Trusted Design

Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122

概要

On July 16, 2015, the Palo Alto Networks Unit 42 threat intelligence team discovered a watering hole attack on the website of a well-known aerospace firm. The website was compromised to launch an apparent watering-hole attack against the company’s customers. It was hosting an Adobe Flash exploit targeting one of the newly disclosed vulnerabilities from the Hacking Team data breach, CVE-2015-5122.

Created: 2026-02-23

Indicators

類似Pulses

CVE-2015-5122 Exploited in Strategic Web Compromise (score: 0.72)
Forbes.com Waterhole Attack (score: 0.72)
Operation Clandestine Wolf – Adobe Flash Zero-Day APT3 Phishing (score: 0.68)
An analysis of exploit supply chains and digital quartermasters (score: 0.67)
Evilgrab Delivered by Watering Hole (score: 0.66)

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 6.25

Matched TTPs:

T1069 - Permission Groups Discovery
T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution

MITREへのリンク →

Scattered Spider

Score: 7.82

Matched TTPs:

T1069 - Permission Groups Discovery
T1538 - Cloud Service Dashboard

MITREへのリンク →

TA505

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

Volt Typhoon

Score: 7.59

Matched TTPs:

T1069 - Permission Groups Discovery
T1190 - Exploit Public-Facing Application
T1584.004 - Server

MITREへのリンク →

APT3

Score: 4.78

Matched TTPs:

T1069 - Permission Groups Discovery
T1203 - Exploitation for Client Execution

MITREへのリンク →

FIN13

Score: 4.76

Matched TTPs:

T1069 - Permission Groups Discovery
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Threat Group-3390

Score: 4.73

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

FIN7

Score: 3.87

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication

MITREへのリンク →

Sandworm Team

Score: 8.19

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

APT28

Score: 11.66

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1669 - Wi-Fi Networks

MITREへのリンク →

Kimsuky

Score: 8.00

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1588.005 - Exploits

MITREへのリンク →

Ember Bear

Score: 7.10

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1588.005 - Exploits

MITREへのリンク →

Magic Hound

Score: 8.16

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

Winter Vivern

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1189 - Drive-by Compromise

MITREへのリンク →

Earth Lusca

Score: 6.07

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

APT29

Score: 10.02

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1090.004 - Domain Fronting
T1566.003 - Spearphishing via Service

MITREへのリンク →

Leviathan

Score: 7.56

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Dragonfly

Score: 7.56

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Axiom

Score: 4.73

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

MuddyWater

Score: 5.36

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Salt Typhoon

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT39

Score: 3.87

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT37

Score: 5.66

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Lazarus Group

Score: 13.76

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Turla

Score: 7.00

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

EXOTIC LILY

Score: 4.02

Matched TTPs:

T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Patchwork

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Cobalt Group

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Mustang Panda

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

BRONZE BUTLER

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Transparent Tribe

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Tropic Trooper

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT32

Score: 6.01

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

OilRig

Score: 9.51

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT33

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN6

Score: 8.02

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN8

Score: 5.49

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Windshift

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Contagious Interview

Score: 5.27

Matched TTPs:

T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79

Matched TTPs:

T1203 - Exploitation for Client Execution
T1102.002 - Bidirectional Communication
T1584.004 - Server
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT28

Score: 0.73

Matched TTPs:

T1203 - Exploitation for Client Execution
T1102.002 - Bidirectional Communication
T1190 - Exploit Public-Facing Application
T1189 - Drive-by Compromise
T1669 - Wi-Fi Networks

MITREへのリンク →

APT29

Score: 0.63

Matched TTPs:

T1090.004 - Domain Fronting
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service
T1190 - Exploit Public-Facing Application

MITREへのリンク →

OilRig

Score: 0.61

Matched TTPs:

T1566.003 - Spearphishing via Service
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る