CVE-2015-5119

Vulnerability Profile Updated 3 months ago

Download STIX

Preview STIX

CVE-2015-5119 is a software vulnerability, specifically a flaw in the design or implementation of Adobe Flash. This vulnerability was discovered as part of the Hacking Team data breach that took place in 2015. In this leak, internal data of the Italian cybersecurity firm Hacking Team was exposed, including the details of several undisclosed vulnerabilities. One of these was CVE-2015-5119, which was found to be a zero-day vulnerability, meaning it was unknown to those interested in its mitigation until it was discovered in the leak. Chinese Advanced Persistent Threat (APT) groups, notably APT17 also known as Tailgator Team or Deputy Dog, quickly capitalized on the leaked information. They are suspected of being backed by China and primarily target sectors such as the U.S. government, international law firms, and information technology companies. These groups conducted network intrusions against targeted organizations using the CVE-2015-5119 vulnerability. The speed with which they utilized this vulnerability demonstrates their agility and capability in exploiting newly discovered flaws for cyber espionage purposes. Another threat group, PLEAD, also exploited the CVE-2015-5119 vulnerability. They used it to create a fileless version of their malware, demonstrating a sophisticated approach to cyber-attacks. The rapid adoption of this zero-day vulnerability by multiple threat groups following the Hacking Team leak underscores the importance of swift vulnerability management and patching strategies in mitigating the risks posed by such security flaws.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Phishing

Vulnerability

China

Apt

Malware

Adobe

Exploit

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
PLEAD	Unspecified	1	The PLEAD malware is a malicious software that was discovered by ESET researchers in 2019 to be utilized by the Chinese APT group known as BlackTech. The group was found to be performing Man-in-the-Middle (MitM) attacks through compromised ASUS routers and delivering the PLEAD malware through ASUS W

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
APT17	Targets	2	APT17, also known as Tailgator Team and Deputy Dog, is a threat actor suspected to be affiliated with the Chinese intelligence apparatus. This group has been associated with various aliases including Winnti, PassCV, Axiom, LEAD, BARIUM, Wicked Panda, and GREF. The primary targets of APT17 are the U.
APT3	Unspecified	1	APT3, also known as the UPS Team, is a highly sophisticated threat group suspected to be based in China and attributed to the Chinese Ministry of State Security (MSS) and Boyusec. This threat actor targets sectors including Aerospace and Defense, Construction and Engineering, High Tech, Telecommunic
APT18	Unspecified	1	APT18, also known as Wekby, is a threat actor suspected to be attributed to China. This group has targeted multiple sectors including Aerospace and Defense, Construction and Engineering, Education, Health and Biotechnology, High Tech, Telecommunications, and Transportation. Despite the significant i
Deputy Dog	Unspecified	1	Deputy Dog is a threat actor group that conducts network intrusions against targeted organizations, with a suspected attribution to China. The group is also known as Tailgator Team or APT17 and has primarily targeted the U.S. government, international law firms, and information technology companies.
BlackOasis	Unspecified	1	BlackOasis is a prominent threat actor known for its execution of actions with malicious intent, primarily through the use of zero-day exploits. The cybersecurity industry first became aware of BlackOasis' activities in May 2016 while investigating an Adobe Flash zero day. Notably, this group has re

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the CVE-2015-5119 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
MITRE	a year ago	The Trail of BlackTech’s Cyber Espionage Campaigns
MITRE	a year ago	APT Trends report Q2 2017
MITRE	a year ago	BlackOasis APT and new targeted attacks leveraging zero-day exploit
MITRE	a year ago	Advanced Persistent Threats (APTs) \| Threat Actors & Groups
MITRE	a year ago	Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak \| Mandiant