Trusted Design

MS Office exploit analysis – CVE-2015-1641

概要

During an incident response on a malicious MS Office document, SEKOIA CERT got access to the payload itself and also the dropper which was presented interesting features. The document was designed to exploit the vulnerability CVE-2015-1641 in order to drop and execute a ransomware called Troldesh.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

CVE-2015-0097 Exploited in the Wild (score: 0.72)
Ongoing analysis of unknown exploit targeting Office 2007-2013 (score: 0.66)
Microsoft Office Zero-Day CVE-2015-2424 Leveraged By Tsar Team (score: 0.65)
Phishing Email Serving W97M/Dropper.cu via Office Doc with Macro (score: 0.65)
Phishing - Ransomware - VBA Macro (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 7.06

Matched TTPs:

T1588.006 - Vulnerabilities
T1566.001 - Spearphishing Attachment
T1486 - Data Encrypted for Impact

MITREへのリンク →

Volt Typhoon

Score: 3.84

Matched TTPs:

T1588.006 - Vulnerabilities

MITREへのリンク →

Storm-0501

Score: 8.93

Matched TTPs:

T1588.006 - Vulnerabilities
T1486 - Data Encrypted for Impact
T1218.010 - Regsvr32

MITREへのリンク →

Cobalt Group

Score: 3.62

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32

MITREへのリンク →

Tropic Trooper

Score: 4.03

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1221 - Template Injection

MITREへのリンク →

APT28

Score: 15.11

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1221 - Template Injection
T1137.002 - Office Test
T1669 - Wi-Fi Networks

MITREへのリンク →

WIRTE

Score: 3.62

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32

MITREへのリンク →

MuddyWater

Score: 7.42

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1137.001 - Office Template Macros
T1583.006 - Web Services

MITREへのリンク →

Gamaredon Group

Score: 6.04

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1221 - Template Injection

MITREへのリンク →

APT32

Score: 5.63

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1218.010 - Regsvr32

MITREへのリンク →

APT29

Score: 7.42

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1651 - Cloud Administration Command

MITREへのリンク →

Inception

Score: 6.77

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32
T1221 - Template Injection

MITREへのリンク →

Dragonfly

Score: 4.03

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1221 - Template Injection

MITREへのリンク →

TA551

Score: 3.62

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32

MITREへのリンク →

APT41

Score: 3.22

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1486 - Data Encrypted for Impact

MITREへのリンク →

Confucius

Score: 6.04

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1221 - Template Injection

MITREへのリンク →

Leviathan

Score: 3.62

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32

MITREへのリンク →

APT19

Score: 3.62

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1218.010 - Regsvr32

MITREへのリンク →

FIN8

Score: 3.22

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1486 - Data Encrypted for Impact

MITREへのリンク →

Mustang Panda

Score: 7.42

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1678 - Delay Execution

MITREへのリンク →

OilRig

Score: 5.41

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1137.004 - Outlook Home Page

MITREへのリンク →

Moonstone Sleet

Score: 3.22

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1486 - Data Encrypted for Impact

MITREへのリンク →

Kimsuky

Score: 9.77

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1218.010 - Regsvr32
T1588.005 - Exploits

MITREへのリンク →

TA505

Score: 3.22

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1486 - Data Encrypted for Impact

MITREへのリンク →

FIN7

Score: 5.23

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.006 - Web Services
T1486 - Data Encrypted for Impact

MITREへのリンク →

APT38

Score: 3.22

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1486 - Data Encrypted for Impact

MITREへのリンク →

DarkHydrus

Score: 4.03

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1221 - Template Injection

MITREへのリンク →

Medusa Group

Score: 8.89

Matched TTPs:

T1583.006 - Web Services
T1486 - Data Encrypted for Impact
T1218.014 - MMC

MITREへのリンク →

Magic Hound

Score: 4.35

Matched TTPs:

T1583.006 - Web Services
T1486 - Data Encrypted for Impact

MITREへのリンク →

Ember Bear

Score: 4.13

Matched TTPs:

T1588.005 - Exploits

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82

Matched TTPs:

T1583.006 - Web Services
T1137.002 - Office Test
T1669 - Wi-Fi Networks
T1566.001 - Spearphishing Attachment
T1221 - Template Injection

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る