Trusted Design

CVE-2015-0097 Exploited in the Wild

概要

In March 2015, Microsoft patched a remote code execution (RCE) vulnerability (CVE-2015-0097) in Microsoft Office. In July 2015, Eduardo Prado released a Proof of Concept (PoC) exploit for this vulnerability here. It did not take long for attackers to repackage this PoC and use it in attacks in the wild. We observed a few variants of attacks exploiting CVE-2015-0097 that are using the same PoC to create a .doc exploit. This vulnerability could also be exploited using other Office file formats.

Created: 2026-02-23

Indicators

類似Pulses

Ongoing analysis of unknown exploit targeting Office 2007-2013 (score: 0.76)
FIREEYE: Office Encapsulated PostScript & Priv Escalation 0days (score: 0.74)
Microsoft Office OLE2Link vulnerability samples - a quick triage (score: 0.73)
Microsoft Office Zero-Day CVE-2015-2424 Leveraged By Tsar Team (score: 0.72)
MS Office exploit analysis – CVE-2015-1641 (score: 0.72)

このPulseに関連する脅威アクター (事実ベース)

Cobalt Group

Score: 14.83

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1218.008 - Odbcconf
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

FIN7

Score: 13.34

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1674 - Input Injection
T1210 - Exploitation of Remote Services
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

MuddyWater

Score: 16.81

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1137.001 - Office Template Macros
T1210 - Exploitation of Remote Services
T1203 - Exploitation for Client Execution
T1027.004 - Compile After Delivery

MITREへのリンク →

Sidewinder

Score: 5.90

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT28

Score: 20.88

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1210 - Exploitation of Remote Services
T1203 - Exploitation for Client Execution
T1498 - Network Denial of Service
T1221 - Template Injection
T1137.002 - Office Test

MITREへのリンク →

APT37

Score: 10.03

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1036.001 - Invalid Code Signature
T1203 - Exploitation for Client Execution

MITREへのリンク →

Gallmaker

Score: 4.41

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Leviathan

Score: 13.45

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol
T1027.015 - Compression

MITREへのリンク →

BITTER

Score: 5.90

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

TA505

Score: 10.08

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1553.005 - Mark-of-the-Web Bypass

MITREへのリンク →

Patchwork

Score: 9.38

Matched TTPs:

T1559.002 - Dynamic Data Exchange
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT12

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Kimsuky

Score: 12.02

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1218.010 - Regsvr32
T1021.001 - Remote Desktop Protocol
T1588.005 - Exploits

MITREへのリンク →

Elderwood

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Transparent Tribe

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Dragonfly

Score: 12.53

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1210 - Exploitation of Remote Services
T1203 - Exploitation for Client Execution
T1221 - Template Injection
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

WIRTE

Score: 4.41

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32

MITREへのリンク →

Tropic Trooper

Score: 6.31

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Dark Caracal

Score: 4.23

Matched TTPs:

T1204.002 - Malicious File
T1218.001 - Compiled HTML File

MITREへのリンク →

DarkHydrus

Score: 4.81

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1221 - Template Injection

MITREへのリンク →

menuPass

Score: 6.06

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1210 - Exploitation of Remote Services
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

TA551

Score: 4.41

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32

MITREへのリンク →

FIN8

Score: 5.14

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Threat Group-3390

Score: 10.88

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1210 - Exploitation of Remote Services
T1203 - Exploitation for Client Execution
T1027.015 - Compression

MITREへのリンク →

APT39

Score: 3.31

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Higaisa

Score: 6.31

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1027.015 - Compression

MITREへのリンク →

Wizard Spider

Score: 7.89

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1210 - Exploitation of Remote Services
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

OilRig

Score: 10.07

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1218.001 - Compiled HTML File
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Sandworm Team

Score: 7.00

Matched TTPs:

T1204.002 - Malicious File
T1588.006 - Vulnerabilities
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Magic Hound

Score: 4.27

Matched TTPs:

T1204.002 - Malicious File
T1112 - Modify Registry
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Inception

Score: 9.05

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

EXOTIC LILY

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Saint Bear

Score: 4.99

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1203 - Exploitation for Client Execution

