Trusted Design

Multiple Chinese APT Groups Quickly Use Flash Zero-Day

概要

The FireEye as a Service team detected independent phishing campaigns conducted by two Chinese advanced persistent threat (APT) groups that we track, APT3 and APT18. Each threat group quickly took advantage of a zero-day vulnerability (CVE-2015-5119), which was leaked in the disclosure of Hacking Team’s internal data. Adobe released a patch for the vulnerability on July 8, 2015. Before that patch was released, the groups launched phishing campaigns against multiple companies in the aerospace and defense, construction and engineering, education, energy, health and biotechnology, high tech, non-profit, telecommunications, and transportation industries.

Created: 2026-02-23

Indicators

類似Pulses

Operation Clandestine Wolf – Adobe Flash Zero-Day APT3 Phishing (score: 0.81)
Operation RussianDoll (score: 0.76)
APT Group Wekby Leveraging Adobe Flash Exploit (score: 0.73)
UPS: Observations on CVE-2015-3113 (score: 0.71)
CVE-2015-5122 Exploited in Strategic Web Compromise (score: 0.71)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 8.26

Matched TTPs:

T1564.008 - Email Hiding Rules
T1003.003 - NTDS

MITREへのリンク →

Sandworm Team

Score: 16.38

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1686.003 - Windows Host Firewall
T1566.002 - Spearphishing Link
T1193 - Spearphishing Attachment

MITREへのリンク →

Kimsuky

Score: 20.71

Matched TTPs:

T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1057 - Process Discovery
T1197 - BITS Jobs
T1003.003 - NTDS
T1008 - Fallback Channels

MITREへのリンク →

FIN13

Score: 5.02

Matched TTPs:

T1606.002 - SAML Tokens
T1569.002 - Service Execution

MITREへのリンク →

Moonstone Sleet

Score: 11.28

Matched TTPs:

T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1057 - Process Discovery
T1197 - BITS Jobs

MITREへのリンク →

Lazarus Group

Score: 16.51

Matched TTPs:

T1606.002 - SAML Tokens
T1608.005 - Link Target
T1057 - Process Discovery
T1055.015 - ListPlanting
T1569.002 - Service Execution
T1556 - Modify Authentication Process

MITREへのリンク →

Contagious Interview

Score: 14.83

Matched TTPs:

T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1218.008 - Odbcconf
T1608.005 - Link Target
T1556 - Modify Authentication Process

MITREへのリンク →

OilRig

Score: 14.58

Matched TTPs:

T1606.002 - SAML Tokens
T1212 - Exploitation for Credential Access
T1059.004 - Unix Shell
T1055.015 - ListPlanting
T1556 - Modify Authentication Process

MITREへのリンク →

UNC3886

Score: 12.82

Matched TTPs:

T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1059.004 - Unix Shell
T1055.015 - ListPlanting

MITREへのリンク →

Salt Typhoon

Score: 4.84

Matched TTPs:

T1606.002 - SAML Tokens
T1556 - Modify Authentication Process

MITREへのリンク →

APT29

Score: 4.11

Matched TTPs:

T1606.002 - SAML Tokens
T1608.005 - Link Target

MITREへのリンク →

Turla

Score: 13.34

Matched TTPs:

T1606.002 - SAML Tokens
T1608.005 - Link Target
T1212 - Exploitation for Credential Access
T1059.004 - Unix Shell
T1569.002 - Service Execution

MITREへのリンク →

Mustang Panda

Score: 9.31

Matched TTPs:

T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1556 - Modify Authentication Process

MITREへのリンク →

FIN7

Score: 14.96

Matched TTPs:

T1606.002 - SAML Tokens
T1608.005 - Link Target
T1564.002 - Hidden Users
T1057 - Process Discovery
T1055.015 - ListPlanting

MITREへのリンク →

Volt Typhoon

Score: 13.21

Matched TTPs:

T1686.003 - Windows Host Firewall
T1057 - Process Discovery
T1212 - Exploitation for Credential Access
T1569.002 - Service Execution

MITREへのリンク →

Storm-0501

Score: 3.84

Matched TTPs:

T1686.003 - Windows Host Firewall

MITREへのリンク →

Scattered Spider

Score: 10.44

Matched TTPs:

T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1027.002 - Software Packing

MITREへのリンク →

ZIRCONIUM

Score: 7.91

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1197 - BITS Jobs

MITREへのリンク →

APT32

Score: 7.22

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1556 - Modify Authentication Process

