.78

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1138 - Application Shimming
T1048 - Exfiltration Over Alternative Protocol

MITREへのリンク →

Naikon

Score: 6.20

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1552.002 - Credentials in Registry

MITREへのリンク →

Mustang Panda

Score: 11.83

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1136.001 - Local Account
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage

MITREへのリンク →

Molerats

Score: 4.81

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1546.017 - Udev Rules

MITREへのリンク →

admin@338

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Gamaredon Group

Score: 13.42

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1059.013 - Container CLI/API
T1200 - Hardware Additions
T1546.017 - Udev Rules

MITREへのリンク →

Darkhotel

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 11.58

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1592.004 - Client Configurations
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

The White Company

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

APT33

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Silence

Score: 8.58

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1048 - Exfiltration Over Alternative Protocol
T1622 - Debugger Evasion

MITREへのリンク →

Indrik Spider

Score: 8.11

Matched TTPs:

T1087.002 - Domain Account
T1059.009 - Cloud API
T1498 - Network Denial of Service
T1622 - Debugger Evasion

MITREへのリンク →

APT29

Score: 10.85

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1592.004 - Client Configurations
T1138 - Application Shimming
T1218.010 - Regsvr32

MITREへのリンク →

Confucius

Score: 6.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1200 - Hardware Additions

MITREへのリンク →

BlackTech

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Windshift

Score: 5.80

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1078 - Valid Accounts

MITREへのリンク →

Volt Typhoon

Score: 7.32

Matched TTPs:

T1686.003 - Windows Host Firewall
T1059.009 - Cloud API
T1622 - Debugger Evasion

MITREへのリンク →

Storm-0501

Score: 6.59

Matched TTPs:

T1686.003 - Windows Host Firewall
T1027.014 - Polymorphic Code

MITREへのリンク →

APT41

Score: 9.28

Matched TTPs:

T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1048 - Exfiltration Over Alternative Protocol
T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

Medusa Group

Score: 3.48

Matched TTPs:

T1059.009 - Cloud API
T1622 - Debugger Evasion

MITREへのリンク →

BlackByte

Score: 3.48

Matched TTPs:

T1059.009 - Cloud API
T1622 - Debugger Evasion

MITREへのリンク →

Aquatic Panda

Score: 3.48

Matched TTPs:

T1059.009 - Cloud API
T1622 - Debugger Evasion

MITREへのリンク →

Blue Mockingbird

Score: 6.22

Matched TTPs:

T1059.009 - Cloud API
T1027.014 - Polymorphic Code
T1622 - Debugger Evasion

MITREへのリンク →

Ember Bear

Score: 10.20

Matched TTPs:

T1059.009 - Cloud API
T1059.001 - PowerShell
T1218.010 - Regsvr32
T1003.003 - NTDS

MITREへのリンク →

Fox Kitten

Score: 4.39

Matched TTPs:

T1059.001 - PowerShell
T1622 - Debugger Evasion

MITREへのリンク →

Axiom

Score: 3.14

Matched TTPs:

T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

APT3

Score: 3.14

Matched TTPs:

T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

Sea Turtle

Score: 5.12

Matched TTPs:

T1218.010 - Regsvr32
T1059.013 - Container CLI/API

MITREへのリンク →

Rocke

Score: 3.62

Matched TTPs:

T1059.013 - Container CLI/API

MITREへのリンク →

Scattered Spider

Score: 5.49

Matched TTPs:

T1498 - Network Denial of Service
T1622 - Debugger Evasion

MITREへのリンク →

Salt Typhoon

Score: 3.84

Matched TTPs:

T1498 - Network Denial of Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.80

Matched TTPs:

T1087.002 - Domain Account
T1059.001 - PowerShell
T1588.003 - Code Signing Certificates
T1218.010 - Regsvr32
T1146 - Clear Command History
T1200 - Hardware Additions
T1598.003 - Spearphishing Link
T1206 - Sudo Caching

MITREへのリンク →

MuddyWater

Score: 0.64

Matched TTPs:

T1087.002 - Domain Account
T1059.001 - PowerShell
T1218.010 - Regsvr32
T1558.001 - Golden Ticket
T1059.013 - Container CLI/API
T1598.003 - Spearphishing Link
T1206 - Sudo Caching

MITREへのリンク →

Cobalt Group

Score: 0.58

Matched TTPs:

T1087.002 - Domain Account
T1622 - Debugger Evasion
T1218.010 - Regsvr32
T1027.014 - Polymorphic Code
T1598.004 - Spearphishing Voice
T1598.003 - Spearphishing Link
T1206 - Sudo Caching

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る