Trusted Design

Malicious Office files dropping Kasidet and Dridex

概要

[Zscaler] has covered Dridex Banking Trojan being delivered via various campaigns involving Office documents with malicious VBA macros in the past. However, over the past two weeks we are seeing these malicious VBA macros leveraged to drop Kasidet backdoor in addition to Dridex on the infected systems. These malicious Office documents are being spread as an attachment using spear phishing emails as described here. The malicious macro inside the Office document is obfuscated as shown in the code snapshot below -

Created: 2026-02-23

Indicators

類似Pulses

New Dridex infection vector identified (score: 0.76)
Evoltin POS Malware Attacks via Macro (score: 0.68)
Dridex, Vawtrak and others increase focus on Canada (score: 0.68)
Signed Dridex Campaign (score: 0.68)
Banking Trojan DRIDEX (score: 0.67)

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 17.77

Matched TTPs:

T1027.009 - Embedded Payloads
T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1529 - System Shutdown/Reboot

MITREへのリンク →

TA577

Score: 5.29

Matched TTPs:

T1027.009 - Embedded Payloads
T1566.002 - Spearphishing Link

MITREへのリンク →

Moonstone Sleet

Score: 12.97

Matched TTPs:

T1027.009 - Embedded Payloads
T1204.002 - Malicious File
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1598 - Phishing for Information

MITREへのリンク →

Scattered Spider

Score: 10.03

Matched TTPs:

T1564.008 - Email Hiding Rules
T1598.003 - Spearphishing Link
T1598 - Phishing for Information

MITREへのリンク →

FIN4

Score: 7.24

Matched TTPs:

T1564.008 - Email Hiding Rules
T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Malteiro

Score: 3.23

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

APT12

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Kimsuky

Score: 13.86

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1566 - Phishing
T1598 - Phishing for Information

MITREへのリンク →

Machete

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Elderwood

Score: 4.60

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Transparent Tribe

Score: 4.60

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Dragonfly

Score: 12.39

Matched TTPs:

T1204.002 - Malicious File
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1598.002 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

WIRTE

Score: 3.23

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

CURIUM

Score: 4.12

Matched TTPs:

T1204.002 - Malicious File
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Tropic Trooper

Score: 7.88

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

RedCurl

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

DarkHydrus

Score: 4.81

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1221 - Template Injection

MITREへのリンク →

menuPass

Score: 3.23

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

FIN8

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Threat Group-3390

Score: 7.88

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1027.015 - Compression

MITREへのリンク →

BITTER

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT37

Score: 6.78

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1529 - System Shutdown/Reboot

MITREへのリンク →

LazyScripter

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

TA505

Score: 4.68

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

APT39

Score: 4.68

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Star Blizzard

Score: 7.74

Matched TTPs:

T1204.002 - Malicious File
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1598.002 - Spearphishing Attachment

MITREへのリンク →

Higaisa

Score: 7.88

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1027.015 - Compression

MITREへのリンク →

Wizard Spider

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

OilRig

Score: 6.17

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sandworm Team

Score: 8.63

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution

MITREへのリンク →

Magic Hound

Score: 4.69

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link

MITREへのリンク →

Cobalt Group

Score: 4.60

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Storm-1811

Score: 3.80

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Inception

Score: 6.31

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

EXOTIC LILY

Score: 4.60

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Saint Bear

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Patchwork

Score: 7.06

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

TA459

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

FIN7

Score: 9.22

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1674 - Input Injection

MITREへのリンク →

APT28

Score: 18.31

Matched TTPs:

T1204.002 - Malicious File
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1598 - Phishing for Information
T1221 - Template Injection
T1137.002 - Office Test

MITREへのリンク →

Gorgon Group

Score: 3.23

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

APT19

Score: 3.23

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

TA2541

Score: 6.26

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1027.015 - Compression

MITREへのリンク →

Earth Lusca

Score: 3.80

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

SideCopy

Score: 5.28

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1598.002 - Spearphishing Attachment

MITREへのリンク →

Mofang

Score: 6.26

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1027.015 - Compression

MITREへのリンク →

Leviathan

Score: 9.32

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1027.015 - Compression

MITREへのリンク →

Tonto Team

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Andariel

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

BRONZE BUTLER

Score: 8.57

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT38

Score: 6.85

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1529 - System Shutdown/Reboot

MITREへのリンク →

MuddyWater

Score: 6.17

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution

MITREへのリンク →

Mustang Panda

Score: 12.76

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Molerats

Score: 7.83

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1027.015 - Compression

MITREへのリンク →

admin@338

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Gamaredon Group

Score: 9.53

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1221 - Template Injection
T1027.015 - Compression

MITREへのリンク →

Darkhotel

Score: 4.72

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 10.91

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

The White Company

Score: 3.16

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT33

Score: 4.60

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sidewinder

Score: 10.68

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1598.002 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT29

Score: 8.45

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

Confucius

Score: 7.75

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

BlackTech

Score: 4.60

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution

MITREへのリンク →

Windshift

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

ZIRCONIUM

Score: 8.91

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1598 - Phishing for Information

MITREへのリンク →

Turla

Score: 3.01

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

INC Ransom

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

Sea Turtle

Score: 4.78

Matched TTPs:

T1566 - Phishing
T1203 - Exploitation for Client Execution

MITREへのリンク →

Axiom

Score: 4.78

Matched TTPs:

T1566 - Phishing
T1203 - Exploitation for Client Execution

MITREへのリンク →

AppleJeus

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

Medusa Group

Score: 8.16

Matched TTPs:

T1529 - System Shutdown/Reboot
T1218.014 - MMC

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82

Matched TTPs:

T1137.002 - Office Test
T1566.001 - Spearphishing Attachment
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1204.002 - Malicious File
T1598 - Phishing for Information
T1221 - Template Injection

MITREへのリンク →

Lazarus Group

Score: 0.76

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1566.002 - Spearphishing Link
T1027.009 - Embedded Payloads
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1204.002 - Malicious File
T1529 - System Shutdown/Reboot
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Kimsuky

Score: 0.62

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1598.003 - Spearphishing Link
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1566 - Phishing
T1204.002 - Malicious File
T1598 - Phishing for Information

MITREへのリンク →

Moonstone Sleet

Score: 0.60

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1598.003 - Spearphishing Link
T1027.009 - Embedded Payloads
T1140 - Deobfuscate/Decode Files or Information
T1204.002 - Malicious File
T1598 - Phishing for Information

MITREへのリンク →

Mustang Panda

Score: 0.56

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1598.003 - Spearphishing Link
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1204.002 - Malicious File
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Dragonfly

Score: 0.56

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1598.002 - Spearphishing Attachment
T1204.002 - Malicious File
T1221 - Template Injection

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る