Ticket | Info |
---|---|
ATIBPS-16694 | The following strikes have had their descriptions updated to more specifically reflect what the traffic they simulate is and is not:
andariel_2019_main_command_and_control.xml andariel_2019_proto_command_and_control.xml andariel_2019_shellcode_command_and_control.xml |
Name | Category | Info |
---|---|---|
GRPC | Remote Access | gRPC is a modern open source high performance RPC framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed computing to connect devices, mobile applications and browsers to backend services. |
Jira May20 | Enterprise Applications | Jira Software is part of a family of products designed to help teams of all types manage work. Originally, Jira was designed as a bug and issue tracker. But today, Jira has evolved into a powerful work management tool for all kinds of use cases, from requirements and test case management to agile software development. |
Name | Category | Info |
---|---|---|
Google Cache Bandwidth | Social Networking/Search | The user performs a search, accesses the cached version of the page and then directly queries Google for the cached version of another page, by accessing webcache.googleusercontent.com. |
Jira May20 | Enterprise Applications | Simulates the use of Jira software as of May 2020. The user gets the login page, logs in to jira, creates a project, creates a story, adds comment to that story, changes the status of the story to closed and logs out. |
Jira Create Story May20 | Enterprise Applications | Simulates the use of Jira software as of May 2020. The user gets the login page, logs in to jira, creates a story, adds comment to that story and logs out. |
Jira Create Project May20 | Enterprise Applications | Simulates the use of Jira software as of May 2020. The user gets the login page, logs in to jira, creates a project and logs out. |
gRPC POST Response 200 GetPresence | Remote Access | This simulates a gRPC communication between a client which sends a byte string and a server which returns a true or false result. |
gRPC POST Response 200 HelloWorld | Remote Access | This simulates a gRPC communication between a client which sends a name(string) and a server which sends a hello message(string). |
gRPC POST Response 200 RPC ProcessNumber | Remote Access | This simulates a gRPC communication between a client which sends a number(signed int) and a server which processes it and sends back the result(integer). |
Static Stream 150 UDP Packets (64B Downlink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 64-bytes UDP packets sent in downlink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (64B Uplink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 64-bytes UDP packets sent in uplink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (128B Downlink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 128-bytes UDP packets sent in downlink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (128B Uplink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 128-bytes UDP packets sent in uplink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (256B Downlink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 256-bytes UDP packets sent in downlink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (256B Uplink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 256-bytes UDP packets sent in uplink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (512B Downlink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 512-bytes UDP packets sent in downlink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (512B Uplink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 512-bytes UDP packets sent in uplink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (1024B Downlink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 1024-bytes UDP packets sent in downlink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (1024B Uplink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 1024-bytes UDP packets sent in uplink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (1280B Downlink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 1280-bytes UDP packets sent in downlink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (1280B Uplink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 1280-bytes UDP packets sent in uplink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (1518B Downlink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 1518-bytes UDP packets sent in downlink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (1518B Uplink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 1518-bytes UDP packets sent in uplink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (9216B Downlink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 9216-bytes UDP packets sent in downlink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Static Stream 150 UDP Packets (9216B Uplink) | UDP IMIX/Testing and Measurement | Simulates a stream of 150 9216-bytes UDP packets sent in uplink direction across a basic switching-environment (46 bytes accumulated L2/3/4 headers). |
Name | Info |
---|---|
Sandvine 2019 EMEA Downstream | Added a new app profile that simulates the downstream traffic generated by the top 11 applications reported in the Sandvine Global Internet Phenomena Report September 2019 for the EMEA region. |
Sandvine 2019 EMEA Upstream | Added a new app profile that simulates the upstream traffic generated by the top 11 applications reported in the Sandvine Global Internet Phenomena Report September 2019 for the EMEA region. |
Name | Info | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Maze Ransomware April 2020 Campaign |
Canned test simulating Maze Ransomware April 2020 Campaign.
