{"vulnerability": "cve-2016-0189", "sightings": [{"uuid": "105bb85a-0fbb-4d5d-87ce-ff9a284228cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/59a66b5f-28b0-45c2-8bf6-06bcbce2ab96", "content": "", "creation_timestamp": "2017-08-30T07:57:15.000000Z"}, {"uuid": "e9c78110-b212-4ab6-911d-bc00c828beab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/5bab9721-28ac-48c4-845a-28f70a021402", "content": "", "creation_timestamp": "2018-09-26T14:29:36.000000Z"}, {"uuid": "840fe0b1-790f-4b6f-ad82-95d665ea1243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/57f12c6a-5864-4abb-8207-5a60646d1a36", "content": "", "creation_timestamp": "2016-10-02T16:51:25.000000Z"}, {"uuid": "5c7a49dd-f8f8-42ed-b14d-557a619582fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/5bf7fa3d-4308-4042-b09d-2176ac12042b", "content": "", "creation_timestamp": "2018-11-23T14:09:10.000000Z"}, {"uuid": "16f605ad-7e66-462f-9af3-5bc90d8d29d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/3662e234-ff72-4608-be6d-59e5352154c4", "content": "", "creation_timestamp": "2020-10-09T15:57:20.000000Z"}, {"uuid": "e62d1c7d-8c55-49bf-bb20-0ac4e57699f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/2a8c4e25-ae93-4460-b536-9e67f38a9a51", "content": "", "creation_timestamp": "2020-10-09T17:15:00.000000Z"}, {"uuid": "6023bbed-49f9-47ed-9096-2fcb9d39b4d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/37eaa589-7c2e-4382-839f-c4e33c5645e7", "content": "", "creation_timestamp": "2020-10-09T16:17:11.000000Z"}, {"uuid": "e68d5afa-8ddc-44db-8ebb-ed204f698231", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/aaef44e8-30e4-4ef5-abab-fecb28a147c1", "content": "", "creation_timestamp": "2020-10-09T16:41:28.000000Z"}, {"uuid": "6eb9b3dd-3a2b-402a-83cb-8ca208b10226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/4237df88-801e-41e4-87f5-3fe3881b5e79", "content": "", "creation_timestamp": "2020-10-09T16:28:35.000000Z"}, {"uuid": "89fdc4a8-2863-4a5f-a455-97bea9c2084a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/875dbc76-9a9c-462d-a103-2f3a09499a11", "content": "", "creation_timestamp": "2020-10-09T16:18:45.000000Z"}, {"uuid": "3e3ed790-4b50-4d92-8d66-b046c45e04f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/15c96c9f-9459-461d-b9d3-e5a16ff303a6", "content": "", "creation_timestamp": "2020-10-09T17:19:51.000000Z"}, {"uuid": "f2cfd7a1-e953-4ea4-9525-29c62a757809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/f987ff0f-3a4b-486a-b97a-ce21374d80c8", "content": "", "creation_timestamp": "2020-10-09T17:22:27.000000Z"}, {"uuid": "91857a97-866d-4acc-bfac-99125fbdf913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "7e020441-95af-4631-8161-ff760ede3d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:44.000000Z"}, {"uuid": "1984d116-abf2-4125-a54a-bc2b17ff888a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971471", "content": "", "creation_timestamp": "2024-12-24T20:29:49.405740Z"}, {"uuid": "95738fe2-b222-47d0-9451-c1e7aec914b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:42.000000Z"}, {"uuid": "0e0040bc-44f5-4437-835f-068ee32a8bca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:10.000000Z"}, {"uuid": "1bdb7a80-53bc-416d-96f3-a8d8b6414a1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2016-0189", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/02639c5d-a9ec-4fd6-9193-4da67889e2ee", "content": "", "creation_timestamp": "2026-02-02T12:27:56.719618Z"}, {"uuid": "479602b7-b5a5-484f-9cd1-4e878ee5983b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:56.000000Z"}, {"uuid": "b1f3f06c-e0e9-4b21-94c7-1fa2a76a0558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms16_051_vbscript.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "916b57c4-7d8b-4985-8913-e5d314bc58c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "exploited", "source": "https://t.me/itsec_news/1735", "content": "\u200b\ud83d\udde1 \u041d\u043e\u0432\u044b\u0439 \u0431\u043e\u0442\u043d\u0435\u0442 Cloud9 \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0442\u044b\u0441\u044f\u0447\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\n\ud83d\udcac \u041e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Zimperium, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438 \u043d\u0430\u0437\u0432\u0430\u043b\u0438 \u0435\u0433\u043e Cloud9. \u041a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u044f\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441 \u0443\u043c\u0435\u0435\u0442 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c cookie-\u0444\u0430\u0439\u043b\u044b, \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043d\u0430\u0436\u0430\u0442\u0438\u044f \u043a\u043b\u0430\u0432\u0438\u0448, \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 JavaScript-\u043a\u043e\u0434, \u043c\u0430\u0439\u043d\u0438\u0442\u044c \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u0443 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f