The KeyBoys are back in town
概要
The analysis starts with a Microsoft Word document named 2017 Q4 Work Plan.docx (with a hash of 292843976600e8ad2130224d70356bfc), which was created on 2017-10-11 by a user called “Admin’’, and first uploaded to VirusTotal, a website and file scanning service, on the same day, by a user in South Africa.
Curiously, the Word document does not contain any macros, or even an exploit. Rather, it uses a technique recently reported on by SensePost, which allows an attacker to craft a specifically created Microsoft Word document, which uses the Dynamic Data Exchange (DDE) protocol. DDE traditionally allows for the sending of messages between applications that share data, for example from Word to Excel or vice versa. In the case reported on by SensePost, this allowed for the fetching or downloading of remote payloads, using PowerShell for example.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 12.99
Matched TTPs:
- T1588.007 - Artificial Intelligence
- T1204.002 - Malicious File
- T1571 - Non-Standard Port
- T1566.003 - Spearphishing via Service
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 8.99
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1195.002 - Compromise Software Supply Chain
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 20.41
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1674 - Input Injection
- T1036.004 - Masquerade Task or Service
- T1571 - Non-Standard Port
- T1195.002 - Compromise Software Supply Chain
- T1102.002 - Bidirectional Communication
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 14.97
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1137.001 - Office Template Macros
- T1102.002 - Bidirectional Communication
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.60
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
MITREへのリンク →
Score: 31.43
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1114.002 - Remote Email Collection
- T1102.002 - Bidirectional Communication
- T1598 - Phishing for Information
- T1189 - Drive-by Compromise
- T1221 - Template Injection
- T1550.002 - Pass the Hash
- T1137.002 - Office Test
- T1550.001 - Application Access Token
MITREへのリンク →
Score: 8.57
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1102.002 - Bidirectional Communication
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.41
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
MITREへのリンク →
Score: 10.97
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
- T1021.001 - Remote Desktop Protocol
- T1027.015 - Compression
MITREへのリンク →
Score: 6.50
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1036.004 - Masquerade Task or Service
MITREへのリンク →
Score: 4.41
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
MITREへのリンク →
Score: 13.29
Matched TTPs:
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1189 - Drive-by Compromise
- T1021.001 - Remote Desktop Protocol
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 24.07
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1036.004 - Masquerade Task or Service
- T1114.002 - Remote Email Collection
- T1102.002 - Bidirectional Communication
- T1598 - Phishing for Information
- T1550.002 - Pass the Hash
- T1021.001 - Remote Desktop Protocol
- T1588.005 - Exploits
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 3.43
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.43
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.43
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 13.82
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1114.002 - Remote Email Collection
- T1195.002 - Compromise Software Supply Chain
- T1189 - Drive-by Compromise
- T1221 - Template Injection
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1571 - Non-Standard Port
MITREへのリンク →
Score: 6.71
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 6.16
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1036.004 - Masquerade Task or Service
- T1571 - Non-Standard Port
MITREへのリンク →
Score: 5.95
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1221 - Template Injection
MITREへのリンク →
Score: 5.08
Matched TTPs:
- T1204.002 - Malicious File
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.85
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
MITREへのリンク →
Score: 4.81
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1221 - Template Injection
MITREへのリンク →
Score: 3.43
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 5.50
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.83
Matched TTPs:
- T1204.002 - Malicious File
- T1102.002 - Bidirectional Communication
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 6.06
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1021.001 - Remote Desktop Protocol
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 11.70
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1195.002 - Compromise Software Supply Chain
- T1189 - Drive-by Compromise
- T1027.015 - Compression
MITREへのリンク →
Score: 4.65
Matched TTPs:
- T1204.002 - Malicious File
- T1036.004 - Masquerade Task or Service
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 5.71
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1102.002 - Bidirectional Communication
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.33
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1114.002 - Remote Email Collection
MITREへのリンク →
Score: 6.91
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1036.004 - Masquerade Task or Service
- T1027.015 - Compression
MITREへのリンク →
Score: 10.90
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1036.004 - Masquerade Task or Service
- T1550.002 - Pass the Hash
- T1021.001 - Remote Desktop Protocol
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 15.30
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1137.004 - Outlook Home Page
- T1021.001 - Remote Desktop Protocol
- T1566.003 - Spearphishing via Service
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 9.39
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1571 - Non-Standard Port
- T1195.002 - Compromise Software Supply Chain
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 16.28
Matched TTPs:
- T1204.002 - Malicious File
- T1036.004 - Masquerade Task or Service
- T1571 - Non-Standard Port
- T1114.002 - Remote Email Collection
- T1102.002 - Bidirectional Communication
- T1189 - Drive-by Compromise
- T1021.001 - Remote Desktop Protocol
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.33
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1114.002 - Remote Email Collection
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1204.002 - Malicious File
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.81
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1221 - Template Injection
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 17.24
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1036.004 - Masquerade Task or Service
- T1571 - Non-Standard Port
- T1102.002 - Bidirectional Communication
- T1189 - Drive-by Compromise
- T1021.001 - Remote Desktop Protocol
- T1566.003 - Spearphishing via Service
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 12.86
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1036.004 - Masquerade Task or Service
