Ticket | Info |
---|---|
ATIBPS-16354 | The POST action in the HTTP protocol has been modified to support the multipart-format data with the specified Content-Boundary. The boundary now appears in the data part of the POST action as well |
ATIBPS-9984 | Added new HTTP Evasion Profile (ClientContentLength). This allows changing the HTTP Content-Length Header with a fixed value. |
Name | Category | Info |
---|---|---|
Paltalk May20 | Chat/IM | Paltalk is an Internet chat service that allows users to communicate via instant messaging, voice and video chat. |
Name | Category | Info |
---|---|---|
HTTP Generic IoT User-Agent Simulation (Desktop Browser) | Testing and Measurement | Simulates a scenario where the client sends a GET request with the latest user-agents used by various desktop browsers and the server sends back a 200 OK response of size 1.966 Mb, which is a standard average page response size in the year 2020. The user-agents in the client GET are selected from the dictionary that have the latest list of 950 Desktop user-agents. |
HTTP Generic IoT User-Agent Simulation (Mobile Browser) | Testing and Measurement | Simulates a scenario where the client sends a GET request with the latest user-agents used by various mobile browsers and the server sends back a 200 OK response of size 1.778 Mb, which is a standard average page response size in the year 2020. The user-agents in the client GET are selected from the dictionary that have the latest list of 1000 Mobile user-agents. |
Microsoft Teams Apr 20 Video Call Bandwidth | Voice/Video/Media | Simulates a Microsoft Teams user log in to the app, make a videocall with a peer, then log out. The parameters are set accordingly to give high bandwidth. |
Paltalk May 20 Audio Call | Chat/IM | Simulates a Paltalk user log in to the app, make an audiocall with a peer, then log out. |
Paltalk May 20 Chat | Chat/IM | Simulates a Paltalk user log in to the app, chat with a peer, then log out. |
Skype For Business Audiocall Nov 17 Bandwidth | Voice/Video/Media | Simulates a Skype audio call. The parameters are set accordingly to give high bandwidth. |
Slack Oct 17 Bandwidth | Enterprise Applications | Simulates the use of the Slack website as of October 2017. All of the available actions for this flow are included. The parameters are set accordingly to give high bandwidth. |
WebEx Meeting Bandwidth | Voice/Video/Media | Simulates a WebEx user log in to the app, start a meeting, use audio and video, share content, chat and then sign out. The parameters are set accordingly to give high bandwidth. |
Name | Info |
---|---|
Work From Home (WFH) | Traffic simulating the mix of all the applications which have contributed to a significant rise in global internet traffic due to Covid-19 pandemic and Work From Home (WFH) situation in the year 2020. |
Not Working From Home (NWFH) | Traffic simulating the mix of the top applications which have contributed to a significant rise in global internet traffic due to Covid-19 pandemic in the year 2020. |
Name | Info | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
AZORult Neutrino September 2018 Campaign |
Canned test simulating AZORult Neutrino September 2018 Campaign.
It sends 7 strikes in the following order:
The stages of the campaign sequence are described in more detail here http://www.malware-traffic-analysis.net/2018/09/06/index.html |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E20-12u21 |
CVE-2020-5722 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) CVSSV3-9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H EXPLOITDB-48247 URL |
Exploits | Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via a crafted HTTP request. A remote attacker can use this vulnerability to either execute shell commands under root privileges (on versions before 1.0.19.20) or inject HTML in password recovery emails (on versions before 1.0.20.17). |
10.0 | E20-11ct1 |
CVE-2020-3805 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) CVSSV3-9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | An use after free vulnerability exists in Adobe Reader and Acrobat due to incorrect manipulation of objects in memory. The vulnerability exists in 'AcroForm.api' dynamic library and may be triggered by a Field object that begins with an UTF-16 BE BOM sequence. An attacker may execute arbitrary code on a victim's system by enticing the victim to open a crafted PDF file. |
9.0 | E20-9tjh1 |
CVE-2020-12109 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) CVSSV3-8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | A remote command injection exists in multiple TP-Link Cloud Camera devices (NC2XX) due to lack of user input sanitization. By sending a crafted 'sysname' POST parameter to '/setsysname.fcgi' path, a remote authenticated commander may execute arbitrary commands on the target system. |
6.8 | E20-0z561 |
CVE-2020-0938 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) CVSSV3-7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H URL |
Exploits | A memory corruption vulnerability has been reported in Adobe Type Manager component of Microsoft Windows. The vulnerability is due to improper handling of specially crafted BlendDesignPositions array in multiple master Type 1 fonts. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted font file. Successful exploitation could result either in the execution of arbitrary code with SYSTEM or UMFD permissions or denial of service condition. |
6.8 | E20-13o61 |
CVE-2020-6806 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) CVSSV3-8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H GOOGLE-2005 |
Exploits | This strike exploits a vulnerability in Spidermonkey, the Javascript engine of Mozilla Firefox. An attacker can craft Javascript promise resolutions in such a way that make it possible to cause an out-of-bounds read off the end of an array resized during script execution. This can lead to a denial of service or potentially allow for remote code execution to occur. |
5.0 | E20-XZ23L |
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) CVSSV3-4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N URL |
Phishing | This strike simulates a malspam phishing email that has been seen in the wild AZORult and Neutrino malware. This specific phishing attempt is related to the AZORult Neutrino Sept 2018 malware campaign. |
5.0 | E20-15lv1 |
CVE-2020-9315 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) CVSSV3-7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N URL |
Exploits | An information disclosure vulnerability exists in Oracle iPlanet Web Server versions 7.x and prior. By accessing specific paths related to the admin panel, a remote unauthenticated attacker may obtain sensitive information regarding server's configuration. |
4.9 | E20-15lu1 |
CVE-2020-9314 CVSS-4.9 (AV:N/AC:M/AU:S/C:P/I:P/A:N) CVSSV3-4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N URL |
Exploits | An image injection vulnerability exists in Oracle iPlanet Web Server versions 7.0.x, due to poor 'productNameSrc' HTTP parameter sanitization. By tricking an admin to follow a crafted URL, a remote attacker may perform phishing attacks by injecting a custom image in the admin panel. |
4.3 | E20-0z571 |
CVE-2020-0939 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) CVSSV3-5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N URL |
Exploits | An information disclosure vulnerability has been reported in the Windows Media Foundation component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted QuickTime media file. Successful exploitation could result in the execution of arbitrary code within the context of the user running the application. |
Ticket | Info |
---|---|
ATIBPS-16509 | The AVP Framed-IPv6 has been fixed in the Radius Accounting Request. This also fixes the issue "Not enough room in packet for AVP". |
ATIBPS-16620 | Fixed multiple hard-coded HTTP strikes to benefit from HTTP evasion profile. |
ATIBPS-16625 | Added NAT support for Strike E19-7nxv1. |
ATIBPS-16641 | Fixed multiple strikes that had duplicate keywords. |
ATIBPS-16655 | The issue where the the standard port number 443 got appended to uri in the Host header in the HTTP application has been fixed (RFC 2818). |