It sends 3 strikes in the following order:
|
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E20-9s251 |
CVE-2020-10189 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) CVSSV3-9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H EXPLOITDB-48224 URL |
Exploits | This strike exploits a Java deserialization vulnerability in the Zoho ManageEngine Desktop Central. This vulnerability is in the getChartImage function of the FileStorage class, due to lack of proper validation of user-supplied data, which results in deserialization of untrusted data. A remote unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation results in remote code execution under the context of SYSTEM/root. |
7.5 | E20-9urh1 |
CVE-2020-13693 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) CVSSV3-9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | An authentication bypass vulnerability exists in the bbPress Wordpress plugin. The vulnerability is due to lack of validation on user authorization requests. A remote unauthorized attacker can exploit this vulnerability by sending a crafted HTTP POST request to the system. Successful exploitation results in creating a user with full privileges ('Keymaster' role). |
7.5 | E20-10n81 |
CVE-2020-2884 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) CVSSV3-9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | This strike exploits an insecure deserialization vulnerability in Oracle Coherence library, which is used in popular products such as Oracle WebLogic Server. The vulnerability lies in the 'MvelExtractor.class' in the Coherence REST library. The vulnerability is a result of insufficient validation of T3 requests. The server allows deserialization of classes in objects embedded with T3 protocol messages. Successful exploitation leads to remote code execution, in the context of the user running the Oracle WebLogic Service. |
7.5 | E20-10n71 |
CVE-2020-2883 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) CVSSV3-9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL ZDI-20-504 ZDI-20-570 |
Exploits | This strike exploits an insecure deserialization vulnerability in Oracle Coherence library, which is used in popular products such as Oracle WebLogic Server. The vulnerability lies in the 'ReflectionExtractor.class' in the Coherence REST library. The vulnerability is a result of insufficient validation of T3 requests. The server allows deserialization of classes in objects embedded with T3 protocol messages. Successful exploitation leads to remote code execution, in the context of the user running the Oracle WebLogic Service. |
7.5 | E20-0r641 |
CVE-2019-0604 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) CVSSV3-9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL URL |
Exploits | This strike exploits an insecure deserialization vulnerability in Microsoft SharePoint. The vulnerability is due to insufficient validation of user-supplied data to 'EntityInstanceIdEncoder' class. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted HTTP requests to a target SharePoint server. Successful exploitation of this vulnerability leads to remote code execution on the target SharePoint web application. |
6.5 | E20-11h01 |
CVE-2020-3956 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) CVSSV3-8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | A command injection vulnerability exists in VMware Cloud Director. The vulnerability is due to the lack of sanitization while parsing input passed to 'hostname' parameter within the SMPT configuration form. An authenticated attacker can exploit this vulnerability by crafting a malicious HTTP PUT request. Successful exploitation results in full control of the cloud director platform. |
6.0 | E20-13jv1 |
CVE-2020-6651 CVSS-6.0 (AV:N/AC:M/AU:S/C:P/I:P/A:P) CVSSV3-7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H URL ZDI-20-649 |
Exploits | A command injection vulnerability exists in Eaton Intelligent Power Manager 1.67 and prior, due to lack of user input sanitization. An authenticated remote attacker may execute arbitrary OS commands as a superuser by providing a crafted filename parameter when uploading a configuration file. |
5.0 | D20-152h1 |
CVE-2020-8617 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) CVSSV3-7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H URL |
Denial | A denial of service vulnerability exists in BIND DNS Server versions 9.0.0-9.11.18, 9.12.0-9.12.4-P2, 9.14.0-9.14.11, 9.16.0-9.16.2-9.17.0 to 9.17.1 due to lack of MAC field size check when parsing TSIG records. A remote attacker may conduct a denial of service attack by sending a crafted DNS packet which leads to abnormal process termination due to a failed assertion. |
Ticket | Info |
---|---|
ATIBPS-16697 | The HTTP POST now supports CSV file types when content type is multipart/form-data. |
ATIBPS-16632 | Fixed Strike E19-5lqr1 with a correct jsp payload. |
ATIBPS-16501 | Fixed keywords for Strike E17-3d6r1. |
ATIBPS-16765 | Updated keywords for Strike E12-02701. |
ATIBPS-16673 | Fixed payload generation for Strike E12-3dw01. |