CINXE.COM

July 2015 | Volexity

<!DOCTYPE html> <!--[if lt IE 7 ]> <html lang="en-US" class="ie ie6 lte9 lte8 lte7 lte6 no-js"> <![endif]--> <!--[if IE 7 ]> <html lang="en-US" class="ie ie7 lte9 lte8 lte7 no-js"> <![endif]--> <!--[if IE 8 ]> <html lang="en-US" class="ie ie8 lte9 lte8 no-js"> <![endif]--> <!--[if IE 9 ]> <html lang="en-US" class="ie ie9 lte9 no-js"> <![endif]--> <!--[if (gt IE 9)|!(IE)]><!--> <html lang="en-US" class="no-js"> <!--<![endif]--> <meta charset="UTF-8"> <title>July 2015 | Volexity</title> <meta name="HandheldFriendly" content="True"> <meta name="MobileOptimized" content="320"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta http-equiv="cleartype" content="on"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@Volexity"> <meta name="twitter:creator" content="@Volexity"> <meta name="twitter:title" content="APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)"> <meta name="twitter:description" content="As if the recent breach and subsequent public data dump involving the Italian company Hacking Team wasn&#039;t bad enough, it all gets just a little bit worse. Emerging from the bowels of Hacking Team data dump was a Flash 0-day exploit (CVE-2015-5119) that was just patched today by Adobe as covered in APSB15-16. The exploit has since been added into the Angler Exploit Kit and integrated into Metasploit. However, not to be out done, APT attackers have also started leveraging the exploit in targeted spear phishing attacks as well. Before we start dishing the details, there is going to be one main takeaway from this blog post: If you haven&#039;t already, update/patch your Adobe Flash now. Spear Phishing This morning, a well known APT threat group, often referred to as Wekby, kicked off a rather ironic spear phishing campaign. The attackers launched spoofed e-mail messages purporting to be from Adobe. [&hellip;]"> <link rel="apple-touch-icon" sizes="180x180" href="https://www.volexity.com/wp-content/themes/volexity/apple-touch-icon.png"> <link rel="icon" type="image/png" href="https://www.volexity.com/wp-content/themes/volexity/favicon-32x32.png" sizes="32x32"> <link rel="icon" type="image/png" href="https://www.volexity.com/wp-content/themes/volexity/favicon-16x16.png" sizes="16x16"> <link rel="icon" type="image/png" href="https://www.volexity.com/wp-content/themes/volexity/favicon.ico"> <link rel="manifest" href="https://www.volexity.com/wp-content/themes/volexity/manifest.json"> <meta name="theme-color" content="#12BEF0"> <meta property="og:image" content="https://www.volexity.com/wp-content/uploads/2018/01/Volexity-Logo-Full-Stacked-2019-1000px.jpg" /> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-WRSX85NK29"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-WRSX85NK29'); </script> <meta name='robots' content='noindex, follow' /> <!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v23.3) - https://yoast.com/wordpress/plugins/seo/ --> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="website" /> <meta property="og:title" content="July 2015" /> <meta property="og:url" content="https://www.volexity.com/blog/2015/07/" /> <meta property="og:site_name" content="Volexity" /> <meta property="og:image" content="https://www.volexity.com/wp-content/uploads/2018/01/Volexity-Logo-Full-Stacked-2019-1000px.jpg" /> <meta property="og:image:width" content="1000" /> <meta property="og:image:height" content="1000" /> <meta property="og:image:type" content="image/jpeg" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"CollectionPage","@id":"https://www.volexity.com/blog/2015/07/","url":"https://www.volexity.com/blog/2015/07/","name":"July 2015 | Volexity","isPartOf":{"@id":"https://www.volexity.com/#website"},"breadcrumb":{"@id":"https://www.volexity.com/blog/2015/07/#breadcrumb"},"inLanguage":"en-US"},{"@type":"BreadcrumbList","@id":"https://www.volexity.com/blog/2015/07/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.volexity.com/"},{"@type":"ListItem","position":2,"name":"Archives for July 2015"}]},{"@type":"WebSite","@id":"https://www.volexity.com/#website","url":"https://www.volexity.com/","name":"Volexity | Memory Forensics, Cybersecurity Threat Intelligence & Incident Response","description":"","publisher":{"@id":"https://www.volexity.