CVE-2015-5119

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2015-5119 is a software vulnerability, specifically a flaw in the design or implementation of Adobe Flash. This vulnerability was discovered as part of the Hacking Team data breach that took place in 2015. In this leak, internal data of the Italian cybersecurity firm Hacking Team was exposed, including the details of several undisclosed vulnerabilities. One of these was CVE-2015-5119, which was found to be a zero-day vulnerability, meaning it was unknown to those interested in its mitigation until it was discovered in the leak. Chinese Advanced Persistent Threat (APT) groups, notably APT17 also known as Tailgator Team or Deputy Dog, quickly capitalized on the leaked information. They are suspected of being backed by China and primarily target sectors such as the U.S. government, international law firms, and information technology companies. These groups conducted network intrusions against targeted organizations using the CVE-2015-5119 vulnerability. The speed with which they utilized this vulnerability demonstrates their agility and capability in exploiting newly discovered flaws for cyber espionage purposes. Another threat group, PLEAD, also exploited the CVE-2015-5119 vulnerability. They used it to create a fileless version of their malware, demonstrating a sophisticated approach to cyber-attacks. The rapid adoption of this zero-day vulnerability by multiple threat groups following the Hacking Team leak underscores the importance of swift vulnerability management and patching strategies in mitigating the risks posed by such security flaws.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Adobe
Vulnerability
China
Apt
Malware
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PLEADUnspecified
1
The PLEAD malware, also known as TSCookie, was first observed in the wild in 2015 and is believed to be associated with the Chinese APT group BlackTech. It was discovered by ESET researchers in 2019 that BlackTech was conducting Man-in-the-Middle (MitM) attacks through compromised ASUS routers and d
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT17Targets
2
APT17, also known as Tailgator Team and Deputy Dog, is a threat actor suspected to be affiliated with the Chinese intelligence apparatus. This group has been associated with various aliases including Winnti, PassCV, Axiom, LEAD, BARIUM, Wicked Panda, and GREF. The primary targets of APT17 are the U.
APT18Unspecified
1
APT18, also known as Wekby, is a threat actor suspected to be attributed to China. This group has targeted multiple sectors including Aerospace and Defense, Construction and Engineering, Education, Health and Biotechnology, High Tech, Telecommunications, and Transportation. Despite the significant i
Deputy DogUnspecified
1
Deputy Dog is a threat actor group that conducts network intrusions against targeted organizations, with a suspected attribution to China. The group is also known as Tailgator Team or APT17 and has primarily targeted the U.S. government, international law firms, and information technology companies.
BlackOasisUnspecified
1
BlackOasis is a prominent threat actor known for its execution of actions with malicious intent, primarily through the use of zero-day exploits. The cybersecurity industry first became aware of BlackOasis' activities in May 2016 while investigating an Adobe Flash zero day. Notably, this group has re
APT3Unspecified
1
APT3, also known as the UPS Team, is a highly sophisticated threat group suspected to be based in China and attributed to the Chinese Ministry of State Security (MSS) and Boyusec. This threat actor targets sectors including Aerospace and Defense, Construction and Engineering, High Tech, Telecommunic
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2015-5119 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
MITRE
a year ago
The Trail of BlackTech’s Cyber Espionage Campaigns
MITRE
a year ago
Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak | Mandiant
MITRE
a year ago
APT Trends report Q2 2017
MITRE
a year ago
BlackOasis APT and new targeted attacks leveraging zero-day exploit