Trusted Design

Ongoing analysis of unknown exploit targeting Office 2007-2013

概要

A few days before the publishing of this blog post I came across an unknown RTF exploit sample which I could not identify as being an exploit targeting a known vulnerability like CVE-2012-0158 or CVE-2014-1761. It turns out that this exploit sample has a far greater impact than most other ‘traditional’ memory corruption exploits targeting MS Office. Successful exploitation seems to be possible on all currently supported versions of MS Office up and including the MS15-022 patch.

Created: 2026-02-23

Indicators

類似Pulses

CVE-2015-0097 Exploited in the Wild (score: 0.76)
Microsoft Office Zero-Day CVE-2015-2424 Leveraged By Tsar Team (score: 0.70)
Microsoft Office OLE2Link vulnerability samples - a quick triage (score: 0.69)
MS Office exploit analysis – CVE-2015-1641 (score: 0.66)
Killing a Zero-Day in the Egg: Adobe CVE-2016-1019 (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 3.84

Matched TTPs:

T1588.006 - Vulnerabilities

MITREへのリンク →

Volt Typhoon

Score: 3.84

Matched TTPs:

T1588.006 - Vulnerabilities

MITREへのリンク →

Storm-0501

Score: 6.77

Matched TTPs:

T1588.006 - Vulnerabilities
T1219.002 - Remote Desktop Software

MITREへのリンク →

MuddyWater

Score: 7.28

Matched TTPs:

T1137.001 - Office Template Macros
T1210 - Exploitation of Remote Services

MITREへのリンク →

Darkhotel

Score: 4.13

Matched TTPs:

T1497.002 - User Activity Based Checks

MITREへのリンク →

FIN7

Score: 6.88

Matched TTPs:

T1497.002 - User Activity Based Checks
T1210 - Exploitation of Remote Services

MITREへのリンク →

Ember Bear

Score: 6.88

Matched TTPs:

T1210 - Exploitation of Remote Services
T1588.005 - Exploits

MITREへのリンク →

APT28

Score: 7.28

Matched TTPs:

T1210 - Exploitation of Remote Services
T1137.002 - Office Test

MITREへのリンク →

Mustang Panda

Score: 11.60

Matched TTPs:

T1678 - Delay Execution
T1219.002 - Remote Desktop Software
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN13

Score: 4.54

Matched TTPs:

T1565 - Data Manipulation

MITREへのリンク →

OilRig

Score: 5.27

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 5.45

Matched TTPs:

T1219.002 - Remote Desktop Software
T1566.003 - Spearphishing via Service

MITREへのリンク →

Storm-1811

Score: 5.45

Matched TTPs:

T1219.002 - Remote Desktop Software
T1566.003 - Spearphishing via Service

MITREへのリンク →

Kimsuky

Score: 7.06

Matched TTPs:

T1219.002 - Remote Desktop Software
T1588.005 - Exploits

MITREへのリンク →

Lazarus Group

Score: 6.66

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.77

Matched TTPs:

T1678 - Delay Execution
T1027.007 - Dynamic API Resolution
T1219.002 - Remote Desktop Software

MITREへのリンク →

APT28

Score: 0.56

Matched TTPs:

T1137.002 - Office Test
T1210 - Exploitation of Remote Services

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る