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.volexity.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://www.volexity.com/#organization","name":"Volexity Inc.","alternateName":"Volexity - Forensic Memory Analysis","url":"https://www.volexity.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.volexity.com/#/schema/logo/image/","url":"https://www.volexity.com/wp-content/uploads/2018/01/Volexity-Logo-Full-Stacked-2019-1000px.jpg","contentUrl":"https://www.volexity.com/wp-content/uploads/2018/01/Volexity-Logo-Full-Stacked-2019-1000px.jpg","width":1000,"height":1000,"caption":"Volexity Inc."},"image":{"@id":"https://www.volexity.com/#/schema/logo/image/"},"sameAs":["https://www.facebook.com/volexity/","https://x.com/Volexity","https://www.linkedin.com/company/volexity/","https://github.com/volexity","https://infosec.exchange/@volexity"]}]}</script> <!-- / Yoast SEO Premium plugin. --> <link rel='stylesheet' id='wp-block-library-css' href='https://www.volexity.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css' type='text/css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css' type='text/css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='cookie-notice-front-css' href='https://www.volexity.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.18' type='text/css' media='all' /> <link rel='stylesheet' id='main-style-css' href='https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.6.2' type='text/css' media='screen, print' /> <script type="text/javascript" id="cookie-notice-front-js-before"> /* <![CDATA[ */ var cnArgs = {"ajaxUrl":"https:\/\/www.volexity.com\/wp-admin\/admin-ajax.php","nonce":"487acc2e0d","hideEffect":"fade","position":"bottom","onScroll":false,"onScrollOffset":100,"onClick":false,"cookieName":"cookie_notice_accepted","cookieTime":2592000,"cookieTimeRejected":2592000,"globalCookie":false,"redirection":false,"cache":false,"revokeCookies":false,"revokeCookiesOpt":"automatic"}; /* ]]> */ </script> <script type="text/javascript" src="https://www.volexity.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.18" id="cookie-notice-front-js"></script> <script type="text/javascript" src="https://www.volexity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://www.volexity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <link rel="https://api.w.org/" href="https://www.volexity.com/wp-json/" /> <style type="text/css" id="wp-custom-css"> /* You can add your own CSS here. Click the help icon above to learn more. */ </style> <!--[if lte IE 9 ]> <script src="https://www.volexity.com/wp-content/themes/volexity/scripts/vendor/selectivizr.js"></script> <script src="https://www.volexity.com/wp-content/themes/volexity/scripts/vendor/respond.js"></script> <script src="https://www.volexity.com/wp-content/themes/volexity/scripts/vendor/mediamatch.js"></script> <![endif]--> </head> <body class="archive date cookies-not-set ie ie7 windows"> <header class="header"> <div class="header-top-container"> <div class="container"> <ul id="menu-sub-left" class="header-sub-left"><li id="menu-item-2116" class="icon-triangle menu-item menu-item-type-post_type menu-item-object-page menu-item-2116"><a href="https://www.volexity.com/company/contact/demo-request/" class="icon-triangle">Request A Demo</a></li> </ul> <ul id="menu-sub-right" class="header-sub-right"><li id="menu-item-1213" class="icon-warning menu-item menu-item-type-post_type menu-item-object-page menu-item-1213"><a href="https://www.volexity.com/company/contact/breach-assistance/" class="icon-warning">Breach Assistance</a></li> </ul> </div> </div> <div class="header-container"> <div class="container"> <a class="header-logo" href="https://www.volexity.com"><img src="https://www.volexity.com/wp-content/themes/volexity/dist/images/logo.png" alt="Volexity"></a> <div class="header-menu"> <ul id="menu-main-navigation" class="header-menu-list"><li id="menu-item-376" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-376"><a href="https://www.volexity.com/products-overview/">Products</a> <ul class="sub-menu"> <li