MITREへのリンク →

Magic Hound

Score: 4.47

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target

MITREへのリンク →

APT28

Score: 15.33

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1057 - Process Discovery
T1197 - BITS Jobs
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dragonfly

Score: 6.30

Matched TTPs:

T1566.002 - Spearphishing Link
T1193 - Spearphishing Attachment

MITREへのリンク →

Patchwork

Score: 8.90

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.004 - Unix Shell
T1008 - Fallback Channels

MITREへのリンク →

LAPSUS$

Score: 7.69

Matched TTPs:

T1193 - Spearphishing Attachment
T1218.008 - Odbcconf

MITREへのリンク →

HAFNIUM

Score: 5.86

Matched TTPs:

T1218.008 - Odbcconf
T1608.005 - Link Target

MITREへのリンク →

APT33

Score: 6.88

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1556 - Modify Authentication Process

MITREへのリンク →

Wizard Spider

Score: 6.88

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1556 - Modify Authentication Process

MITREへのリンク →

Darkhotel

Score: 4.13

Matched TTPs:

T1564.002 - Hidden Users

MITREへのリンク →

Tonto Team

Score: 3.15

Matched TTPs:

T1212 - Exploitation for Credential Access

MITREへのリンク →

HEXANE

Score: 3.15

Matched TTPs:

T1212 - Exploitation for Credential Access

MITREへのリンク →

admin@338

Score: 3.15

Matched TTPs:

T1212 - Exploitation for Credential Access

MITREへのリンク →

Chimera

Score: 3.15

Matched TTPs:

T1212 - Exploitation for Credential Access

MITREへのリンク →

Deep Panda

Score: 3.15

Matched TTPs:

T1059.004 - Unix Shell

MITREへのリンク →

GALLIUM

Score: 3.15

Matched TTPs:

T1059.004 - Unix Shell

MITREへのリンク →

APT3

Score: 3.15

Matched TTPs:

T1059.004 - Unix Shell

MITREへのリンク →

APT41

Score: 6.72

Matched TTPs:

T1055.015 - ListPlanting
T1008 - Fallback Channels

MITREへのリンク →

Velvet Ant

Score: 7.06

Matched TTPs:

T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Rocke

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

BRONZE BUTLER

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.81

Matched TTPs:

T1003.003 - NTDS
T1197 - BITS Jobs
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1606.002 - SAML Tokens
T1057 - Process Discovery
T1008 - Fallback Channels

MITREへのリンク →

Lazarus Group

Score: 0.71

Matched TTPs:

T1556 - Modify Authentication Process
T1569.002 - Service Execution
T1608.005 - Link Target
T1055.015 - ListPlanting
T1606.002 - SAML Tokens
T1057 - Process Discovery

MITREへのリンク →

Sandworm Team

Score: 0.68

Matched TTPs:

T1193 - Spearphishing Attachment
T1566.002 - Spearphishing Link
T1686.003 - Windows Host Firewall
T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens

MITREへのリンク →

APT28

Score: 0.67

Matched TTPs:

T1197 - BITS Jobs
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1057 - Process Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 0.66

Matched TTPs:

T1564.002 - Hidden Users
T1608.005 - Link Target
T1055.015 - ListPlanting
T1606.002 - SAML Tokens
T1057 - Process Discovery

MITREへのリンク →

OilRig

Score: 0.63

Matched TTPs:

T1556 - Modify Authentication Process
T1055.015 - ListPlanting
T1212 - Exploitation for Credential Access
T1606.002 - SAML Tokens
T1059.004 - Unix Shell

MITREへのリンク →

Contagious Interview

Score: 0.62

Matched TTPs:

T1556 - Modify Authentication Process
T1608.005 - Link Target
T1218.008 - Odbcconf
T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management

MITREへのリンク →

Turla

Score: 0.60

Matched TTPs:

T1569.002 - Service Execution
T1608.005 - Link Target
T1212 - Exploitation for Credential Access
T1606.002 - SAML Tokens
T1059.004 - Unix Shell

MITREへのリンク →

UNC3886

Score: 0.59

Matched TTPs:

T1055.015 - ListPlanting
T1606.002 - SAML Tokens
T1059.004 - Unix Shell
T1021.006 - Windows Remote Management

MITREへのリンク →

Volt Typhoon

Score: 0.59

Matched TTPs:

T1686.003 - Windows Host Firewall
T1569.002 - Service Execution
T1057 - Process Discovery
T1212 - Exploitation for Credential Access

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る