DDoS-\u0430\u0442\u0430\u043a. \u041f\u043e\u043c\u0438\u043c\u043e \u043a\u0440\u0430\u0436\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0431\u043e\u0442\u043d\u0435\u0442 \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432\u044b, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u0437\u0436\u0435 \u0432\u0437\u044f\u0442\u044c \u0435\u0433\u043e \u043f\u043e\u0434 \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0430\u0434\u0434\u043e\u043d \u043d\u0435 \u043d\u0430\u0439\u0442\u0438 \u0432 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0430\u0445 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 \u0434\u043b\u044f Chrome \u0438\u043b\u0438 Edge, \u043e\u043d \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u043c\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b, \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u043a\u0430\u0447\u0430\u0442\u044c Cloud9, \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u0434 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Adobe Flash Player.\n\n\u041a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u0436\u0435\u0440\u0442\u0432\u0430 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435, \u043e\u043d\u043e \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u0432\u043d\u0435\u0434\u0440\u044f\u0435\u0442 JS-\u0444\u0430\u0439\u043b \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c \"campaign.js\" \u043d\u0430 \u0432\u0441\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442 \u043c\u0430\u0439\u043d\u0438\u0442\u044c \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u0443 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0436\u0435\u0440\u0442\u0432\u044b, \u0430 \u0437\u0430\u0442\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0435\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c \"cthulhu.js\".\n\n\u0412\u0442\u043e\u0440\u043e\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox ( CVE-2019-11708, CVE-2019-9810 ), Internet Explorer ( CVE-2014-6332 , CVE-2016-0189 ) \u0438 Edge ( CVE-2016-7200 ), \u0447\u0442\u043e\u0431\u044b \u0441\u0431\u0435\u0436\u0430\u0442\u044c \u0438\u0437 \u201c\u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b\u201d \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442 \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043a\u0430\u043a \u043a\u0435\u0439\u043b\u043e\u0433\u0433\u0435\u0440 \u0438 \u043a\u0430\u043d\u0430\u043b \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0445 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0435\u043c\u0443 \u043a\u0440\u0430\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0431\u0443\u0444\u0435\u0440\u0430 \u043e\u0431\u043c\u0435\u043d\u0430, cookie-\u0444\u0430\u0439\u043b\u044b \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c DDoS-\u0430\u0442\u0430\u043a\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Zimperium \u0441\u0447\u0438\u0442\u0430\u044e\u0442, \u0447\u0442\u043e \u0437\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 Cloud9 \u0441\u0442\u043e\u0438\u0442 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 Keksec (\u043e\u043d\u0430 \u0436\u0435 Kek Security, Necro \u0438 FreakOut), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u043c\u0435\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043e\u043f\u044b\u0442 \u0432 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432. \u041e\u0434\u043d\u043e \u0438\u0437 \u0435\u0435 \u0442\u0432\u043e\u0440\u0435\u043d\u0438\u0439 \u2013 \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 EnemyBot, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442 \u0438 \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f DDoS-\u0430\u0442\u0430\u043a.\n\n#Cloud9 #\u0411\u043e\u0442\u043d\u0435\u0442 #\u0425\u0430\u043a\u0435\u0440\u044b\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-11-11T10:05:08.000000Z"}, {"uuid": "d3b12871-85cc-4151-98df-941fe3d85b0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "seen", "source": "Telegram/S2HmWEqRY4GoHPWGfRPLsw-pKHEn5AVQa7xglmB25ee-4FOy", "content": "", "creation_timestamp": "2025-02-14T10:00:27.000000Z"}, {"uuid": "ff2c0fb7-c427-45b6-8889-3312f322427d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "exploited", "source": "https://t.me/ctinow/15595", "content": "RT @tkanalyst: #Malvertsng -&gt; #RadioEK (#CVE-2016-0189) -&gt; #NEMTY (#Ransomware)\n\nLanding Domain Change\n\n[Extention]\n._NEMTY_KaVLdwZ_\n\n[Example Payload]\nhttps://t.co/jMwv0nhbU5\n\nSpotted by @nao_sec(https://t.co/0DY5sOtFfP)\n\n(cc:@BleepinComputer  @adrian__luca @jeromesegura @david_jursa) https://t.co/ZdvA1DwYfI http://twitter.com/BleepinComputer/status/1171558198182141952", "creation_timestamp": "2019-09-11T01:05:52.000000Z"}, {"uuid": "74fda8d4-b037-4089-a689-7ee7049d1c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "exploited", "source": "https://t.me/information_security_channel/15310", "content": "At