id="menu-item-48" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-48"><a href="https://www.volexity.com/products-overview/">Products Overview</a></li> <li id="menu-item-50" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-50"><a href="https://www.volexity.com/products-overview/volcano/">Volcano</a></li> <li id="menu-item-49" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-49"><a href="https://www.volexity.com/products-overview/surge/">Surge</a></li> </ul> </li> <li id="menu-item-377" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-377"><a href="https://www.volexity.com/services-overview/">Services</a> <ul class="sub-menu"> <li id="menu-item-55" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-55"><a href="https://www.volexity.com/services-overview/">Services Overview</a></li> <li id="menu-item-52" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-52"><a href="https://www.volexity.com/services-overview/incident-response/">Incident Response</a></li> <li id="menu-item-53" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-53"><a href="https://www.volexity.com/services-overview/network-security-monitoring/">Network Security Monitoring</a></li> <li id="menu-item-54" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-54"><a href="https://www.volexity.com/services-overview/proactive-threat-assessments/">Proactive Threat Assessments</a></li> <li id="menu-item-56" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-56"><a href="https://www.volexity.com/services-overview/threat-intelligence/">Threat Intelligence</a></li> <li id="menu-item-2394" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2394"><a href="https://www.volexity.com/services-overview/mergers-acquisitions-cybersecurity-assessments/">M&#038;A Cybersecurity Assessments</a></li> </ul> </li> <li id="menu-item-385" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-385"><a href="https://www.volexity.com/company/about/">Company</a> <ul class="sub-menu"> <li id="menu-item-41" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-41"><a href="https://www.volexity.com/company/about/">About</a></li> <li id="menu-item-43" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-43"><a href="https://www.volexity.com/company/news-press/">News &#038; Press</a></li> <li id="menu-item-1849" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1849"><a href="https://www.volexity.com/company/careers/">Careers</a></li> <li id="menu-item-1824" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1824"><a href="https://www.volexity.com/company/internships/">Internships</a></li> <li id="menu-item-1718" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1718"><a href="https://www.volexity.com/company/resources/">Resources</a></li> </ul> </li> <li id="menu-item-39" class="menu-item menu-item-type-post_type menu-item-object-page current_page_parent menu-item-39"><a href="https://www.volexity.com/blog/">Blog</a></li> <li id="menu-item-45" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-45"><a href="https://www.volexity.com/company/contact/">Contact</a></li> </ul> </div> <div class="mobile-menu--holder"> <div class="mobile-menu"></div> </div> </div> </div> </header> <div class="int-header "> <div class="container"> <section class="int-header-hold col-sm-12"> archive </section> </div> </div> <main class="main"> <div class="container"> <div class="row int"> <section class="col-sm-8"> <h4 class="archive-page-title section-header"> Monthly Archives: July, 2015 </h4> <ol class="posts-list alm-reveal"> <li class="post-356 post type-post status-publish format-standard hentry category-threat-intelligence tag-adobe-flash tag-apt tag-china tag-exploits tag-vulnerabilities authortax-volexity" id="post-356" data-url="https://www.volexity.com/blog/2015/07/08/158-2/" data-title="APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2015/07/08/158-2/">APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)</a></h2> <p class="post-date">July 8, 2015</p> <p class="post-byline">by Volexity </p> <div class="post-content post-excerpt composition"><p>As if the recent breach and subsequent public data dump involving the Italian company Hacking Team wasn&#8217;t bad enough, it all gets just a little bit worse. Emerging from the bowels of Hacking Team data dump was a Flash 0-day exploit (CVE-2015-5119) that was just patched today by Adobe as covered in APSB15-16. The exploit has since been added into the Angler Exploit Kit and integrated into Metasploit. However, not to be out done, APT attackers have also started leveraging the exploit in targeted spear phishing attacks as well. Before we start dishing the details, there is going to be one main takeaway from this blog post: If you haven&#8217;t already, update/patch your Adobe Flash now. Spear Phishing This morning, a well known APT threat group, often referred to as Wekby, kicked off a rather ironic spear phishing campaign. The attackers launched spoofed e-mail messages purporting to be from Adobe. [&hellip;]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2015/07/08/158-2/">Read More</a> </div> </li> </ol> <div class="pagination"> <div class="pagination-prev"></div> <div class="pagination-next"></div> </div> </section> <aside class="sidebar col-sm-4"> <ul class="widgets"> <li class="widget widget_search"><div class="widget-content"><form role="search" method="get" class="search-form" action="https://www.volexity.com/"> <label> <span class="screen-reader-text">Search for:</span> <input type="search" class="search-field" placeholder="SEARCH" value="" name="s" title="Search for:" /> </label> <input type="submit" class="search-submit" value="Search" /> </form></div></li> <li class="widget widget_recent_entries"><div class="widget-content"> <h4 class="widget-title">Recent Posts</h4> <ul> <li> <a href="https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/">The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access</a> </li> <li> <a href="https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/">BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA</a> </li> <li> <a href="https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/">StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms</a> </li> <li> <a href="https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/">DISGOMOJI Malware Used to Target Indian Government</a> </li> <li> <a href="https://www.volexity.com/blog/2024/05/15/detecting-compromise-of-cve-2024-3400-on-palo-alto-networks-globalprotect-devices/">Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices</a> </li> </ul> </div></li><li class="widget widget_archive"><div class="widget-content"><h4 class="widget-title">Archives</h4> <ul> <li><a href='https://www.volexity.com/blog/2024/11/'>November 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/08/'>August 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/06/'>June 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/05/'>May 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/04/'>April 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/02/'>February 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/01/'>January 2024</a></li> <li><a href='https://www.volexity.com/blog/2023/09/'>September 2023</a></li> <li><a href='https://www.volexity.com/blog/2023/06/'>June 2023</a></li> <li><a href='https://www.volexity.com/blog/2023/03/'>March 2023</a></li> <li><a href='https://www.volexity.com/blog/2022/12/'>December 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/08/'>August 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/07/'>July 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/06/'>June 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/03/'>March 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/02/'>February 2022</a></li> <li><a href='https://www.volexity.com/blog/2021/12/'>December 2021</a></li> <li><a href='https://www.volexity.com/blog/2021/08/'>August 2021</a></li> <li><a href='https://www.volexity.com/blog/2021/05/'>May 2021</a></li> <li><a href='https://www.volexity.com/blog/2021/03/'>March 2021</a></li> <li><a href='https://www.volexity.com/blog/2020/12/'>December 2020</a></li> <li><a href='https://www.volexity.com/blog/2020/11/'>November 2020</a></li> <li><a href='https://www.volexity.com/blog/2020/04/'>April 2020</a></li> <li><a