{"vulnerability": "cve-2019-1458", "sightings": [{"uuid": "d59f9394-2623-4820-b1fa-9de5b1af090f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/48e15610-a505-4067-8dec-4627e36bcbe7", "content": "", "creation_timestamp": "2020-10-14T09:36:45.000000Z"}, {"uuid": "9f1649be-6dfa-4b56-88c5-ceb863430991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/c735e8d3-be81-4e4a-95be-dc56e46d6ba9", "content": "", "creation_timestamp": "2020-07-13T11:00:56.000000Z"}, {"uuid": "b7fea76d-6228-4fed-b7b4-6ac69aac1f5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/5df0fabd-ccb8-47cb-8189-6aaf0a3b4631", "content": "", "creation_timestamp": "2019-12-11T14:20:40.000000Z"}, {"uuid": "17a68e43-eb0b-4408-9153-1969e8a5b1a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/298fe54c-2127-4e44-90dc-047a9d882845", "content": "", "creation_timestamp": "2020-10-19T19:48:47.000000Z"}, {"uuid": "0a11f536-abe9-4f58-9173-aca3be6a60da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/780a2f65-1062-43e5-a617-5a826e27c67d", "content": "", "creation_timestamp": "2020-08-05T06:00:42.000000Z"}, {"uuid": "81805a4b-bc89-4239-90c8-c3200a338b32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/a40c9aed-cf24-43e6-859b-e00435209aa0", "content": "", "creation_timestamp": "2020-10-07T09:58:16.000000Z"}, {"uuid": "16299f0d-2bdb-46d1-a73c-0d96d31d1ce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/fbff27c0-f30f-445c-92af-76781df1856d", "content": "", "creation_timestamp": "2020-10-09T13:20:00.000000Z"}, {"uuid": "94dd309d-db10-4429-b2fd-172b92bbe6b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/f03db85a-6f42-448e-bcb9-c252ba64ab46", "content": "", "creation_timestamp": "2020-10-09T13:39:44.000000Z"}, {"uuid": "a722f54f-e93f-4896-a08a-20359667f8f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/9efcf05c-63c3-4006-a065-a45ba3399099", "content": "", "creation_timestamp": "2020-10-09T14:19:04.000000Z"}, {"uuid": "27ee0461-3bf9-47ce-b9d7-585e87beb0e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/20444920-6b37-4ead-b180-5a533bb57060", "content": "", "creation_timestamp": "2020-10-19T19:50:03.000000Z"}, {"uuid": "873b3ad4-f303-4c29-8624-f038a48659fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/e3ac7eca-df67-44e4-9ccf-5b8cfa4104d6", "content": "", "creation_timestamp": "2020-10-19T19:49:03.000000Z"}, {"uuid": "8df11911-b26f-459c-aca2-e4c7d7e04bdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/f9d0a6fd-5f30-457d-a3f8-eef9cf2fe3bf", "content": "", "creation_timestamp": "2020-10-28T15:50:03.000000Z"}, {"uuid": "c6005497-b83f-4bb6-aa20-648539163bcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "f99aa3bb-ae04-4518-a199-bd4b600e135d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971207", "content": "", "creation_timestamp": "2024-12-24T20:25:53.181960Z"}, {"uuid": "2d66851c-42fb-4011-80ea-2cc3ca7ae043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "1585fb18-504d-43a9-b39f-133aa0406ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:12.000000Z"}, {"uuid": "a2cb09db-8c34-4ddb-9da3-d7fc37c6e6db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:23.000000Z"}, {"uuid": "658f50da-420c-4886-bad5-d4491233547f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:56.000000Z"}, {"uuid": "a592d2b2-f771-4521-976e-bd0e88806d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/c735e8d3-be81-4e4a-95be-dc56e46d6ba9", "content": "", "creation_timestamp": "2025-04-15T13:03:57.000000Z"}, {"uuid": "f654545b-6610-4af8-bfdb-90b303822554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2019_1458_wizardopium.rb", "content": "", "creation_timestamp": "2020-10-15T17:53:47.000000Z"}, {"uuid": "bcec1522-c9b2-4c1e-a458-8b76ea5063ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=439", "content": "", "creation_timestamp": "2019-12-11T04:00:00.000000Z"}, {"uuid": "f7c2876f-5f60-4d5f-af36-84dbbe0e1b82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "exploited", "source": "https://t.me/ctinow/18498", "content": "Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium\n\nhttps://ift.tt/2LFkyfQ", "creation_timestamp": "2019-12-10T21:20:08.000000Z"}, {"uuid": "fbedadf5-d916-4d23-9aaa-3d35e2d3880a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "published-proof-of-concept", "source": "https://t.me/x_notes/194", "content": "\u200b\ud83e\udd16 \u0415\u0441\u043b\u0438 \u0432\u044b \u0434\u0430\u0432\u043d\u043e \u043c\u0435\u0447\u0442\u0430\u0435\u0442\u0435 \u043d\u0430\u0443\u0447\u0438\u0442\u0441\u044f \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c \u0437\u0438\u0440\u043e\u0434\u0435\u0438 \u0432 \u0431\u0438\u043d\u0430\u0440\u0449\u0438\u043d\u0435, \u0438 \u0440\u0443\u0431\u0438\u0442\u044c \u043d\u0430 \u044d\u0442\u043e\u043c \u043e\u0433\u0440\u043e\u043c\u043d\u044b\u0435 \u043a\u0443\u0447\u0438 \u0434\u0435\u043d\u0435\u0433 \u0442\u043e \u0441\u043e\u0432\u0435\u0442\u0443\u044e \u0432\u0430\u043c \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u0441\u044f \u0441 \u0434\u0430\u043d\u043d\u044b\u043c \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u043c. \n\ud83c\udfb2 \u0412 Readme \u0430\u0432\u0442\u043e\u0440 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0442\u0430\u043a \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u043c\u043e\u0433\u043e #1day (\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u043f\u0430\u0442\u0447), \u0432\u0441\u0435 \u0448\u0430\u0433\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043f\u0440\u043e\u0434\u0435\u043b\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430:\n\u25aa\ufe0fPatch Diffing\n\u25aa\ufe0fPoC Building \n\u25aa\ufe0f\u0438 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b.\n\n\ud83d\udc4d \u041e\u0447\u0435\u043d\u044c \u0441\u043e\u0432\u0435\u0442\u0443\u044e \u0432\u0441\u0435\u043c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u044e\u0449\u0438\u043c\u0441\u044f \u0434\u0430\u043d\u043d\u043e\u0439 \u0442\u0435\u043c\u043e\u0439\n\n#exploitdevelopment #patchdiffing #pocbuilding #binary \n\nhttps://github.com/piotrflorczyk/cve-2019-1458_POC", "creation_timestamp": "2020-09-18T11:05:44.000000Z"}, {"uuid": "86459938-6db9-4aca-bb51-81d3952ec8ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2019-1458", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4a3051fd-cf87-4ade-9bf5-768da807b160", "content": "", "creation_timestamp": "2026-02-02T12:28:29.050661Z"}, {"uuid": "6be93a37-8185-4d66-b584-797e1510e756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "exploited", "source": "https://t.me/CyberGovIL/629", "content": "\u05d4\u05ea\u05e8\u05e2\u05d4 -  \u05e2\u05d3\u05db\u05d5\u05df \u05d4\u05d0\u05d1\u05d8\u05d7\u05d4 \u05d4\u05d7\u05d5\u05d3\u05e9\u05d9 \u05e9\u05dc \u05de\u05d9\u05e7\u05e8\u05d5\u05e1\u05d5\u05e4\u05d8 \u2013 \u05d3\u05e6\u05de\u05d1\u05e8 19\n\n\u05d1-10 \u05dc\u05d7\u05d5\u05d3\u05e9 \u05e4\u05e8\u05e1\u05de\u05d4 \u05de\u05d9\u05e7\u05e8\u05d5\u05e1\u05d5\u05e4\u05d8 \u05db-37 \u05e2\u05d3\u05db\u05d5\u05e0\u05d9 \u05d0\u05d1\u05d8\u05d7\u05d4 \u05dc\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d1\u05ea\u05d5\u05db\u05e0\u05d5\u05ea \u05e0\u05ea\u05de\u05db\u05d5\u05ea, 7 \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05de\u05e1\u05d5\u05d5\u05d2\u05d5\u05ea \u05db\u05e7\u05e8\u05d9\u05d8\u05d9\u05d5\u05ea.\n\n\u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d4\u05d7\u05de\u05d5\u05e8\u05d5\u05ea \u05d1\u05d9\u05d5\u05ea\u05e8 \u05e2\u05dc\u05d5\u05dc\u05d5\u05ea \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e4\u05d9\u05dd \u05d4\u05e4\u05e2\u05dc\u05ea \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7 (RCE).\n\n\u05d1\u05d9\u05df \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05e9\u05e4\u05d5\u05e8\u05e1\u05de\u05d5 \u05e2\u05d1\u05d5\u05e8\u05df \u05e2\u05d3\u05db\u05d5\u05e0\u05d9 \u05d0\u05d1\u05d8\u05d7\u05d4, \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d0\u05d7\u05ea \u05de\u05e1\u05d5\u05d2 Zero Day \u05d1\u05e8\u05db\u05d9\u05d1 Win32k \u05e9\u05dc \u05de\u05e2\u05e8\u05db\u05ea \u05d4\u05d4\u05e4\u05e2\u05dc\u05d4 (CVE-2019-1458).