Name | Category | Info |
---|---|---|
BeyondTrust Jan21 | Remote Access | BeyondTrust Remote Support (formerly Bomgar) is a Remote Support application which enables to remotely access and troubleshoot desktop and mobile devices, running any platform, located anywhere in the world. |
Crawling Wikipedia(English) 3 Layers 4 Link Feb21 | Social Networking/Search | Wikipedia(English) is the largest online encyclopedia. This application Crawls Wikipedia(English) Website. It crawls 4 links in home page and for each link it goes up to 3 layer and crawls in a Breadth-First Search (BFS) fashion. |
Dianping Jan21 | Social Networking/Search | Dianping is a Chinese restaurant ranking website. It allows users to search restaurants, check menu, read comments, buy coupons and post comments. |
Google Classroom Mobile Feb21 | Mobile | Google Classroom is a free web service developed by Google for schools that aims to simplify creating, distributing, and grading assignments. The primary purpose of Google Classroom is to streamline the process of sharing files between teachers and students. This simulates the Mobile version of the application. |
Name | Category | Info |
---|---|---|
BeyondTrust Jan21 | Remote Access | Simulates the use of Beyondtrust application with 2 clients (where Client A is IT Support and Client B is a remote client) as of January 2021. Client A logs into the Beyondtrust application, starts a new session and provides the session ID to Client B. Then Client A requests for screen sharing and the screen sharing starts after Client B allows the access. After that Client A stops screen sharing, ends the current session and logs out. |
BeyondTrust Jan21 Session Start | Remote Access | Simulates the use of Beyondtrust application with 2 clients (where Client A is IT Support and Client B is a remote client) as of January 2021. Client A logs into the Beyondtrust application, starts a new session and provides the session ID to Client B, ends the current session and logs out. |
Crawling Wikipedia(English) 3 Layers 4 Link Feb21 | Social Networking/Search | Simulates the scenario of crawling Wikipedia(English) website as of February 2021. It crawls 4 links in home page and for each link it goes up to 3 layer and crawls in a Breadth-First Search (BFS) fashion. |
Dianping Jan21 Comment Restaurant | Social Networking/Search | Simulates commenting restaurant on Dianping as of January 2021. The user goes to Dianping website, buys coupons and comments the restaurant. |
Dianping Jan21 Search Restaurant | Social Networking/Search | Simulates searching restaurants on Dianping as of January 2021. The user goes to the website, searches restaurants, checks menu, reads comments, checks the location. |
Google Classroom Mobile Feb21 Full Session | Mobile | Simulates the use of Google Classroom Mobile as of Feb 2021, where a teacher signs in to the app, creates a new class, creates an assignment. Students then opens the classroom,views the assignment and makes a submission. |
Google Classroom Mobile Feb21 Student | Mobile | Simulates the use of Google Classroom Mobile as of Feb 2021, where a a student opens the classroom, views the assignment and makes a submission. |
Google Classroom Mobile Feb21 Teacher | Mobile | Simulates the use of Google Classroom Mobile as of Feb 2021, where a teacher signs in to the app, creates a new class and creates an assignment. |
SolarWinds NCM Web Console TLS | System/Network Admin | Simulates the use of SolarWinds NCM Web Console over TLS as of December 2020, where a user signs in to the management console, opens the configuration summary page, searches for network config files, opens the jobs page, creates, searches, runs and stops a job and logs out. |
SolarWinds SAM Web Console TLS | System/Network Admin | Simulates the use of SolarWinds SAM Web Console over TLS as of December 2020, where a user signs in to the management console, adds a specific node manually for monitoring, runs a network discovery task to locate all active nodes in the network, imports devices found and does operations on the dashboard. |
Name | Info |
---|---|
Consumer Internet Traffic 2020 | This Application Profile is representative of commonly used web-based applications that focuses on communications, social media, and media consumption in 2020. Minimum BPS version to run this is 9.10.110.81 |
Name | Info | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Sunburst Jan 2021 Campaign | This strikelist contains 2 strikes simulating the 'Sunburst Jan 2021 Campaign' 1. The first strike simulates the download of the 'Sunburst' malware. 2. The second strike simulates the traffic that occurs after executing the 'Sunburst' ransomware executable. The victim sends 4 HTTP requests to the attacker, and the attacker replies with the custom protocol message to execute calc.exe. It contains the following sequence of strikes: 1) /strikes/malware/apt/sunburst_jan_2021_campaign/malware_76640508b1e7759e548771a5359eaed353bf1eec.xml 2) /strikes/botnets/apt/sunburst_jan_2021_campaign/sunburst_jan_2021_campaign_http_command_control.xml
|
CVSS | ID | References | Category | Info |
---|---|---|---|---|
7.5 | E21-14k91 | CVE-2020-7961CVSSCVSSv3CWE-502EXPLOITDB-48332URL | Exploits | This strike exploits an insecure deserialization vulnerability in Liferay Portal. The vulnerability is due to improper sanitization of user supplied input. Exploiting this vulnerability could allow remote, unauthenticated attackers to execute arbitrary code on the target server in the context of the user running the server. |
6.8 | D21-3dsu1 | CVE-2017-11774CVSSCVSSv3CWE-119URL | Denial | This strike exploits a code execution vulnerability in Microsoft Outlook 2010. The vulnerability is due to improper handling of objects in memory or Microsoft Outlook security feature bypass vulnerability. By setting a crafted HTML page as Home Page in Outlook 2010, allows the attacker to execute code in the context of current user. Note: This strike simulates the opening of a malicious page at address defined in Outlook (Home Page). |
4.0 | E21-0x6i1 | CVE-2019-8394CVSSCVSSv3CWE-434EXPLOITDB-46413 | Exploits | This strike exploits a file upload vulnerability in Zoho ManageEngine ServiceDesk Plus. Files can be uploaded to the target by sending an HTTP POST request with a parameter 'module' equal to 'CustomLogin'. An attacker can send a malicious HTTP POST request to upload an arbitrary file to '/custom/login' folder. Successful exploitation may lead to creation and execution of arbitrary files by an authenticated user with minimum permissions (for example, guest). |
Component | Info |
---|---|
Apps | Adding "ChinaApp" tag to super flows simulating applications in China Market. |