href='https://www.volexity.com/blog/2020/03/'>March 2020</a></li> <li><a href='https://www.volexity.com/blog/2019/09/'>September 2019</a></li> <li><a href='https://www.volexity.com/blog/2018/11/'>November 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/09/'>September 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/08/'>August 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/07/'>July 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/06/'>June 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/04/'>April 2018</a></li> <li><a href='https://www.volexity.com/blog/2017/11/'>November 2017</a></li> <li><a href='https://www.volexity.com/blog/2017/07/'>July 2017</a></li> <li><a href='https://www.volexity.com/blog/2017/03/'>March 2017</a></li> <li><a href='https://www.volexity.com/blog/2016/11/'>November 2016</a></li> <li><a href='https://www.volexity.com/blog/2015/10/'>October 2015</a></li> <li><a href='https://www.volexity.com/blog/2015/07/' aria-current="page">July 2015</a></li> <li><a href='https://www.volexity.com/blog/2015/06/'>June 2015</a></li> <li><a href='https://www.volexity.com/blog/2015/04/'>April 2015</a></li> <li><a href='https://www.volexity.com/blog/2014/10/'>October 2014</a></li> <li><a href='https://www.volexity.com/blog/2014/09/'>September 2014</a></li> </ul> </div></li><li class="widget widget_categorizedtagcloudwidget"><div class="widget-content"><h4 class="widget-title">Tags</h4> <div id="categorized-tag-cloud"><span id="categorized-tag-cloud-el-1"><a href="https://www.volexity.com/blog/tag/0day/" class="tag-cloud-link tag-link-131 tag-link-position-1" style="font-size: 11.818181818182pt;" aria-label="0day (5 items)">0day</a></span> <span id="categorized-tag-cloud-el-2"><a href="https://www.volexity.com/blog/tag/scanning/" class="tag-cloud-link tag-link-31 tag-link-position-2" style="font-size: 11.010101010101pt;" aria-label="Scanning (4 items)">Scanning</a></span> <span id="categorized-tag-cloud-el-3"><a href="https://www.volexity.com/blog/tag/vulnerabilities/" class="tag-cloud-link tag-link-34 tag-link-position-3" style="font-size: 11.010101010101pt;" aria-label="vulnerabilities (4 items)">vulnerabilities</a></span> <span id="categorized-tag-cloud-el-4"><a href="https://www.volexity.com/blog/tag/dfir/" class="tag-cloud-link tag-link-133 tag-link-position-4" style="font-size: 10pt;" aria-label="dfir (3 items)">dfir</a></span> <span id="categorized-tag-cloud-el-5"><a href="https://www.volexity.com/blog/tag/apt/" class="tag-cloud-link tag-link-35 tag-link-position-5" style="font-size: 20pt;" aria-label="APT (38 items)">APT</a></span> <span id="categorized-tag-cloud-el-6"><a href="https://www.volexity.com/blog/tag/spear-phishing/" class="tag-cloud-link tag-link-45 tag-link-position-6" style="font-size: 11.010101010101pt;" aria-label="spear phishing (4 items)">spear phishing</a></span> <span id="categorized-tag-cloud-el-7"><a href="https://www.volexity.com/blog/tag/china/" class="tag-cloud-link tag-link-42 tag-link-position-7" style="font-size: 14.444444444444pt;" aria-label="China (10 items)">China</a></span> <span id="categorized-tag-cloud-el-8"><a href="https://www.volexity.com/blog/tag/north-korea/" class="tag-cloud-link tag-link-117 tag-link-position-8" style="font-size: 11.818181818182pt;" aria-label="North Korea (5 items)">North Korea</a></span> <span id="categorized-tag-cloud-el-9"><a href="https://www.volexity.com/blog/tag/rce/" class="tag-cloud-link tag-link-174 tag-link-position-9" style="font-size: 12.525252525253pt;" aria-label="RCE (6 items)">RCE</a></span> <span id="categorized-tag-cloud-el-10"><a href="https://www.volexity.com/blog/tag/volcano/" class="tag-cloud-link tag-link-148 tag-link-position-10" style="font-size: 10pt;" aria-label="volcano (3 items)">volcano</a></span> <span id="categorized-tag-cloud-el-11"><a href="https://www.volexity.com/blog/tag/ivanti-connect-secure/" class="tag-cloud-link tag-link-173 tag-link-position-11" style="font-size: 11.010101010101pt;" aria-label="ivanti connect secure (4 items)">ivanti connect secure</a></span> <span id="categorized-tag-cloud-el-12"><a href="https://www.volexity.com/blog/tag/exploits/" class="tag-cloud-link