Probably 3 - sandbox escape, being able to launch a process in privileged mode and something that adds to the kernel table of allowed hashes.

But it is totally possible for them to have been able only to identify one of them if they didn't intercept the whole attack.