CVEs

CVE-2014-0569

References:

CVE-2014-0569 (Flash Player) integrating Exploit Kit - 2014-10-21 - MDNC - Kafeine CVE-2014-0569 Chthonic Fiesta Angler Astrum Sweet Orange FlashPack RIG Magnitude KovCoreG Kovter

CVE-2015-0310

References:

CVE-2015-0310 (Flash 15.0.0.242 and below) integrating Exploit Kits - 2015-01-16 - MDNC - Kafeine CVE-2015-0310 Angler

CVE-2015-0313

References:

A Closer Look at the Exploit Kit in CVE-2015-0313 Attack - 2015-02-03 - Trend Micro - Brooks Li CVE-2015-0313 Hanjuan Angler

Illustration : @engageBDR feeds Hanjuan which deploys bedep via CVE-2015-0313 cc @TrendLabs @Malwarebytes - 2015-02-03 - Twitter - Kafeine CVE-2015-0313 Hanjuan

CVE-2015-7645

References:

New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries - 2015-10-13 - Trend Micro - Brooks Li - Feike Hacquebord - Peter Pi CVE-2015-7645 Sedkit

CVE-2016-0167

References:

Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks - 2016-05-11 - FireEye - Dhanesh Kizhakkinan - Yu Wang - Dan Caselden - Erica Eng CVE-2016-0167 RecoLoad

CVE-2016-1019

References:

Killing a Zero-Day in the Egg: Adobe CVE-2016-1019 - 2016-04-07 - Proofpoint - Kafeine CVE-2016-1019 Nuclear Magnitude

CVE-2016-1019 (Flash up to 21.0.0.182/187) and Exploit Kits - 2016-04-08 - MDNC - Kafeine CVE-2016-1019 Nuclear Magnitude Cerber Neutrino

CVE-2016-3298

References:

CVE-2016-1019: A New Flash Exploit Included in Magnitude Exploit Kit - 2016-04-07 - FireEye - Genwei Jiang CVE-2016-3298 Nuclear

Peas in a pod: Microsoft patches CVE-2016-3298, a second information disclosure zero-day used in malvertising campaigns and the Neutrino Exploit Kit - 2016-10-11 - Proofpoint - Kafeine CVE-2016-3298 GooNky AdGholas CVE-2016-3351

CVE-2016-3351

References:

Microsoft Patches CVE-2016-3351 Zero-Day, Exploited By AdGholas and GooNky Malvertising Groups - 2016-09-13 - Proofpoint - Kafeine CVE-2016-3351 GooNky AdGholas Angler Astrum

Microsoft Patches IE/Edge Zero-day Used in AdGholas Malvertising Campaign - 2016-09-15 - Trend Micro - Brooks Li - Henry Li CVE-2016-3351 AdGholas

CVE-2016-4117

CVE-2016-7255

CVE-2016-7855

CVE-2017-0022

References:

CVE-2017-0022: Microsoft Patches a Vulnerability Exploited by AdGholas and Neutrino - 2017-03-24 - Trend Micro - Brooks Li - Henry Li CVE-2017-0022 AdGholas NeutrAds Neutrino

CVE-2017-0199

References:

Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day - 2017-04-10 - Proofpoint - Proofpoint Staff CVE-2017-0199 Dridex TA505

CVE-2017-11292

References:

APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed - 2017-10-19 - Proofpoint - Kafeine - Pierre T CVE-2017-11292 DealersChoice

CVE-2018-15982

References:

CVE-2018-15982 (Flash Player up to 31.0.0.153) and Exploit Kits - 2019-01-16 - MDNC - Kafeine CVE-2018-15982 Fallout Underminer Spelevo GreenFlash Sundown

CVE-2018-20250

References:

Extracting a 19 Year Old Code Execution from WinRAR - 2019-02-20 - Checkpoint - Nadav Grossman CVE-2018-20250

CVE-2018-4878

References:

CVE-2018-4878 (Flash Player up to 28.0.0.137) and Exploit Kits - 2018-03-09 - MDNC - Kafeine CVE-2018-4878 WordsJS GreenFlash Sundown Magnitude RIG Fallout Hermes

CVE-2018-8174

References:

CVE-2018-8174 (VBScript Engine) and Exploit Kits - 2018-05-25 - MDNC - Kafeine CVE-2018-8174 RIG Magnitude GrandSoft Fallout Kaixin Hunter GreenFlash Sundown Smokebot

CVE-2019-11707

References:

A little more context on the Firefox 0-day reports. On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees. - 2019-06-19 - Twitter - Philip Martin CVE-2019-11707

