Trusted Design

Phishing Email Serving W97M/Dropper.cu via Office Doc with Macro

概要

A phishing email containing an embedded link that ultimately takes the victim to URL hxxp://emsanhdieu.vn/logs/download.php?id=aXRsb3BlekBicHByLmNvbQ0= which initiates a download of a rigged Office Doc. The Doc file contains malicious Macro design to infect a Windows host with a Dropper.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Phishing - Ransomware - VBA Macro (score: 0.72)
Spam Delivering Malicious Word Document (score: 0.71)
Evoltin POS Malware Attacks via Macro (score: 0.71)
Attack on Critical Infrastructure Leverages Template Injection (score: 0.70)
W97M/Downloader: Macro-enabled Microsoft Word Trojan (score: 0.70)

このPulseに関連する脅威アクター (事実ベース)

Cobalt Group

Score: 8.71

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN7

Score: 11.06

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1584.005 - Botnet
T1027.018 - Invisible Unicode

MITREへのリンク →

MuddyWater

Score: 13.25

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1558.001 - Golden Ticket
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Sidewinder

Score: 14.79

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1657 - Financial Theft
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

APT28

Score: 20.85

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1197 - BITS Jobs
T1200 - Hardware Additions
T1588.003 - Code Signing Certificates
T1027.018 - Invisible Unicode

MITREへのリンク →

APT37

Score: 5.90

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Gallmaker

Score: 4.41

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link

MITREへのリンク →

Leviathan

Score: 11.86

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

BITTER

Score: 5.90

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

TA505

Score: 7.22

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Patchwork

Score: 11.17

Matched TTPs:

T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

APT12

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Kimsuky

Score: 13.65

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1562.013 - Disable or Modify Network Device Firewall
T1197 - BITS Jobs
T1027.018 - Invisible Unicode

MITREへのリンク →

Machete

Score: 4.47

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Elderwood

Score: 5.96

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Transparent Tribe

Score: 5.96

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Dragonfly

Score: 12.39

Matched TTPs:

T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1657 - Financial Theft
T1218.010 - Regsvr32
T1200 - Hardware Additions

MITREへのリンク →

Contagious Interview

Score: 6.69

Matched TTPs:

T1087.002 - Domain Account
T1221 - Template Injection
T1027.018 - Invisible Unicode

MITREへのリンク →

CURIUM

Score: 4.12

Matched TTPs:

T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link

MITREへのリンク →

Tropic Trooper

Score: 6.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1200 - Hardware Additions

MITREへのリンク →

RedCurl

Score: 4.47

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

DarkHydrus

Score: 4.81

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1200 - Hardware Additions

MITREへのリンク →

FIN8

Score: 4.47

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Threat Group-3390

Score: 6.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1546.017 - Udev Rules

MITREへのリンク →

LazyScripter

Score: 4.47

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

APT39

Score: 4.47

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Star Blizzard

Score: 7.74

Matched TTPs:

T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1657 - Financial Theft

MITREへのリンク →

Higaisa

Score: 6.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1546.017 - Udev Rules

MITREへのリンク →

Wizard Spider

Score: 4.47

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

OilRig

Score: 10.50

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1592.002 - Software
T1027.018 - Invisible Unicode

MITREへのリンク →

Sandworm Team

Score: 8.42

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Magic Hound

Score: 6.05

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN4

Score: 4.47

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Inception

Score: 6.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1200 - Hardware Additions

MITREへのリンク →

EXOTIC LILY

Score: 5.96

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Saint Bear

Score: 4.52

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Lazarus Group

Score: 4.60

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

TA459

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Moonstone Sleet

Score: 7.56

Matched TTPs:

T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1197 - BITS Jobs

MITREへのリンク →

TA2541

Score: 7.62

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

Earth Lusca

Score: 3.60

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1027.018 - Invisible Unicode

MITREへのリンク →

SideCopy

Score: 5.28

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1657 - Financial Theft

MITREへのリンク →

Mofang

Score: 7.62

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

Tonto Team

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Andariel

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

BRONZE BUTLER

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

APT38

Score: 3.02

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustang Panda

Score: 8.42

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Molerats

Score: 7.62

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

admin@338

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Gamaredon Group

Score: 9.33

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1200 - Hardware Additions
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

Darkhotel

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 8.42

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

The White Company

Score: 3.16

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

APT33

Score: 5.96

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

APT29

Score: 10.50

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1027.018 - Invisible Unicode

MITREへのリンク →

Confucius

Score: 9.11

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1200 - Hardware Additions
T1027.018 - Invisible Unicode

MITREへのリンク →

BlackTech

Score: 5.96

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Windshift

Score: 4.47

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

LuminousMoth

Score: 6.65

Matched TTPs:

T1543.003 - Windows Service
T1584.005 - Botnet
T1027.018 - Invisible Unicode

MITREへのリンク →

APT3

Score: 4.30

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

ZIRCONIUM

Score: 8.70

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1027.018 - Invisible Unicode

MITREへのリンク →

Scattered Spider

Score: 10.03

Matched TTPs:

T1566.002 - Spearphishing Link
T1619 - Cloud Storage Object Discovery
T1197 - BITS Jobs

MITREへのリンク →

Silent Librarian

Score: 6.30

Matched TTPs:

T1566.002 - Spearphishing Link
T1584.005 - Botnet

MITREへのリンク →

LAPSUS$

Score: 4.13

Matched TTPs:

T1619 - Cloud Storage Object Discovery

MITREへのリンク →

INC Ransom

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Sea Turtle

Score: 4.78

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall
T1218.010 - Regsvr32

MITREへのリンク →

Axiom

Score: 4.78

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall
T1218.010 - Regsvr32

MITREへのリンク →

AppleJeus

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Medusa Group

Score: 4.54

Matched TTPs:

T1094 - Custom Command and Control Protocol

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.81

Matched TTPs:

T1200 - Hardware Additions
T1206 - Sudo Caching
T1588.003 - Code Signing Certificates
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode
T1197 - BITS Jobs
T1087.002 - Domain Account

MITREへのリンク →

Sidewinder

Score: 0.57

Matched TTPs:

T1206 - Sudo Caching
T1566.002 - Spearphishing Link
T1543.003 - Windows Service
T1657 - Financial Theft
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode
T1087.002 - Domain Account

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る