Threat actors
APT18
aptCNvia MISP
1 CVE attributed
Aliases7
DYNAMITE PANDAG0026PLA NavySCANDIUMSatin TyphoonTG-0416Wekby
Motivation2
EspionageState-sponsored
Wekby was described by Palo Alto Networks in a 2015 report as: 'Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly after those exploits are available, such as in the case of HackingTeams Flash zero - day exploit.'
Attributed CVEs1
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2015-5119 | Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | CRITICAL9.8 | 99%p100 | KEVWeaponized | 2026-04-21 |