the micro level, the big takeaway from this report is the anomalous position of CVE-2017-0022. It is the third most discussed vulnerability on the dark web forums, yet in relation to just two pieces of malware: exploit kits Astrum (aka Stegano) and Neutrino. This is the lowest number of associated malware in the top ten vulnerabilities -- both of the two more popular vulnerabilities are associated with ten different peices of malware. CVE-2017-0199 is associated with malware including Hancitor, Dridex (https://www.securityweek.com/dridex-campaign-abuses-ftp-servers)\u00a0and FinFisher (https://www.securityweek.com/net-zero-day-flaw-exploited-deliver-finfisher-spyware), while CVE-2016-0189 is associated with nine different exploit kits and the Magniber (https://www.securityweek.com/new-magniber-ransomware-emerges) ransomware.\nBut it's not just in malware associations that CVE-2017-0022 is anomalous. It has a Common Vulnerability Scoring System (CVSS) rating of just 4.3. The next lowest rating in the top ten vulnerabilities is 7.6, while the top two are rated at 9.3 and 7.6. CVSS defines a 4.3 score as medium risk; and yet Recorded Future's research shows it to be the third most exploited vulnerability, commenting, \"'In the wild' severity does not always correlate with the Common Vulnerability Scoring System (CVSS) score.\"\nThis is a prime example of the reason for the analysis. Security teams could check the CVSS score and conclude on this evidence alone that the vulnerability does not require expedited remediation or patching. As the third most exploited vulnerability, Recorded Future's latest threat analysis suggests otherwise.\nBoston, Mass.-based Recorded Future raised $25 million in a Series E funding round led by Insight Venture Partners in October 2017 -- bringing the total funding raised to $57.9 million.\nRelated: Use of Fake Code Signing Certificates in Malware Surges (https://www.securityweek.com/use-fake-code-signing-certificates-malware-surges)\u00a0\nRelated: Researchers Warn Against Knee-Jerk Attribution of 'Olympic Destroyer' Attack (https://www.securityweek.com/researchers-warn-against-knee-jerk-attribution-olympic-destroyer-attack)\n\n                         \n            \n            \n  \n        \n                         \n            \n                \n            \n            \n            \n                Tweet (http://twitter.com/share)", "creation_timestamp": "2018-03-27T17:55:16.000000Z"}, {"uuid": "e9bc389e-2869-494c-995f-9a0f6dbdcd84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/37", "content": "#exploit\n1. CVE-2016-0189:\nVBScript Memory Corruption in IE11\nhttps://github.com/theori-io/cve-2016-0189\n\n2. CVE-2018-4901:\nAdobe Acrobat Reader DC Document ID RCE Vulnerability\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2017-0505\n\n3. CVE-2017-15397:\nChromeOS Doesn\u2019t Always Use SSL During Startup\nhttps://seclists.org/fulldisclosure/2018/Jan/7", "creation_timestamp": "2022-06-10T23:02:10.000000Z"}, {"uuid": "2e5a757e-6e59-445f-816b-84ee36b90e79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-0189", "type": "published-proof-of-concept", "source": "https://t.me/SHATOOB/1973", "content": "\ud83c\udd94 @SHATOOB\n\n#Security_Patch_Reverse\n#PATCH_ANALYSIS_OF_CVE_2016_0189\n\n\ud83d\udd3a\u0645\u0647\u0646\u062f\u0633\u06cc \u0645\u0639\u0643\u0648\u0633 \u0648\u0635\u0644\u0647 \u0647\u0627\u064a \u0627\u0645\u0646\u064a\u062a\u064a\n\n\u0632\u0645\u0627\u0646\u064a \u0643\u0647 \u064a\u0643 \u0648\u0635\u0644\u0647 \u0627\u0645\u0646\u064a\u062a\u064a \u0628\u0631\u0627\u064a \u0645\u062d\u0635\u0648\u0644\u064a \u0627\u0631\u0627\u0626\u0647 \u0645\u064a \u0634\u0648\u062f \u060c \u0631\u0642\u0627\u0628\u062a \u0628\u064a\u0646 \u0634\u0645\u0627 \u0628\u0631\u0627\u064a \u0646\u0635\u0628 \u0648 \u0646\u0641\u0648\u0630\u06af\u0631 \u0628\u0631\u0627\u064a \u0628\u0647\u0631\u0647 \u0648\u0631\u064a \u0627\u0632 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u064a \u0634\u0648\u062f . \u0646\u0645\u0648\u0646\u0647 \u0627\u064a \u0627\u0632 \u062a\u062d\u064a\u0644\u064a \u0643\u0647 \u0628\u0631\u0627\u064a \u0627\u064a\u0646 \u0648\u0635\u0644\u0647 \u0647\u0627 \u0627\u0645\u0646\u064a\u062a\u064a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u064a \u0634\u0648\u062f \u062a\u0627 \u0639\u0645\u0644\u0643\u0631\u062f \u0622\u0646 \u0631\u0627 \u067e\u064a\u062f\u0627 \u0643\u0646\u0646\u062f \u062f\u0631 \u0644\u064a\u0646\u0643 \u0632\u064a\u0631 \u0622\u0645\u062f\u0647 \u0627\u0633\u062a .\n\n\n\ud83c\udf10 http://theori.io/research/cve-2016-0189\n\n\u269c\ufe0f\u269c\ufe0f  \u0634\u0627\u062a\u0648\u0628 \u062f\u0631\u06cc\u0686\u0647 \u0627\u06cc \u0628\u0647 \u062f\u0646\u06cc\u0627\u06cc \u0631\u0627\u06cc\u0627\u0646\u0647 \u269c\ufe0f\u269c\ufe0f\n\n\ud83c\udd94 @SHATOOB", "creation_timestamp": "2017-08-23T20:52:05.000000Z"}]}