Trusted Design

An analysis of exploit supply chains and digital quartermasters

概要

On July 5, 2015 an unknown hacker publicly announced on Twitter that he had breached the internal network of Hacking Team – an Italian pentesting company known to purchase 0-day exploits and produce their own trojans. The hacker proceeded to leak archives of internal Hacking Team tools and communications. A number of tools and previously unknown exploits were discovered in the trove of data posted online. In the attached paper we will focus on two exploits which at the time of discovery in the Hacking Team archives were unpatched. The two 0-days in question targeted Adobe Flash and were subsequently labeled CVE-2015-5119 and CVE-2015-5122.

Created: 2026-02-23

Indicators

• URL - http://www.mcafeea.cf/tools.zip -
• FileHash-MD5 - 15112a53fcecc4c666a82ca84a853716 -
• FileHash-MD5 - 6c260baa4367578778b1ecdaaab37ef9 -
• FileHash-MD5 - b1238ccbb10af3e81110d3afacd98161 -
• FileHash-MD5 - e33cf5b9f3991a8ee4e71f4380dd7eb1 -
• CVE - CVE-2015-5122 -
• FileHash-MD5 - 2c6126e9f308d1be11553978e8a97621 -
• hostname - twnic.ignorelist.com -
• FileHash-MD5 - 76808c0ade61f433bb5be83a4464eb9e -
• FileHash-MD5 - 9bf3e6a95a261a449be02ac03d4f0523 -
• FileHash-MD5 - 1b47a8c22f9905afe05fad41ff3c9e4d -
• FileHash-MD5 - da6c98d8f37290a10119fbca33eec58a -
• hostname - pic.nicklockluckydog.org -
• FileHash-MD5 - 6102f79567dff2168beb17aba31e058f -
• FileHash-MD5 - 2f9e44e0cef0b4a67b7be74bc11b8e7d -
• URL - http://www.digital-gate.jp/exp1/exp1.swf -
• FileHash-MD5 - b7d39c5833e5896b7f5849966095a4bf -
• URL - http://104.27.206.91/flash/update.dat -
• FileHash-MD5 - dccb71a74f719aa23e8bbb51ec037f56 -
• FileHash-MD5 - b8ec26fcf2a4e855e04278f9bf5dc877 -
• FileHash-MD5 - 973e0c922eb07aad530d8a1de19c7755 -
• hostname - web.dpp.rrims.org -
• domain - osce-press.org -
• FileHash-MD5 - 727dd4a7aae56a8202c5aa7758ea5d46 -
• FileHash-MD5 - 9647626a70f006b49bc35d110aaadf8a -
• FileHash-MD5 - faf53a283d4a171dc30385e3c42c487c -
• URL - http://ww.shijinri.com/com/bind.exe -
• hostname - www.sakuranorei.com -
• FileHash-MD5 - 726bd0bd6cca8d481cf6165c95528caa -
• FileHash-MD5 - 557f8d4c6f8b386c32001def807dc715 -
• FileHash-MD5 - fe63d984246dbc092517840d50a0d12b -
• FileHash-MD5 - e15fb188c0c50d62657c7fd368a9a4ab -
• hostname - jiussharefiles.ddns.net -
• FileHash-MD5 - af0d365a2c59709ece196037740bdb81 -
• URL - http://www.konpro.com.tw/exp2.swf -
• hostname - win7.myz.info -
• FileHash-MD5 - ceda2299257c96e60ead75fce414c68d -
• hostname - inbox.webmailgoogle.com -
• URL - http://news.hnn.hk/mil/download/logo.jpg -
• FileHash-MD5 - bbf32eeb560a42a3a69beaed645e7777 -
• FileHash-MD5 - 00591821f328911380277272164d08cd -
• FileHash-MD5 - edcd313791506c623d8a2a88b9b0e84c -
• URL - http://chinadataonline.org/religionExplorerPublic/js/movie.swf -
• hostname - rpt.perrydale.com -