tag-link-33 tag-link-position-12" style="font-size: 15.151515151515pt;" aria-label="exploits (12 items)">exploits</a></span> <span id="categorized-tag-cloud-el-13"><a href="https://www.volexity.com/blog/tag/threat-intelligence/" class="tag-cloud-link tag-link-93 tag-link-position-13" style="font-size: 12.525252525253pt;" aria-label="Threat Intelligence (6 items)">Threat Intelligence</a></span> <span id="categorized-tag-cloud-el-14"><a href="https://www.volexity.com/blog/tag/malware/" class="tag-cloud-link tag-link-106 tag-link-position-14" style="font-size: 11.818181818182pt;" aria-label="malware (5 items)">malware</a></span> <span id="categorized-tag-cloud-el-15"><a href="https://www.volexity.com/blog/tag/phishing/" class="tag-cloud-link tag-link-107 tag-link-position-15" style="font-size: 10pt;" aria-label="phishing (3 items)">phishing</a></span> <span id="categorized-tag-cloud-el-16"><a href="https://www.volexity.com/blog/tag/webshell/" class="tag-cloud-link tag-link-84 tag-link-position-16" style="font-size: 11.818181818182pt;" aria-label="webshell (5 items)">webshell</a></span> <span id="categorized-tag-cloud-el-17"><a href="https://www.volexity.com/blog/tag/exploit/" class="tag-cloud-link tag-link-87 tag-link-position-17" style="font-size: 15.555555555556pt;" aria-label="Exploit (13 items)">Exploit</a></span> <span id="categorized-tag-cloud-el-18"><a href="https://www.volexity.com/blog/tag/memory-forensics/" class="tag-cloud-link tag-link-65 tag-link-position-18" style="font-size: 11.818181818182pt;" aria-label="memory forensics (5 items)">memory forensics</a></span> <span id="categorized-tag-cloud-el-19"><a href="https://www.volexity.com/blog/tag/vpn/" class="tag-cloud-link tag-link-24 tag-link-position-19" style="font-size: 11.818181818182pt;" aria-label="VPN (5 items)">VPN</a></span> <span id="categorized-tag-cloud-el-20"><a href="https://www.volexity.com/blog/tag/pulsesecure/" class="tag-cloud-link tag-link-172 tag-link-position-20" style="font-size: 11.010101010101pt;" aria-label="pulsesecure (4 items)">pulsesecure</a></span> </div> <style> #categorized-tag-cloud a, #categorized-tag-cloud a:visited { text-decoration:none; } #categorized-tag-cloud a:hover { text-decoration:none; color:#3b97d3; } #categorized-tag-cloud-el-1 a, #categorized-tag-cloud-el-1 a:visited { color:#555555; } #categorized-tag-cloud-el-2 a, #categorized-tag-cloud-el-2 a:visited { color:#555555; } #categorized-tag-cloud-el-3 a, #categorized-tag-cloud-el-3 a:visited { color:#555555; } #categorized-tag-cloud-el-4 a, #categorized-tag-cloud-el-4 a:visited { color:#555555; } #categorized-tag-cloud-el-5 a, #categorized-tag-cloud-el-5 a:visited { color:#555555; } #categorized-tag-cloud-el-6 a, #categorized-tag-cloud-el-6 a:visited { color:#555555; } #categorized-tag-cloud-el-7 a, #categorized-tag-cloud-el-7 a:visited { color:#555555; } #categorized-tag-cloud-el-8 a, #categorized-tag-cloud-el-8 a:visited { color:#555555; } #categorized-tag-cloud-el-9 a, #categorized-tag-cloud-el-9 a:visited { color:#555555; } #categorized-tag-cloud-el-10 a, #categorized-tag-cloud-el-10 a:visited { color:#555555; } #categorized-tag-cloud-el-11 a, #categorized-tag-cloud-el-11 a:visited { color:#555555; } #categorized-tag-cloud-el-12 a, #categorized-tag-cloud-el-12 a:visited { color:#555555; } #categorized-tag-cloud-el-13 a, #categorized-tag-cloud-el-13 a:visited { color:#555555; } #categorized-tag-cloud-el-14 a, #categorized-tag-cloud-el-14 a:visited { color:#555555; } #categorized-tag-cloud-el-15 a, #categorized-tag-cloud-el-15 a:visited { color:#555555; } #categorized-tag-cloud-el-16 a, #categorized-tag-cloud-el-16 a:visited { color:#555555; } #categorized-tag-cloud-el-17 a, #categorized-tag-cloud-el-17 a:visited { color:#555555; } #categorized-tag-cloud-el-18 a, #categorized-tag-cloud-el-18 a:visited { color:#555555; } #categorized-tag-cloud-el-19 a, #categorized-tag-cloud-el-19 a:visited { color:#555555; } #categorized-tag-cloud-el-20 a, #categorized-tag-cloud-el-20 a:visited { color:#555555; } </style></div></li> </ul> </aside> </div> </div> </main> <footer class="footer"> <div class="footer-container container"> <div class="footer-col-first col-md-3 no-padding"> <a class="footer-logo" href="https://www.volexity.com"><img src="https://www.volexity.com/wp-content/themes/volexity/dist/images/logo.png" alt="Volexity"></a> <address class="footer-copyright">&copy; 2024 Volexity. All Rights Reserved.