\n\n\u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05d4\u05e2\u05dc\u05d0\u05ea \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05dc\u05d0\u05d7\u05e8 \u05d0\u05d7\u05d9\u05d6\u05d4 \u05e8\u05d0\u05e9\u05d5\u05e0\u05d9\u05ea \u05d1\u05e2\u05de\u05d3\u05d4, \u05d5\u05de\u05e0\u05d5\u05e6\u05dc\u05ea \u05d1\u05e4\u05d5\u05e2\u05dc \u05e2\u05dc \u05d9\u05d3\u05d9 \u05ea\u05d5\u05e7\u05e4\u05d9\u05dd.", "creation_timestamp": "2022-01-13T19:33:35.000000Z"}, {"uuid": "edb357d7-8422-4fcb-b1d5-9f766f61e7ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/23003", "content": "The WizardOpium LPE: Exploiting CVE-2019-1458\n\nhttps://ift.tt/3cXdXIu", "creation_timestamp": "2020-06-11T19:19:21.000000Z"}, {"uuid": "dadab3d7-4307-4165-8032-fd900c1d8808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "exploited", "source": "https://t.me/ctinow/18489", "content": "One of the vulnerabilities, CVE-2019-1458, is classified as 'Important' and is a zero-day privilege elevation vuln in Win32k that was discovered by @antonivanovm and Alexey Kulaev of @kaspersky . This vulnerability was seen being actively exploited in the wild. http://twitter.com/BleepinComputer/status/1204472569958678529", "creation_timestamp": "2019-12-10T19:52:29.000000Z"}, {"uuid": "086f6c32-ad1f-4352-96b4-8435d8a659c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "published-proof-of-concept", "source": "Telegram/lJ8esi6TNRPeiOWrUA4nbsPGAq5gVpJsskx3jtMDxnrl69c", "content": "", "creation_timestamp": "2024-04-09T14:47:25.000000Z"}, {"uuid": "c4999274-fdb8-46d2-92d6-65f95d48cc94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "https://t.me/secinfosex/27", "content": "\u041f\u043e\u043c\u043d\u0438\u0442\u0435 \u0442\u043e\u0442 0-day \u0432 Google Chrome, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0432 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 GReAT, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u043e\u0437\u0432\u0430\u043b\u0438 \u0432\u0441\u0435 \u044d\u0442\u043e WizardOpium? \n\n\u0422\u0430\u043a \u0432\u043e\u0442. \u0412\u044b\u044f\u0441\u043d\u0438\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u0442\u0430\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \n\n* CVE-2019-13720 \u0432 Google Chrome\n* CVE-2019-1458 \u0432 win32k.sys\n\n\u0421\u0431\u0435\u0436\u0430\u0442\u044c \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0445\u0440\u043e\u043c\u0430 \u0432 \u0442\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u043b\u0430 CVE-2019-1458 \u0432 win32k.sys, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u043f\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c GDI \u043f\u0440\u0438\u043c\u0438\u0442\u0438\u0432\u0430\u043c\u0438 (\u043a\u043b\u0430\u0441\u0441\u0438\u043a\u0430 sandbox escaping \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043b\u0435\u0442, \u043f\u043e\u0447\u0438\u0442\u0430\u0439\u0442\u0435 \u0440\u0430\u0437\u0431\u043e\u0440\u044b \u043f\u043e\u0441\u043b\u0435 pwn2own, \u0438 j00ru).\n\nGReAT \u0437\u0430\u044f\u0432\u043b\u044f\u044e\u0442, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043e\u0447\u0435\u043d\u044c \u043f\u043e\u0445\u043e\u0436 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 Volodya aka BuggyCorp. \n\u042d\u0442\u043e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0434\u0430\u0432\u043d\u0435\u043d\u044c\u043a\u043e \u043f\u0440\u043e\u0434\u0430\u0435\u0442 \u0437\u0435\u0440\u043e\u0434\u0435\u0438 \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043b\u0438\u0446\u0430\u043c, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0434\u0440\u044e\u0447\u0438\u0442 win32k.sys \u0438 \u043f\u0440\u0438 \u043b\u044e\u0431\u043e\u043c \u0443\u0434\u043e\u0431\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0441\u0431\u0435\u0433\u0430\u0435\u0442 \u043f\u0440\u044f\u043c\u043e \u0432 \u044f\u0434\u0440\u043e.\n\n* https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/\n* https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458\n* https://www.zdnet.com/article/mysterious-hacker-has-been-selling-windows-0-days-to-apt-groups-for-three-years/\n\n#wizardopium #volodya #0day", "creation_timestamp": "2019-12-11T07:30:18.000000Z"}, {"uuid": "4e10c5ad-c7b9-4bae-84fa-fc2726973f69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "published-proof-of-concept", "source": "https://t.me/Cobalt_Strike_info/66", "content": "#\u0441\u0442\u0430\u0442\u044c\u0438_\u0441\u0441\u044b\u043b\u043a\u0438_scripts\n\nhttps://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/", "creation_timestamp": "2022-05-14T10:50:47.000000Z"}, {"uuid": "d24f089b-93eb-46a1-a2fb-b7a026174d56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "https://t.me/ctinow/203933", "content": "https://ift.tt/mHvzh2Q\nCVE-2019-1458 | Microsoft Windows up to Server 2016 Win32k privileges management (Advisory 156651)", "creation_timestamp": "2024-03-09T13:46:14.000000Z"}, {"uuid": "73ab2388-10ab-4f60-a9b5-8556678418b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-14584", "type": "published-proof-of-concept", "source": "Telegram/Z18l1BGmDRp0Ys-Rb-ANz20n1vxWBxkYZGWQuzjqgn7q6ok", "content": "", "creation_timestamp": "2021-06-04T09:47:02.000000Z"}, {"uuid": "3772636e-a5c6-4ebd-9bc0-185337231d33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "exploited", "source": "https://t.me/S_E_Reborn/1766", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 xPack \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b APT Antlion \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u0438 \u0438\u043c\u0435\u0442\u044c \u043e\u0431\u0448\u0438\u0440\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u044f\u043c \u0436\u0435\u0440\u0442\u0432 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 18 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u0432 \u0445\u043e\u0434\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0432 \u0422\u0430\u0439\u0432\u0430\u043d\u0435 \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 2020 \u043f\u043e 2021 \u0433\u043e\u0434.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u0438 \u0438\u0437\u0443\u0447\u0438\u0442\u044c \u0437\u043b\u043e\u0432\u0440\u0435\u0434 \u0441\u043c\u043e\u0433\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Symantec. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043e\u0434\u043d\u0443 \u0438\u0437 \u0430\u0442\u0430\u043a, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0445 APT, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 175 \u0434\u043d\u0435\u0439. \u0412 \u0434\u0440\u0443\u0433\u043e\u0439 \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u0443\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e \u0433\u0440\u0443\u043f\u043f\u0430 APT \u043f\u0440\u043e\u0432\u0435\u043b\u0430 250 \u0434\u043d\u0435\u0439 \u0432 \u0441\u0435\u0442\u0438 \u0446\u0435\u043b\u0438. \u0412\u0441\u0435 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u043d\u0435\u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u0438 \u043c\u0430\u043b\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c.\n\nxPack \u2014 \u044d\u0442\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a .NET, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0435\u0442 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 AES \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u043e\u043d \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u043e\u043c\u0430\u043d\u0434.\u00a0\u041f\u0430\u0440\u043e\u043b\u044c \u0434\u043b\u044f \u0434\u0435\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432 \u0432\u0438\u0434\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (\u0441\u0442\u0440\u043e\u043a\u0430 \u0432 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0435 Base64), \u0430 \u0431\u044d\u043a\u0434\u043e\u0440 xPack \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043a\u0430\u043a \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u043a\u0430\u043a \u0441\u043b\u0443\u0436\u0431\u0430 (\u0432\u0430\u0440\u0438\u0430\u043d\u0442 xPackSvc).\n\n\u0411\u044d\u043a\u0434\u043e\u0440 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b WMI, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b EternalBlue \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u043e\u0431\u0449\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u0447\u0435\u0440\u0435\u0437 SMB \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 C2.\u00a0\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0435\u0433\u043e \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0434\u043b\u044f \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0441\u0432\u043e\u0435\u0433\u043e IP-\u0430\u0434\u0440\u0435\u0441\u0430.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043d\u0435 \u044f\u0441\u0435\u043d. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0430\u0442\u0430\u043a \u043e\u043d\u0438 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u043b\u0443\u0436\u0431\u0443 MSSQL \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434.\n\n\u0418 \u043f\u043e\u0445\u043e\u0436\u0435, \u0447\u0442\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e xPack \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0438\u043c \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434, \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438.\u00a0\u041f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u043a\u0435\u0439\u043b\u043e\u0433\u0433\u0435\u0440 \u0438 \u0442\u0440\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Symantec \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 Antlion \u0432 \u044d\u0442\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438: \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a EHAGBPSL, \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0438\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a JpgRun, \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a CheckID, \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b NetSessionEnum \u0438 ENCODE MMC, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0433\u043e\u0442\u043e\u0432\u044b\u0445 \u0438 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 (LoL) (PowerShell, WMIC, ProcDump, LSASS \u0438 PsExec).\n\n\u0414\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441\u0432\u043e\u0435\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u00a0CVE-2019-1458. \u041f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 WinRAR \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u0430\u043a\u0435\u0442\u043d\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0441\u0431\u043e\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445.\u00a0 \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u043b\u0438\u0441\u044c \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441\u0435\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 xPack \u0438 \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \n\nSymantec \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e Antlion \u0430\u043a\u0442\u0438\u0432\u0435\u043d \u0432 \u0441\u0444\u0435\u0440\u0435 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430 \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 2011 \u0433\u043e\u0434\u0430. \u0418\u043d\u0442\u0435\u0440\u0435\u0441 \u0430\u043a\u0442\u043e\u0440\u0430 \u043a \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0438\u043c \u0444\u0438\u0440\u043c\u0430\u043c \u0438 TTP \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u043f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043d\u0430 \u0435\u0433\u043e \u0441\u0432\u044f\u0437\u044c \u0441 \u041a\u041d\u0420, \u0430 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e \u043a\u043e\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0410\u0420\u0422, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043c\u043e\u0433\u043b\u0430 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u0434\u043e\u0431\u044b\u0442\u0430\u044f Antlion \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.", "creation_timestamp": "2022-02-04T15:30:09.000000Z"}, {"uuid": "3c941786-da66-460b-91c0-7e766cc1de2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "exploited", "source": "https://t.me/true_secator/2592", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 xPack \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b APT Antlion \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u0438 \u0438\u043c\u0435\u0442\u044c \u043e\u0431\u0448\u0438\u0440\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u044f\u043c \u0436\u0435\u0440\u0442\u0432 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 18 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u0432 \u0445\u043e\u0434\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0432 \u0422\u0430\u0439\u0432\u0430\u043d\u0435 \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 2020 \u043f\u043e 2021 \u0433\u043e\u0434.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u0438 \u0438\u0437\u0443\u0447\u0438\u0442\u044c \u0437\u043b\u043e\u0432\u0440\u0435\u0434 \u0441\u043c\u043e\u0433\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Symantec. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043e\u0434\u043d\u0443 \u0438\u0437 \u0430\u0442\u0430\u043a, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0445 APT, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 175 \u0434\u043d\u0435\u0439. \u0412 \u0434\u0440\u0443\u0433\u043e\u0439 \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u0443\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e \u0433\u0440\u0443\u043f\u043f\u0430 APT \u043f\u0440\u043e\u0432\u0435\u043b\u0430 250 \u0434\u043d\u0435\u0439 \u0432 \u0441\u0435\u0442\u0438 \u0446\u0435\u043b\u0438. \u0412\u0441\u0435 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u043d\u0435\u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u0438 \u043c\u0430\u043b\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c.\n\nxPack \u2014 \u044d\u0442\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a .NET, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0435\u0442 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 AES \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u043e\u043d \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u043e\u043c\u0430\u043d\u0434.\u00a0\u041f\u0430\u0440\u043e\u043b\u044c \u0434\u043b\u044f \u0434\u0435\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432 \u0432\u0438\u0434\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (\u0441\u0442\u0440\u043e\u043a\u0430 \u0432 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0435 Base64), \u0430 \u0431\u044d\u043a\u0434\u043e\u0440 xPack \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043a\u0430\u043a \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u043a\u0430\u043a \u0441\u043b\u0443\u0436\u0431\u0430 (\u0432\u0430\u0440\u0438\u0430\u043d\u0442 xPackSvc).\n\n\u0411\u044d\u043a\u0434\u043e\u0440 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b WMI, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b EternalBlue \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u043e\u0431\u0449\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u0447\u0435\u0440\u0435\u0437 SMB \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 C2.\u00a0\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0435\u0433\u043e \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0434\u043b\u044f \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0441\u0432\u043e\u0435\u0433\u043e IP-\u0430\u0434\u0440\u0435\u0441\u0430.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043d\u0435 \u044f\u0441\u0435\u043d. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0430\u0442\u0430\u043a \u043e\u043d\u0438 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u043b\u0443\u0436\u0431\u0443 MSSQL \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434.\n\n\u0418 \u043f\u043e\u0445\u043e\u0436\u0435, \u0447\u0442\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e xPack \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0438\u043c \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434, \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438.\u00a0\u041f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u043a\u0435\u0439\u043b\u043e\u0433\u0433\u0435\u0440 \u0438 \u0442\u0440\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Symantec \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 Antlion \u0432 \u044d\u0442\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438: \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a EHAGBPSL, \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0438\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a JpgRun, \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a CheckID, \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b NetSessionEnum \u0438 ENCODE MMC, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0433\u043e\u0442\u043e\u0432\u044b\u0445 \u0438 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 (LoL) (PowerShell, WMIC, ProcDump, LSASS \u0438 PsExec).\n\n\u0414\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441\u0432\u043e\u0435\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u00a0CVE-2019-1458. \u041f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 WinRAR \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u0430\u043a\u0435\u0442\u043d\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0441\u0431\u043e\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445.