Name | Category | Info |
---|---|---|
Microsoft Teams Apr20 | Voice/Video/Media | Microsoft Teams is a collaborative application for team communication and file sharing. The service is available via a web browser, desktop or mobile app for IOS and Android. |
Name | Category | Info |
---|---|---|
Microsoft Teams Apr 20 Chat | Voice/Video/Media | Simulates a Microsoft Teams user log in to the app, chat with a peer, then log out. |
Microsoft Teams Apr 20 Screenshare | Voice/Video/Media | Simulates a Microsoft Teams user log in to the app, share his screen with a peer, then log out. |
Microsoft Teams Apr 20 Video Call | Voice/Video/Media | Simulates a Microsoft Teams user log in to the app, make a videocall with a peer, then log out. |
Name | Info | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Hancitor Malware April 2020 Campaign |
Canned test simulating Hancitor Malware April 2020 Campaign.
It contains the following sequence of strikes:
|
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E20-5l8a2 |
CVE-2018-14714 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) CVSSV3-9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | A command injection vulnerability exists in ASUSWRT firmware version 3.0.0.4.382.50624 and earlier. The flaw results from lack of user input validation for HTTP parameters on the 'appGet.cgi' path. By sending a crafted 'hook' parameter, a remote attacker may execute arbitrary OS commands as the 'root' user. |
10.0 | E20-7smt2 |
CVE-2019-17621 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) CVSSV3-9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | A remote command injection vulnerability exists in D-Link DIR-859 routers due to lack of user input validation. By exploiting the flaw, a remote unauthenticated attacker may execute arbitrary system commands by sending a crafted UPnP 'SUBSCRIBE' request. |
10.0 | E20-5k623 |
CVE-2018-13338 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) CVSSV3-9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed. It is possible to execute system commands as a root user on a vulnerable device. |
10.0 | E20-5k601 |
CVE-2018-13336 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) CVSSV3-9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed via the password parameter. It is possible to execute system commands as a root user on a vulnerable device. |
9.3 | E20-0yzm1 |
CVE-2020-0738 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) CVSSV3-8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H URL |
Exploits | A memory corruption vulnerability has been reported in Windows Media Foundation component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted ASF media file. Successful exploitation could result in the execution of arbitrary code within the context of the user running the application. |
9.3 | E20-0rt21 |
CVE-2019-1430 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) CVSSV3-7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H URL |
Exploits | A memory corruption vulnerability has been reported in Windows Media Foundation component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted QuickTime media file. Successful exploitation could result in the execution of arbitrary code within the context of the user running the application. |
5.0 | E20-XZ22L |
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) CVSSV3-4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N URL |
Phishing | This strike simulates a phishing email that has been seen in the wild during the COVID-19 pandemic. This specific phishing attempt is related to the Hancitor April 2020 malware campaign and tries to trick the user into clicking a malicious link by using COVID-19 insurance as a lure. From the headers we can see the header was originally sent from a Russian TLD which has been associated with other phishing related attacks. |