Trusted Design

Ongoing analysis of unknown exploit targeting Office 2007-2013

概要

A few days before the publishing of this blog post I came across an unknown RTF exploit sample which I could not identify as being an exploit targeting a known vulnerability like CVE-2012-0158 or CVE-2014-1761. It turns out that this exploit sample has a far greater impact than most other ‘traditional’ memory corruption exploits targeting MS Office. Successful exploitation seems to be possible on all currently supported versions of MS Office up and including the MS15-022 patch.

Created: 2026-02-23

Indicators

類似Pulses

CVE-2015-0097 Exploited in the Wild (score: 0.76)
Microsoft Office Zero-Day CVE-2015-2424 Leveraged By Tsar Team (score: 0.70)
Microsoft Office OLE2Link vulnerability samples - a quick triage (score: 0.69)
MS Office exploit analysis – CVE-2015-1641 (score: 0.66)
Killing a Zero-Day in the Egg: Adobe CVE-2016-1019 (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 3.84

Matched TTPs:

T1686.003 - Windows Host Firewall

MITREへのリンク →

Volt Typhoon

Score: 3.84

Matched TTPs:

T1686.003 - Windows Host Firewall

MITREへのリンク →

Storm-0501

Score: 6.77

Matched TTPs:

T1686.003 - Windows Host Firewall
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

MuddyWater

Score: 7.28

Matched TTPs:

T1558.001 - Golden Ticket
T1059.001 - PowerShell

MITREへのリンク →

Darkhotel

Score: 4.13

Matched TTPs:

T1564.002 - Hidden Users

MITREへのリンク →

FIN7

Score: 6.88

Matched TTPs:

T1564.002 - Hidden Users
T1059.001 - PowerShell

MITREへのリンク →

Ember Bear

Score: 6.88

Matched TTPs:

T1059.001 - PowerShell
T1003.003 - NTDS

MITREへのリンク →

APT28

Score: 7.28

Matched TTPs:

T1059.001 - PowerShell
T1588.003 - Code Signing Certificates

MITREへのリンク →

Mustang Panda

Score: 11.60

Matched TTPs:

T1169 - Sudo
T1565.002 - Transmitted Data Manipulation
T1055.005 - Thread Local Storage

MITREへのリンク →

FIN13

Score: 4.54

Matched TTPs:

T1053.006 - Systemd Timers

MITREへのリンク →

OilRig

Score: 5.27

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver

MITREへのリンク →

Contagious Interview

Score: 5.45

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

Storm-1811

Score: 5.45

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

Kimsuky

Score: 7.06

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1003.003 - NTDS

MITREへのリンク →

Lazarus Group

Score: 6.66

Matched TTPs:

T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.77

Matched TTPs:

T1055.005 - Thread Local Storage
T1565.002 - Transmitted Data Manipulation
T1169 - Sudo

MITREへのリンク →

APT28

Score: 0.56

Matched TTPs:

T1588.003 - Code Signing Certificates
T1059.001 - PowerShell

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る