← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Forbes.com Waterhole Attack
WHITE Codoso AlienVault 2015-02-11 Modified: 2017-06-27
6
IOCs
LOW VOLUME
A Chinese advanced persistent threat (APT) compromised Forbes.com to set up a watering hole style web-based drive-by attack against US Defense and Financial Services firms in late November 2014. The brazen attack used chained 0-days against Adobe Flash and Microsoft Internet Explorer 9 to attempt to gain access to internal networks at these companies. This report is the first to detail the attack against strategic US interests to China.
CodosoWaterholeFlashInternet ExplorerSunshop
Indicators of Compromise (6)
All domain hostname CVE FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
domain tiiztm.com 2015-02-11
hostname iad12s04-in-f22.1h100.net 2015-02-11
CVE CVE-2015-0071 2015-02-11
CVE CVE-2014-9163 2015-02-11
FileHash-MD5 ca5a35d71a01aaecc28877d316230d20 2015-02-11
FileHash-MD5 faa74be286c58be616470558d78a137f 2015-02-11
References (2)
↗ http://www.invincea.com/2015/02/chinese-espionage-campaign-compromises-forbes/ ↗ http://www.isightpartners.com/2015/02/codoso/