Graphology of an Exploit - Hunting for exploits by looking for the author's fingerprints - Check Point Research
Tags
| attack-pattern: | Data Direct Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | a0206952-8130-460e-b8df-1a6781c4eafd |
| Fingerprint | b53509b6cdf807e7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 2, 2020, 10 a.m. |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints |
| Title | Graphology of an Exploit - Hunting for exploits by looking for the author's fingerprints - Check Point Research |
| Detected Hints/Tags/Attributes | 86/1/39 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://research.checkpoint.com/2020/graphology-of-an-exploit-volodya/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 19 | cve-2019-0859 |
|
| Details | CVE | 7 | cve-2015-2546 |
|
| Details | CVE | 7 | cve-2016-0040 |
|
| Details | CVE | 9 | cve-2016-0167 |
|
| Details | CVE | 9 | cve-2016-0165 |
|
| Details | CVE | 22 | cve-2016-7255 |
|
| Details | CVE | 5 | cve-2017-0001 |
|
| Details | CVE | 17 | cve-2017-0263 |
|
| Details | CVE | 5 | cve-2018-8641 |
|
| Details | CVE | 8 | cve-2019-1132 |
|
| Details | CVE | 34 | cve-2019-1458 |
|
| Details | CVE | 49 | cve-2018-8453 |
|
| Details | CVE | 12 | cve-2013-3660 |
|
| Details | CVE | 5 | cve-2015-0057 |
|
| Details | CVE | 37 | cve-2015-1701 |
|
| Details | CVE | 19 | cve-2019-1069 |
|
| Details | CVE | 16 | cve-2020-0787 |
|
| Details | Domain | 110 | exploit.in |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | sha256 | 1 | 3f6fe68981157bf3e267148ec4abf801a0983f4cea64d1aaf50fecc97ae590d3 |
|
| Details | sha256 | 1 | 0ea43ba3e1907d1b5655a665b54ad5295a93bda660146cf7c8c302b74ab573e9 |
|
| Details | sha256 | 1 | f1842080b38b3b990ba3ccc1d55ceedd901d423b6b8625633e1885f0dadee4c2 |
|
| Details | sha256 | 1 | 6224efee6665118fe4b5bfbc0c4b1dbe611a43a4b385f61ae33b0a0af230da4e |
|
| Details | sha256 | 1 | a785ad170a38280fc595dcc5af0842bd7cabc77b86deb510aa6ebb264bf2c092 |
|
| Details | sha256 | 1 | ed7532c77d2e5cf559a23a355e62d26c7a036f2c51b1dd669745a9a577f831a0 |
|
| Details | sha256 | 1 | f9dca02aa877ad36f05df1ebb16563c9dd07639a038b9840879be4499f840a10 |
|
| Details | sha256 | 1 | 0829f90a94aea5f7a56d6ebf0295e3d48b1dffcfefe91c7b2231a7108fe69c5e |
|
| Details | sha256 | 1 | 895ab681351439ee4281690df21c4a47bdeb6691b9b828fdf8c8fed3f45202d8 |
|
| Details | sha256 | 1 | eea10d513ae0c33248484105355a25f80dc9b4f1cfd9e735e447a6f7fd52b569 |
|
| Details | sha256 | 1 | 8af2cf1a254b1dafe9e15027687b0315493877524c089403d3ffffa950389a30 |
|
| Details | sha256 | 2 | 9f1a235eb38291cef296829be4b4d03618cd21e0b4f343f75a460c31a0ad62d3 |
|
| Details | sha256 | 2 | 8869e0df9b5f4a894216c76aa5689686395c16296761716abece00a0b4234d87 |
|
| Details | sha256 | 2 | 5c27e05b788ba3b997a70df674d410322c3fa5e97079a7bf3aec369a0d397164 |
|
| Details | sha256 | 2 | 50da0183466a9852590de0d9e58bbe64f22ff8fc20a9ccc68ed0e50b367d7043 |
|
| Details | Pdb | 1 | cmdtest.pdb |
|
| Details | Pdb | 1 | x:\tools\0day\09-08-2018\x64\release\runps.pdb |
|
| Details | Pdb | 1 | s:\work\inject\cve-2019-0859\release\cmdtest.pdb |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |