| Name | Category | Info |
|---|---|---|
| Baidu Netdisk Dec20 | Storage | Baidu Netdisk is a Chinese network storage website. It allows users to search, upload, download and share files. |
| Kugou Music Dec20 | Voice/Video/Media | Kugou Music is a Chinese music website. It allows users to search, play music and music videos. |
| omronfins | SCADA | FINS is an Omron protocol that is used by a PLC program to transfer data and perform other services with a remote PLC connected on an Ethernet Network. |
| QQ Music Dec20 | Voice/Video/Media | QQ Music is a Chinese music streaming web application. It allows users to search, play music and music videos. |
| SolarWinds MSP StartControl | Remote Access | SolarWinds MSP StartControl is a popular web platform to download SolarWinds MSP client side application (Takecontrol) which is used to gain control over client machine by remote technician. |
| SolarWinds NCM Dec20 | System | SolarWinds Network Configuration Manager (NCM) is designed to save time and improve network reliability and security by managing configurations, changes, and compliance for routers, switches, and other network devices. It is a part of the Orion Webconsole which runs by default on the port 8787 in the browser. |
| SolarWinds NPM WebConsole Jan21 | System | SolarWinds Network Performance Monitor (NPM) is a powerful network monitoring software that enables users to detect, diagnose and resolve quickly network performance problems and outages. It comes as a web browser console from which an admin user can look through all the reports and details regarding any device in the network. |
| SolarWinds SAM Dec20 | System | SolarWinds Server & Application Monitor (SAM) is designed to monitor applications and their supporting infrastructure, whether running on-premises, in the cloud, or in a hybrid environment. It is a part of the Orion Webconsole which runs by default on the port 8787 in the browser. |
| Toutiao Dec20 | Voice/Video/Media | Toutiao is a Chinese network media website. It allows users to view news, search information, watch videos and upload videos. |
| Name | Category | Info |
|---|---|---|
| Bandwidth CoAP | Distributed Computing | The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The protocol is designed for machine-to-machine (M2M) applications such as smart energy and building automation. It is frequently used for Internet of Things (IoT) networks. This simulation shows several CoAP requests and their responses. The parameters here are set for high bandwidth that could be used in application profiles. |
| Baidu Netdisk Dec20 | Storage | Simulates Baidu Netdisk as of December 2020. The user opens the website, views the folders, searches the files, previews the files, downloads files and uploads files. |
| Baidu Netdisk Dec20 Download Files | Storage | Simulates Baidu Netdisk as of December 2020. The user opens the website and downloads files. |
| Kugou Music Dec20 | Voice/Video/Media | Simulates Kugou Music as of December 2020. The user opens the website, searches music, plays music, searches and watches music videos. |
| Kugou Music Dec20 Play Music | Voice/Video/Media | Simulates Kugou Music as of December 2020. The user opens the website, plays music and watches music videos. |
| Omron Fins | SCADA | Simulates the Omron Fins protocol where the client sends command/response commands to read and write data to Server Nodes. |
| Omron Fins File Operations Commands | SCADA | Simulates the Omron Fins protocol where the client executes commands for file Memory operations like File Read, Write, Delete and Create/Delete Volume. |
| QQ Music Dec20 | Voice/Video/Media | Simulates QQ Music as of December 2020. The user opens the website, searches music, plays music, comments music, searches and watches music videos. |
| QQ Music Dec20 Play Music | Voice/Video/Media | Simulates QQ Music as of December 2020. The user opens the website, plays music and watches music videos. |
| SolarWinds MSP StartControl | Remote Access | Simulates the scenario where the end user uses the link provided by a remote IT representative to download SolarWinds takecontrol application from startcontrol.com website. |
| SolarWinds MSP StartControl over TLS | Remote Access | Simulates the scenario where the end user uses the link provided by a remote IT representative to download SolarWinds takecontrol application from startcontrol.com website over HTTPS. |
| SolarWinds NCM Jobs Web Console | System/Network Admin | Simulates the use of SolarWinds NCM Web Console as of December 2020, where a user signs in to the management console, opens the jobs page, creates, searches, runs and stops a job and logs out. |
