Name | Category | Info |
---|---|---|
Bank Of America Mobile Oct 2021 | Financial | The Bank of America mobile app facilitates an array of banking services for a large number of users. |
Chase Mobile Oct 2021 | Financial | The Chase Mobile app is an all-inclusive platform that provides a centralized way to manage Chase accounts and perform various banking activities from mobile devices. |
Kuaishou Mobile Oct21 | Voice/Video/Media | Kuaishou is a Chinese short video sharing application. It allows users to browse contents, watch videos and upload short videos. This simulates the mobile version of Kuaishou application. |
Zhihu Oct21 | Social Networking/Search | Zhihu is a Chinese question and answer sharing website. It allows user to post questions and answers in text and video. |
Name | Category | Tags | Info |
---|---|---|---|
Bank Of America Mobile Oct 2021 | Financial | SimulatedTLS MobileApp |
The Bank of America mobile app facilitates an array of banking services for a large number of users. This simulated scenario includes: user-login, make a credit card payment, and review rewards. |
Chase Mobile Oct 2021 | Financial | SimulatedTLS MobileApp |
The Chase Mobile app is an all-inclusive platform that provides a centralized way to manage Chase accounts and perform various banking activities from mobile devices. This simulated scenario includes: user login, balance check, make a credit card payment, review rewards and transfer cash via Zelle service. |
Kuaishou Mobile Oct21 | Voice/Video/Media | ChinaApp MobileApp |
Simulates Kuaishou application as of October 2021. The user opens the application, browses the content, watches a short video and uploads a video. |
Kuaishou Mobile Oct21 Video | Voice/Video/Media | ChinaApp MobileApp |
Simulates Kuaishou video as of October 2021. The user watches a short video and uploads one. |
Zhihu Oct21 Question | Social Networking/Search | ChinaApp | Simulates Zhihu website as of October 2021. The user opens the website, views the hot questions, replies to a question and posts a question. |
Zhihu Oct21 Video | Social Networking/Search | ChinaApp | Simulates Zhihu website as of October 2021. The user watches a video and uploads one. |
Name | Info |
---|---|
ICS/SCADA Traffic 2021 | This simulates traffic generated by the top 23 ICS/SCADA protocols in 2021. |
Sandvine 2021 Global Mobile Video Downstream | It simulates the downstream traffic generated by the mix of global video mobile applications reported in the Sandvine Mobile Internet Phenomena Report May 2021. |
Sandvine 2021 Global Mobile Downstream | It simulates the downstream traffic generated by the mix of global mobile applications reported in the Sandvine Mobile Internet Phenomena Report May 2021. |
Sandvine 2021 Global Mobile Upstream | It simulates the upstream traffic generated by the mix of global video mobile applications reported in the Sandvine Mobile Internet Phenomena Report May 2021. |
Name | Info | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Formbook Oct 2021 Campaign | Formbook stealer is an info stealer‍ trojan available as a malware-as-service. It is designed to steal personal information from victims' devices and manipulate their devices using control commands from a C2 server. Formbook uses keyloggers and form grabbers to collect victim input along with data from browsers, Instant Message, email and FTP clients. * https://www.fortinet.com/blog/threat-research/deep-analysis-new-formbook-variant-delivered-phishing-campaign-part-I This strikelist contains 3 strikes simulating the 'Formbook Oct 2021 Campaign'. 1. The first strike simulates the download of an excel file. This is the first infection vector for this campaign in which the file contains a malicious macro-embedded Excel document. 2. The second strike simulates the download of the Formbook malware. This is the following macro-execution of previously downloaded Excel document. 3. The third strike simulates the command and control traffic that occurs after executing the Formbook malware. The victim sends an HTTP message to the attacker containing username and OS version, and the attacker replies with an HTTP code 200 over TCP port 80. It contains the following sequence of strikes: 1) /strikes/malware/apt/formbook_oct_2021_campaign/malware_7037ff474ab0d0ce368f02bf09d199f97c20b3e4.xml 2) /strikes/malware/apt/formbook_oct_2021_campaign/malware_8cc59571463811f56006426ee81a0d5b220beaec.xml 3) /strikes/botnets/apt/formbook_oct_2021_campaign/formbook_oct_2021_campaign_formbook_command_control.xml
|
CVSS | ID | References | Category | Info |
---|---|---|---|---|
9.0 | E21-ac5v1 | CVE-2020-36243CVSSCVSSv3CWE-78URL | Exploits | This strike exploits a command injection vulnerability in OpenEMR. This vulnerability is due to insufficient sanitation for the user-supplied data in the backup.php. A remote authenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary command execution in the security context as web server. *NOTE: When running this strike in OneArm mode, the requests will not be sent to /openemr/someuri , instead will be sent to /someuri , since the openemr server docker used, is configured that way. |
6.4 | E21-c8v62 | CVE-2021-25282CVSSCVSSv3CWE-22URLURL | Exploits | This strike exploits a directory traversal vulnerability that exists in the WheelClient for Salt API, a component of SaltStack Salt. The vulnerability is due to improper validation of user-supplied input in the pillar_roots.write method. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted server. Successful exploitation can result in arbitrary file creation and, in the worst case, remote code execution in the context of the root user. |
4.3 | E21-c7781 | CVE-2021-23124CVSSCVSSv3CWE-79URL | Exploits | This strike exploits a cross-site scripting vulnerability in Joomla CMS. This vulnerability is due to inadequate input filtering in the title attribute of mod_breadcrumbs. Successful exploitation could result in arbitrary script code being executed in the security context of the browser. |
Component | Info |
---|---|
Security | Previously, certain strikes had multiple identical false positives. This fix aims to reduce the number of duplicated variants and false positives in strikes when running against all variants. |