- T1021.001 - Remote Desktop Protocol
- T1566.003 - Spearphishing via Service
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 10.55
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1195.002 - Compromise Software Supply Chain
- T1598 - Phishing for Information
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.43
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.81
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1027.015 - Compression
MITREへのリンク →
Score: 4.81
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1027.015 - Compression
MITREへのリンク →
Score: 3.43
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 10.56
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1550.003 - Pass the Ticket
- T1189 - Drive-by Compromise
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 3.43
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 8.30
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1137.006 - Add-ins
- T1036.004 - Masquerade Task or Service
MITREへのリンク →
Score: 11.13
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1678 - Delay Execution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 4.81
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1027.015 - Compression
MITREへのリンク →
Score: 22.70
Matched TTPs:
- T1204.002 - Malicious File
- T1137 - Office Application Startup
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1571 - Non-Standard Port
- T1102.002 - Bidirectional Communication
- T1027.004 - Compile After Delivery
- T1221 - Template Injection
- T1027.015 - Compression
MITREへのリンク →
Score: 3.43
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 21.39
Matched TTPs:
- T1204.002 - Malicious File
- T1137 - Office Application Startup
- T1566.001 - Spearphishing Attachment
- T1550.003 - Pass the Ticket
- T1036.004 - Masquerade Task or Service
- T1571 - Non-Standard Port
- T1189 - Drive-by Compromise
- T1550.002 - Pass the Hash
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 6.81
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1571 - Non-Standard Port
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 5.71
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1571 - Non-Standard Port
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 6.28
Matched TTPs:
- T1204.002 - Malicious File
- T1136 - Create Account
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 10.70
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1550.003 - Pass the Ticket
- T1114.002 - Remote Email Collection
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1221 - Template Injection
MITREへのリンク →
Score: 5.95
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 17.71
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1036.004 - Masquerade Task or Service
- T1195.002 - Compromise Software Supply Chain
- T1595.003 - Wordlist Scanning
- T1550.002 - Pass the Hash
- T1021.001 - Remote Desktop Protocol
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 6.92
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1036.004 - Masquerade Task or Service
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 10.12
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1119 - Automated Collection
- T1114.002 - Remote Email Collection
- T1550.002 - Pass the Hash
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 11.46
Matched TTPs:
- T1119 - Automated Collection
- T1571 - Non-Standard Port
- T1550.002 - Pass the Hash
- T1588.005 - Exploits
MITREへのリンク →
Score: 4.85
Matched TTPs:
- T1119 - Automated Collection
- T1114.002 - Remote Email Collection
MITREへのリンク →
Score: 8.99
Matched TTPs:
- T1119 - Automated Collection
- T1114.002 - Remote Email Collection
- T1550.001 - Application Access Token
MITREへのリンク →
Score: 3.83
Matched TTPs:
- T1119 - Automated Collection
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 9.25
Matched TTPs:
- T1119 - Automated Collection
- T1114.002 - Remote Email Collection
- T1550.002 - Pass the Hash
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 6.49
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1550.002 - Pass the Hash
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.49
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 6.49
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1550.002 - Pass the Hash
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 7.59
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1021.001 - Remote Desktop Protocol
- T1213.005 - Messaging Applications
MITREへのリンク →
Score: 7.93
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1102.002 - Bidirectional Communication
- T1598 - Phishing for Information
MITREへのリンク →
Score: 9.30
Matched TTPs:
- T1571 - Non-Standard Port
- T1027.004 - Compile After Delivery
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 4.43
Matched TTPs:
- T1114.002 - Remote Email Collection
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1195.002 - Compromise Software Supply Chain
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.16
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1595.003 - Wordlist Scanning
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.78
Matched TTPs:
- T1598 - Phishing for Information
- T1136 - Create Account
- T1021.001 - Remote Desktop Protocol
- T1213.005 - Messaging Applications
MITREへのリンク →
Score: 3.41
Matched TTPs:
- T1189 - Drive-by Compromise
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1136 - Create Account
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1213.005 - Messaging Applications
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.80
Matched TTPs:
- T1550.002 - Pass the Hash
- T1119 - Automated Collection
- T1598 - Phishing for Information
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
- T1221 - Template Injection
- T1204.002 - Malicious File
- T1114.002 - Remote Email Collection
- T1550.001 - Application Access Token
- T1559.002 - Dynamic Data Exchange
- T1137.002 - Office Test
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1550.002 - Pass the Hash
- T1036.004 - Masquerade Task or Service
- T1598 - Phishing for Information
- T1102.001 - Dead Drop Resolver
- T1566.001 - Spearphishing Attachment
- T1204.002 - Malicious File
- T1114.002 - Remote Email Collection
- T1102.002 - Bidirectional Communication
- T1021.001 - Remote Desktop Protocol
- T1588.005 - Exploits
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1119 - Automated Collection
- T1571 - Non-Standard Port
- T1566.001 - Spearphishing Attachment
- T1221 - Template Injection
- T1204.002 - Malicious File
- T1137 - Office Application Startup
- T1027.015 - Compression
- T1027.004 - Compile After Delivery
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1550.002 - Pass the Hash
- T1036.004 - Masquerade Task or Service
- T1571 - Non-Standard Port
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
- T1204.002 - Malicious File
- T1137 - Office Application Startup
- T1550.003 - Pass the Ticket
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1195.002 - Compromise Software Supply Chain
- T1571 - Non-Standard Port
- T1566.001 - Spearphishing Attachment
- T1204.002 - Malicious File
- T1559.002 - Dynamic Data Exchange
- T1674 - Input Injection
- T1102.002 - Bidirectional Communication
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design