Trusted Design

Exploring CVE-2015-2545 and its users

概要

This report, available at TLP:GREEN to researchers and network defenders, gives an overview of different attacks using CVE-2015-2545. Specifically we look at the different ways attackers are triggering the vulnerability, and the possibility that the exploit is shared amongst various groups. Based on overlaps in the samples analysed, our findings show that there are several clusters of documents, with the majority of the document-based builders sharing similar constructs in terms of how the final payload is discovered and executed. We also found that more recently some attackers are triggering the vulnerability through the use of MHTML files with .doc extensions. Source : http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 13.90
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 6.77
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

APT41

Score: 12.62
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1190 - Exploit Public-Facing Application
  • T1218.001 - Compiled HTML File
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Scattered Spider

Score: 7.42
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1204 - User Execution
MITREへのリンク →

TA505

Score: 3.29
Matched TTPs:
  • T1069 - Permission Groups Discovery
MITREへのリンク →

Volt Typhoon

Score: 11.75
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1588.006 - Vulnerabilities
  • T1190 - Exploit Public-Facing Application
  • T1069.001 - Local Groups
MITREへのリンク →

APT3

Score: 4.78
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN13

Score: 7.42
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1190 - Exploit Public-Facing Application
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 9.74
Matched TTPs:
  • T1588.006 - Vulnerabilities
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Storm-0501

Score: 8.06
Matched TTPs:
  • T1588.006 - Vulnerabilities
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
MITREへのリンク →

Rocke

Score: 7.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1027.004 - Compile After Delivery
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Threat Group-3390

Score: 10.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.015 - Compression
MITREへのリンク →

FIN7

Score: 7.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

APT28

Score: 30.92
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1221 - Template Injection
  • T1564.001 - Hidden Files and Directories
  • T1550.001 - Application Access Token
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Kimsuky

Score: 8.35
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1588.005 - Exploits
MITREへのリンク →

Ember Bear

Score: 7.10
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1588.005 - Exploits
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Magic Hound

Score: 3.24
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1189 - Drive-by Compromise
MITREへのリンク →

Medusa Group

Score: 6.01
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.014 - MMC
MITREへのリンク →

Sea Turtle

Score: 6.59
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Fox Kitten

Score: 4.50
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

menuPass

Score: 4.50
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Blue Mockingbird

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
MITREへのリンク →

Winter Vivern

Score: 7.77
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1056.003 - Web Portal Capture
  • T1189 - Drive-by Compromise
MITREへのリンク →

Earth Lusca

Score: 3.24
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT29

Score: 20.42
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1550.003 - Pass the Ticket
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1027.006 - HTML Smuggling
  • T1651 - Cloud Administration Command
MITREへのリンク →

Leviathan

Score: 10.63
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.015 - Compression
MITREへのリンク →

UNC3886

Score: 7.10
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Dragonfly

Score: 10.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
MITREへのリンク →

Axiom

Score: 4.73
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

HAFNIUM

Score: 8.27
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1564.001 - Hidden Files and Directories
  • T1550.001 - Application Access Token
MITREへのリンク →

MuddyWater

Score: 6.59
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1659 - Content Injection
MITREへのリンク →

Contagious Interview

Score: 4.13
Matched TTPs:
  • T1681 - Search Threat Vendor Data
MITREへのリンク →

Mustang Panda

Score: 12.83
Matched TTPs:
  • T1176.002 - IDE Extensions
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

APT32

Score: 12.52
Matched TTPs:
  • T1550.003 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

BRONZE BUTLER

Score: 10.14
Matched TTPs:
  • T1550.003 - Pass the Ticket
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

LAPSUS$

Score: 4.13
Matched TTPs:
  • T1204 - User Execution
MITREへのリンク →

APT33

Score: 5.63
Matched TTPs:
  • T1552.006 - Group Policy Preferences
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Wizard Spider

Score: 4.13
Matched TTPs:
  • T1552.006 - Group Policy Preferences
MITREへのリンク →

Turla

Score: 4.92
Matched TTPs:
  • T1069.001 - Local Groups
  • T1189 - Drive-by Compromise
MITREへのリンク →

Tonto Team

Score: 4.65
Matched TTPs:
  • T1069.001 - Local Groups
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

HEXANE

Score: 3.15
Matched TTPs:
  • T1069.001 - Local Groups
MITREへのリンク →

admin@338

Score: 4.65
Matched TTPs:
  • T1069.001 - Local Groups
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Chimera

Score: 6.19
Matched TTPs:
  • T1069.001 - Local Groups
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

OilRig

Score: 8.08
Matched TTPs:
  • T1069.001 - Local Groups
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Dark Caracal

Score: 5.20
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
MITREへのリンク →

Silence

Score: 3.44
Matched TTPs:
  • T1218.001 - Compiled HTML File
MITREへのリンク →

APT38

Score: 5.20
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gamaredon Group

Score: 17.50
Matched TTPs:
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1027.004 - Compile After Delivery
  • T1221 - Template Injection
  • T1027.015 - Compression
MITREへのリンク →

RedCurl

Score: 5.70
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Cobalt Group

Score: 7.17
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Inception

Score: 7.39
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

APT19

Score: 4.51
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
MITREへのリンク →

Daggerfly

Score: 4.69
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
MITREへのリンク →

Andariel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Confucius

Score: 4.65
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

Patchwork

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Higaisa

Score: 4.65
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

APT37

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 5.92
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Tropic Trooper

Score: 7.31
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Elderwood

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Mustard Tempest

Score: 6.30
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
MITREへのリンク →

DarkHydrus

Score: 3.15
Matched TTPs:
  • T1221 - Template Injection
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

TA2541

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.81
Matched TTPs:
  • T1550.001 - Application Access Token
  • T1669 - Wi-Fi Networks
  • T1564.001 - Hidden Files and Directories
  • T1039 - Data from Network Shared Drive
  • T1221 - Template Injection
  • T1189 - Drive-by Compromise
  • T1211 - Exploitation for Defense Evasion
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1498 - Network Denial of Service
MITREへのリンク →

APT29

Score: 0.56
Matched TTPs:
  • T1027.006 - HTML Smuggling
  • T1090.004 - Domain Fronting
  • T1550.003 - Pass the Ticket
  • T1651 - Cloud Administration Command
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Related CVEs

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る