• URL - http://audio.co.kr/js/comm.js -
• hostname - sb.iffymonkey.com -
• URL - http://webservice.uclab.tw/help.gif -
• URL - http://tor-projects.org/update/Tor.exe -
• hostname - cdn.sanecat.com -
• FileHash-MD5 - f8b3ad7d73ba432bc3e7084f9f7dee7d -
• FileHash-MD5 - 079a440bee0f86d8a59ebc5c4b523a07 -
• FileHash-MD5 - 878d13b8ceb49cfe9ff1b063bffeb9a9 -
• hostname - mail.cbppnews.com -
• hostname - news.turkceil.tk -
• URL - http://84.124.26.234/image/welcome.gif -
• FileHash-MD5 - 53fe5d10530fbef13da8c9e706a72944 -
• domain - tor-projects.org -
• URL - http://137.175.4.132/movie.swf -
• URL - http://news.turkceil.tk/movie.swf -
• hostname - news.voanews.hk -
• FileHash-MD5 - 07aa0340ec0bfbb2e59f1cc50382c055 -
• FileHash-MD5 - b4522d05a9e3a034af481a7797a445ea -
• URL - http://scripts.3-a.net/Adebo/movie.swf -
• FileHash-MD5 - cfbcb83f8515bd169afd0b22488b4430 -
• FileHash-MD5 - 75dc1e22e16c39e3532673f75fd41b93 -
• hostname - bluecoat.isasecret.com -
• hostname - web.paramerat.com -
• FileHash-MD5 - 21c46a95329f3f16050a7421841a92c4 -
• FileHash-MD5 - 53473af71d40568d25da87fc41dfe500 -
• FileHash-MD5 - 5e223ef669acd309697c90cac2f9953f -
• FileHash-MD5 - ec9f882d7eb9b60431e56ed4e25f3830 -
• URL - http://fss.pw.utc.com/forms/login/movie.swf -
• URL - http://pic.NICKLOCKLUCKYDOG.ORG/images/logo -
• FileHash-MD5 - ebf157abfe656d87e43a63ca91507996 -
• hostname - scripts.3-a.net -
• URL - http://213.186.164.211/news/in.gif -
• URL - http://www.nichiiko-golf.com/news/index.php -
• FileHash-MD5 - 0b3a047d31461e20887bb1d32b4e472f -
• URL - http://report.perrydale.com/ema/show.swf -
• hostname - www.aprilmusic.com -
• FileHash-MD5 - cd7a5bead5b5cff37f72a8b6e666d8e3 -
• URL - http://pic.nicklockluckydog.org/movie.swf -
• hostname - report.perrydale.com -
• hostname - www.mcafeea.cf -
• hostname - www.cbppnews.com -
• FileHash-MD5 - 87e01acad9b67953881c7d1b8e28d003 -
• FileHash-MD5 - e43e14f6d1159ea9564bc23982b9afd5 -
• FileHash-MD5 - 5beb4504fe22e859a2b09cd5a654b23e -
• hostname - www.leimeng.com.tw -
• FileHash-MD5 - d6365edf2d3afa6d155273814b494eb3 -
• FileHash-MD5 - b65076f4cb6e74429dd02fcacda0bec3 -
• FileHash-MD5 - 79f71f327a38c2226d36a21172d2922b -
• FileHash-MD5 - e6152c187cd57269bd94e97efd64e69b -
• URL - http://whois.nictr.info/movie.swf -
• FileHash-MD5 - bdc263c93bc5bd0d31a517be469a697a -
• FileHash-MD5 - 9ee9a5f37a679ddc1650ab36d91e9581 -
• hostname - dns.snakesearch.info -
• URL - http://103.230.109.222/movie.swf -
• hostname - oop.jumpingcrab.com -
• URL - http://vinashin.com.vn/upload/942X160-1.swf -
• FileHash-MD5 - b3bc4b5f17fd5f87ec3714c6587f6906 -
• hostname - amxil.opmuert.org -
• FileHash-MD5 - 4dfdfd203eeeff75474b8f431b6e0750 -
• hostname - fileshare.serveftp.com -
• URL - http://rpt.perrydale.com/en/b.gif -
• FileHash-MD5 - 42b091f63548fccbbd87f8c06b632dda -
