Trusted Design

Malicious Office files dropping Kasidet and Dridex

概要

[Zscaler] has covered Dridex Banking Trojan being delivered via various campaigns involving Office documents with malicious VBA macros in the past. However, over the past two weeks we are seeing these malicious VBA macros leveraged to drop Kasidet backdoor in addition to Dridex on the infected systems. These malicious Office documents are being spread as an attachment using spear phishing emails as described here. The malicious macro inside the Office document is obfuscated as shown in the code snapshot below -

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 17.77
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
MITREへのリンク →

Moonstone Sleet

Score: 12.97
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1197 - BITS Jobs
MITREへのリンク →

Scattered Spider

Score: 10.03
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1566.002 - Spearphishing Link
  • T1197 - BITS Jobs
MITREへのリンク →

FIN4

Score: 7.24
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Malteiro

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 13.86
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1197 - BITS Jobs
MITREへのリンク →

Machete

Score: 3.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Elderwood

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Dragonfly

Score: 12.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

WIRTE

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

CURIUM

Score: 4.12
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Tropic Trooper

Score: 7.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

RedCurl

Score: 3.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

DarkHydrus

Score: 4.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1200 - Hardware Additions
MITREへのリンク →

menuPass

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

FIN8

Score: 3.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Threat Group-3390

Score: 7.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 6.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
MITREへのリンク →

LazyScripter

Score: 3.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

TA505

Score: 4.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT39

Score: 4.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Star Blizzard

Score: 7.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
MITREへのリンク →

Higaisa

Score: 7.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Wizard Spider

Score: 3.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

OilRig

Score: 6.17
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 8.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 4.69
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Cobalt Group

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Storm-1811

Score: 3.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Inception

Score: 6.31
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

EXOTIC LILY

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Patchwork

Score: 7.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN7

Score: 9.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1011.001 - Exfiltration Over Bluetooth
MITREへのリンク →

APT28

Score: 18.31
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1200 - Hardware Additions
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Gorgon Group

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT19

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

TA2541

Score: 6.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 3.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

SideCopy

Score: 5.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
MITREへのリンク →

Mofang

Score: 6.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Leviathan

Score: 9.32
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Tonto Team

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Andariel

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 8.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
MITREへのリンク →

APT38

Score: 6.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1216 - System Script Proxy Execution
MITREへのリンク →

MuddyWater

Score: 6.17
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

Mustang Panda

Score: 12.76
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Molerats

Score: 7.83
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 9.53
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1200 - Hardware Additions
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 4.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 10.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

APT33

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 10.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
MITREへのリンク →

APT29

Score: 8.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 7.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

BlackTech

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 3.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

ZIRCONIUM

Score: 8.91
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1197 - BITS Jobs
MITREへのリンク →

Turla

Score: 3.01
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

INC Ransom

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Sea Turtle

Score: 4.78
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 4.78
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Medusa Group

Score: 8.16
Matched TTPs:
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82
Matched TTPs:
  • T1200 - Hardware Additions
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
  • T1197 - BITS Jobs
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Lazarus Group

Score: 0.76
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
  • T1543.003 - Windows Service
  • T1055.005 - Thread Local Storage
  • T1216 - System Script Proxy Execution
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Kimsuky

Score: 0.62
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1543.003 - Windows Service
  • T1197 - BITS Jobs
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Moonstone Sleet

Score: 0.60
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1197 - BITS Jobs
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Mustang Panda

Score: 0.56
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
  • T1543.003 - Windows Service
  • T1055.005 - Thread Local Storage
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Dragonfly

Score: 0.56
Matched TTPs:
  • T1657 - Financial Theft
  • T1200 - Hardware Additions
  • T1218.010 - Regsvr32
  • T1566.002 - Spearphishing Link
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る