</address> </div> <ul id="menu-footer-menu" class="footer-menu-list col-md-4 col-xs-12"><li id="menu-item-57" class="nav-header menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-57"><a href="/company/about/">About</a> <ul class="sub-menu"> <li id="menu-item-59" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-59"><a href="https://www.volexity.com/company/about/">About Us</a></li> <li id="menu-item-58" class="menu-item menu-item-type-post_type menu-item-object-page current_page_parent menu-item-58"><a href="https://www.volexity.com/blog/">Blog</a></li> <li id="menu-item-395" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-395"><a href="https://www.volexity.com/privacy-policy/">Privacy Policy</a></li> </ul> </li> <li id="menu-item-60" class="nav-header menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-60"><a href="/solutions/">Solutions</a> <ul class="sub-menu"> <li id="menu-item-400" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-400"><a href="https://www.volexity.com/company/contact/">Request A Demo</a></li> <li id="menu-item-61" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-61"><a href="https://www.volexity.com/products-overview/">Products</a></li> <li id="menu-item-669" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-669"><a href="https://www.volexity.com/services-overview/">Services</a></li> </ul> </li> </ul> <div class="footer-address col-md-3 col-xs-12"> <p class="footer-header">Contact</p> <ul> <li class="footer-address--address icon-location-marker"> 11654 Plaza America Dr #774<br /> Reston, VA 20190-4700 </li> <li class="footer-address--phone icon-phone-mobile">1-888-825-1975</li> </ul> </div> <div class="footer-social col-md-2 no-padding"> <p class="footer-header">Connect</p> <ul> <li class="footer-social-holder"><a href="https://www.facebook.com/volexity" target="_blank" class="icon-facebook footer-social--link"></a></li> <li class="footer-social-holder"><a href="https://twitter.com/volexity" target="_blank" class="icon-twitter footer-social--link"></a></li> <li class="footer-social-holder"><a href="https://www.linkedin.com/company/volexity" target="_blank" class="icon-linkedin footer-social--link"></a></li> <li class="footer-social-holder"><a href="https://infosec.exchange/@volexity" target="_blank" class="fa-mastodon footer-social--link"></a></li> </ul> </div> </div> <div id="back-to-top" class="icon-slide-left"></div> <script type="text/javascript" id="main-js-extra"> /* <![CDATA[ */ var urls = {"base":"https:\/\/www.volexity.com","theme":"https:\/\/www.volexity.com\/wp-content\/themes\/volexity","ajax":"https:\/\/www.volexity.com\/wp-admin\/admin-ajax.php"}; var info = []; /* ]]> */ </script> <script type="text/javascript" src="https://www.volexity.com/wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.6.2" id="main-js"></script> <!-- Cookie Notice plugin v2.4.18 by Hu-manity.co https://hu-manity.co/ --> <div id="cookie-notice" role="dialog" class="cookie-notice-hidden cookie-revoke-hidden cn-position-bottom" aria-label="Cookie Notice" style="background-color: rgba(0,0,0,1);"><div class="cookie-notice-container" style="color: #fff"><span id="cn-notice-text" class="cn-text-container">This Website uses cookies, which are necessary to its functioning and required to achieve the purposes illustrated in our <a href="/privacy-policy/#cookies">Cookie Policy</a>. By clicking the button, you consent to our use of cookies.</span><span id="cn-notice-buttons" class="cn-buttons-container"><a href="#" id="cn-accept-cookie" data-cookie-set="accept" class="cn-set-cookie cn-button cn-button-custom box-cta" aria-label="Agree &amp; Close">Agree &amp; Close</a></span><span id="cn-close-notice" data-cookie-set="accept" class="cn-close-icon" title="No"></span></div> </div> <!-- / Cookie Notice plugin --></footer></body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10