MITREへのリンク →

Lazarus Group

Score: 8.94

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

FIN6

Score: 3.31

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

TA459

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Gorgon Group

Score: 3.49

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry

MITREへのリンク →

APT19

Score: 6.24

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1218.010 - Regsvr32

MITREへのリンク →

TA2541

Score: 4.81

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1027.015 - Compression

MITREへのリンク →

Earth Lusca

Score: 5.36

Matched TTPs:

T1204.002 - Malicious File
T1112 - Modify Registry
T1210 - Exploitation of Remote Services

MITREへのリンク →

Mofang

Score: 4.81

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1027.015 - Compression

MITREへのリンク →

Tonto Team

Score: 5.90

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1210 - Exploitation of Remote Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

Andariel

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

BRONZE BUTLER

Score: 7.00

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT38

Score: 10.78

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1553.005 - Mark-of-the-Web Bypass
T1218.001 - Compiled HTML File

MITREへのリンク →

Naikon

Score: 6.20

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1137.006 - Add-ins

MITREへのリンク →

Mustang Panda

Score: 11.83

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1176.002 - IDE Extensions
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Molerats

Score: 4.81

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1027.015 - Compression

MITREへのリンク →

admin@338

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Gamaredon Group

Score: 13.42

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1027.004 - Compile After Delivery
T1221 - Template Injection
T1027.015 - Compression

MITREへのリンク →

Darkhotel

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 11.58

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1550.003 - Pass the Ticket
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

The White Company

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT33

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Silence

Score: 8.58

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1218.001 - Compiled HTML File
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Indrik Spider

Score: 8.11

Matched TTPs:

T1204.002 - Malicious File
T1112 - Modify Registry
T1136 - Create Account
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT29

Score: 10.85

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1550.003 - Pass the Ticket
T1553.005 - Mark-of-the-Web Bypass
T1203 - Exploitation for Client Execution

MITREへのリンク →

Confucius

Score: 6.31

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

BlackTech

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Windshift

Score: 5.80

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1036.001 - Invalid Code Signature

MITREへのリンク →

Volt Typhoon

Score: 7.32

Matched TTPs:

T1588.006 - Vulnerabilities
T1112 - Modify Registry
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Storm-0501

Score: 6.59

Matched TTPs:

T1588.006 - Vulnerabilities
T1218.010 - Regsvr32

MITREへのリンク →

APT41

Score: 9.28

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1218.001 - Compiled HTML File
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Medusa Group

Score: 3.48

Matched TTPs:

T1112 - Modify Registry
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

BlackByte

Score: 3.48

Matched TTPs:

T1112 - Modify Registry
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Aquatic Panda

Score: 3.48

Matched TTPs:

T1112 - Modify Registry
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Blue Mockingbird

Score: 6.22

Matched TTPs:

T1112 - Modify Registry
T1218.010 - Regsvr32
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Ember Bear

Score: 10.20

Matched TTPs:

T1112 - Modify Registry
T1210 - Exploitation of Remote Services
T1203 - Exploitation for Client Execution
T1588.005 - Exploits

MITREへのリンク →

Fox Kitten

Score: 4.39

Matched TTPs:

T1210 - Exploitation of Remote Services
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Axiom

Score: 3.14

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT3

Score: 3.14

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Sea Turtle

Score: 5.12

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.004 - Compile After Delivery

MITREへのリンク →

Rocke

Score: 3.62

Matched TTPs:

T1027.004 - Compile After Delivery

MITREへのリンク →

Scattered Spider

Score: 5.49

Matched TTPs:

T1136 - Create Account
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Salt Typhoon

Score: 3.84

Matched TTPs:

T1136 - Create Account

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.80

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1210 - Exploitation of Remote Services
T1498 - Network Denial of Service
T1204.002 - Malicious File
T1559.002 - Dynamic Data Exchange
T1221 - Template Injection
T1137.002 - Office Test
T1203 - Exploitation for Client Execution

MITREへのリンク →

MuddyWater

Score: 0.64

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1210 - Exploitation of Remote Services
T1204.002 - Malicious File
T1559.002 - Dynamic Data Exchange
T1027.004 - Compile After Delivery
T1137.001 - Office Template Macros
T1203 - Exploitation for Client Execution

MITREへのリンク →

Cobalt Group

Score: 0.58

Matched TTPs:

T1218.008 - Odbcconf
T1566.001 - Spearphishing Attachment
T1204.002 - Malicious File
T1559.002 - Dynamic Data Exchange
T1021.001 - Remote Desktop Protocol
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る