• URL - http://103.230.109.222/flashupdate.exe -
• URL - http://www.leimeng.com.tw/test.swf -
• FileHash-MD5 - 8571bac93788be4be74562e2e0c628d5 -
• URL - http://www.bitty.co.nz/wp-content/wp-ads/wpads.swf -
• FileHash-MD5 - 4dd21fd277c772bcf8b9d1d72bf68de8 -
• FileHash-MD5 - d536c4b71d131848e965c4524780a8aa -
• FileHash-MD5 - 0d50bd8299de64525a78845957456959 -
• FileHash-MD5 - e9a57f70f739cb26dc053238b0a97425 -
• FileHash-MD5 - 83388058055d325a2fa5288182a41e89 -
• URL - http://rpt.perrydale.com/en/show.swf -
• hostname - www.wordpress.zzux.com -
• FileHash-MD5 - 054d9852de6983116bd3d521e8d73296 -
• hostname - qf.laoscript.org -
• URL - http://careercenter.umd.edu/Scripts/movie.swf -
• URL - http://www.qtdc.com.tw/dcalc.exe -
• URL - http://www.cbppnews.com/movie.swf -
• FileHash-MD5 - aa9eded1eb95f026aaf84919cc27ad32 -
• FileHash-MD5 - 930525ac7bed4f1bf8bbf0a775dbea25 -
• FileHash-MD5 - 451c52652ddb28e9071078f214a327a7 -
• URL - http://image.laoscript.org/gupdate/update.swf -
• URL - http://www.exam.or.jp/movie.swf -
• FileHash-MD5 - d6f7a1995a869dbd411c2b46364a6dc9 -
• URL - http://web.dpp.rrims.org/web.gif -
• URL - http://www.fb.org/movie.swf -
• FileHash-MD5 - aaa62d5f0e348f0e890ad9d3f71e448d -
• FileHash-MD5 - dceae0d1a680bc098bae9da466e12610 -
• URL - http://www.leimeng.com.tw/whattime.exe -
• FileHash-MD5 - c101d289d36558c6fbe388d32bd32ab4 -
• FileHash-MD5 - f46019f795bd721262dc69988d7e53bc -
• hostname - image.laoscript.org -
• URL - http://cosmetech.co.jp/css/movie.swf -
• FileHash-MD5 - 80d234dc62c1bcec1466986f1224c205 -
• FileHash-MD5 - 195bdc84f114c282e61f206dc88cd26d -
• hostname - www.n-fit-sub.com -
• hostname - www.paramerat.com -
• FileHash-MD5 - 5392f1399a49935817669d22e5e644ea -
• FileHash-MD5 - 6739542294a6cc5ca4f272181944b943 -
• FileHash-MD5 - 5a22e5aee4da2fe363b77f1351265a00 -
• hostname - whois.nictr.info -
• URL - http://www.n-fit-sub.com/ec/index.php -
• URL - http://www.paramerat.com/info/news/movie.swf -
• FileHash-MD5 - 79dc5ee17ab11a647d6dff51d3908bda -
• domain - appeal.ml -
• hostname - jp.virhub.biz -
• FileHash-MD5 - 80512010e667756f7d611f5cc6a6f9bb -
• CVE - CVE-2015-5119 -
• FileHash-MD5 - 2a11d0f22b413d990437892ec6fb28a9 -
• FileHash-MD5 - 8a8e9bbf1ca2a926f0a5d06217eeea55 -
• FileHash-MD5 - d22f5f14f573293231f04cc53fee17f9 -
• hostname - yunwu1.xicp.net -
• FileHash-MD5 - 5dd963d33c31cdb9131d86241e754d81 -
• FileHash-MD5 - cb713b544dce5a2505e393f6587aaa47 -
• hostname - sbuudd.webssl9.info -

類似Pulses

• CVE-2015-5122 Exploited in Strategic Web Compromise (score: 0.75)
• Killing a Zero-Day in the Egg: Adobe CVE-2016-1019 (score: 0.70)
• Latest Flash Exploit Used in Pawn Storm (score: 0.69)
• Operation Clandestine Wolf – Adobe Flash Zero-Day APT3 Phishing (score: 0.67)
• Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 (score: 0.67)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る