| SolarWinds NCM Web Console Full Session | System/Network Admin | Simulates the use of SolarWinds NCM Web Console as of December 2020, where a user signs in to the management console, opens the configuration summary page, searches for network config files, opens the jobs page, creates, searches, runs and stops a job and logs out. |
| SolarWinds NPM WebConsole Alerts | System/Network Admin | A SolarWinds NPM WebConsol admin user logs in to the app, views and aknowledges alerts, then logs out. |
| SolarWinds NPM WebConsole Alerts over TLS | System/Network Admin | A SolarWinds NPM WebConsole admin user logs in to the app over HTTPS, views and aknowledges alerts, then logs out. |
| SolarWinds NPM WebConsole Full Session | System/Network Admin | A SolarWinds NPM WebConsol admin user logs in to the app, checks multiple tabs of the app, views and aknowledges alerts, views nodes details, dismisses notifications and logs out. |
| SolarWinds NPM WebConsole Full Session over TLS | System/Network Admin | A SolarWinds NPM WebConsole admin user logs in to the app over HTTPS, checks multiple tabs of the app, views and aknowledges alerts, views nodes details, dismisses notifications and logs out. |
| SolarWinds SAM Web Console Full Session | System/Network Admin | Simulates the use of SolarWinds SAM Web Console as of December 2020, where a user signs in to the management console, adds a specific node manually for monitoring, runs a network discovery task to locate all active nodes in the network, imports devices found and does operations on the dashboard. |
| SolarWinds SAM Web Console Network Discovery | System/Network Admin | Simulates the use of SolarWinds SAM Web Console as of December 2020, where a user signs in to the management console and runs a network discovery task to locate all active nodes in the network. |
| SolarWinds SAM Web Console Dashboard | System/Network Admin | Simulates the use of SolarWinds SAM Web Console as of December 2020, where a user signs in to the management console and visits the dashboard and creates a new dashboard. |
| Toutiao Dec20 News | Voice/Video/Media | Simulates Toutiao News as of December 2020. The user opens the website, searches information, reads news and posts comments. |
| Toutiao Dec20 Xigua Video | Voice/Video/Media | Simulates Toutiao Xigua Video as of December 2020. The user goes to Xigua Video, watches videos and uploads videos. |
| TR-069 Firmware Download 10 KB | Telephony/Cable TV | This simulates the Technical Report 069 remote management of end-user devices where an ACS sends a Download message of 10 KB file to a CPE in order to trigger a DownloadResponse message. |
| Name | Info |
|---|---|
| IoT Traffic 2020 | This simulates traffic generated by the top 7 IoT protocols in 2020. |
| Name | Info | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Crimson RAT Dec 2020 Campaign | This strikelist contains 3 strikes simulating the 'Crimson RAT Dec 2020 Campaign'. 1. The first strike simulates the download of the Word malware. 2. The second strike simulates the download of the Crimson RAT malware. 3. The third strike simulates the traffic that occurs after executing the 'Crimson RAT' malware executable. The attacker sends raw TCP data to the victim, and the victim replies with raw TCP data contains host information such as hostname, username, and the current date. Next, the attacker sends another raw TCP data to the victim. It contains the following sequence of strikes: 1) /strikes/malware/apt/crimson_rat_dec_2020_campaign/malware_6aa88102bfc2d244ed9995067a2a97fcfe7f915f.xml 2) /strikes/malware/apt/crimson_rat_dec_2020_campaign/malware_0cb5e5d0b95589fb59b742413e9ac5610e79a83d.xml 3) /strikes/botnets/apt/crimson_rat_dec_2020_campaign/crimson_rat_dec_2020_campaign_command_control.xml
|
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E21-5m6x1 | CVE-2018-15961CVSSCVSSv3CWE-434URL | Exploits | This strike exploits an unrestricted file upload vulnerability in Adobe ColdFusion CKEditor. The vulnerability is due to improper restrictions on the files uploaded by users. By successfully exploiting this vulnerability, an remote, unauthenticated attacker could upload arbitrary files and execute them on the target server. |
| 9.0 | E21-11ie1 | CVE-2020-4006CVSSCVSSv3CWE-77URL | Exploits | This strike exploits a command injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The vulnerability is due to improper validation of user input in the 'san' parameter. The flaw may be exploited by an authenticated attacker to execute arbitrary code in the context of the service running on the target server. |
| 5.0 | E21-9v511 | CVE-2020-14181CVSSCVSSv3CWE-200URL | Exploits | This strike exploits an information disclosure vulnerability in Atlassian Jira Server and Data Center. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. An unauthenticated attacker could enumerate users using the /ViewUserHover.jspa endpoint, leading to information disclosure. |