\u00a0 \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u043b\u0438\u0441\u044c \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441\u0435\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 xPack \u0438 \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \n\nSymantec \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e Antlion \u0430\u043a\u0442\u0438\u0432\u0435\u043d \u0432 \u0441\u0444\u0435\u0440\u0435 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430 \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 2011 \u0433\u043e\u0434\u0430. \u0418\u043d\u0442\u0435\u0440\u0435\u0441 \u0430\u043a\u0442\u043e\u0440\u0430 \u043a \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0438\u043c \u0444\u0438\u0440\u043c\u0430\u043c \u0438 TTP \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u043f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043d\u0430 \u0435\u0433\u043e \u0441\u0432\u044f\u0437\u044c \u0441 \u041a\u041d\u0420, \u0430 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e \u043a\u043e\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0410\u0420\u0422, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043c\u043e\u0433\u043b\u0430 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u0434\u043e\u0431\u044b\u0442\u0430\u044f Antlion \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.", "creation_timestamp": "2022-02-04T15:30:00.000000Z"}, {"uuid": "bc70508b-78af-47ae-a377-7875e1168a36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "exploited", "source": "https://t.me/information_security_channel/33351", "content": "Hackers Used Windows 0-day Exploit CVE-2019-1458 in Operation WizardOpium Cyber Attacks\nhttps://gbhackers.com/operation-wizardopium/", "creation_timestamp": "2019-12-11T14:46:36.000000Z"}, {"uuid": "29c8df1f-4376-44b3-8ef7-ce27189a9ed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "exploited", "source": "https://t.me/information_security_channel/33353", "content": "Researchers discovered a newly patched Windows Zero-day vulnerability exploit already used in Operation WizardOpium attacks along with Chrome Zero-day exploit in last month. GBHackers reported\u00a0Operation WizardOpium attacks in November, and the attack was initially observed by Kaspersky researchers who have already uncovered a Google Chrome 0-day exploit that was used in the part of the [\u2026]\nThe post Hackers Used Windows 0-day Exploit CVE-2019-1458 in Operation WizardOpium Cyber Attacks (https://gbhackers.com/operation-wizardopium/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2019-12-11T14:46:37.000000Z"}, {"uuid": "c0077c77-3cd7-4b79-8b4d-9cc4a6b53a23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/480", "content": "#Threat_Research\n1. Windows 0-day exploit CVE-2019-1458\nused in Operation WizardOpium\nhttps://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432\n2. BuleHero botnet payload\nhttps://www.zscaler.com/blogs/security-research/recent-bulehero-botnet-payload", "creation_timestamp": "2022-02-02T14:47:44.000000Z"}, {"uuid": "7d6d77ca-1b78-4055-9db3-fe393cd04c4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-14586", "type": "seen", "source": "https://t.me/cibsecurity/16714", "content": "\u203c CVE-2019-14586 \u203c\n\nUse after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-23T20:45:55.000000Z"}, {"uuid": "2d5de2b1-803a-4534-bba0-9abc69acfec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-14587", "type": "seen", "source": "https://t.me/cibsecurity/16713", "content": "\u203c CVE-2019-14587 \u203c\n\nLogic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-23T20:45:54.000000Z"}, {"uuid": "b4f54831-8f97-4c11-a642-ad93c772048f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/48e15610-a505-4067-8dec-4627e36bcbe7", "content": "", "creation_timestamp": "2026-05-07T22:16:32.000000Z"}, {"uuid": "2f2834ab-476c-447c-adea-1a2ae2a7788e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1458", "type": "seen", "source": "MISP/298fe54c-2127-4e44-90dc-047a9d882845", "content": "", "creation_timestamp": "2026-05-07T21:13:27.000000Z"}]}