Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query checks for specific processes and domain TLD used in the CVE-2018-4878 flash 0day exploit attack reported by KrCERT. CVE: CVE-2018-4878. Read more here:. Https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998. Https://helpx.adobe.com/security/products/flash-player/apsa18-01.html. Http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html. Http://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign. Tags: #exploit #
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 8e32bc35-72e6-4bc9-b3bb-2ee346c8acf0 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceNetworkEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