| Name | Category | Info |
|---|---|---|
| Twitter Mobile Apr21 | Social Networking/Search | Twitter is an American microblogging and social networking service on which users post and interact with messages known as tweets. This android mobile app allows registered users to post, like and retweet tweets, but unregistered users can only read them. It also allows users to add their Fleet (Story) and create their Space (Audio Chat Room). |
| Weibo Mobile Apr21 | Social Networking/Search | Weibo is a Chinese microblog service platform. It allows users to post, forward and comment blogs. This simulates the mobile version of Weibo application. |
| Name | Category | Info |
|---|---|---|
| Dingtalk Meeting | Voice/Video/Media | Dingtalk, also called Dingding in Chinese is a popular Chinese working platform with rich messaging and multimedia features. This is a simulation of RTP traffic component in Dingtalk desktop client when used in conference meeting mode. Dingtalk meeting application uses DTLS for meeting initiation, and RTP over UDP for video/audio traffic. There are 2 clients in this meeting in video or audio mode. The RTP traffic lasts for 5 seconds in each session. The clients in this flow conform to Dingtalk v5.1.41.20. |
| DNS over HTTPS with EDNS Padding Option | System/Network Admin | Simulates a DNS record lookup where the client sends a DNS query over HTTPS to the server. And the server replies to the query as defined in RFC 8484. Here both the DNS query and response contain EDNS Padding Option (RFC 7830) inside the Additional Records. |
| Twitter Mobile Apr21 Add Fleet | Social Networking/Search | Simulates the use of the Twitter Mobile as of April 2021 where a user gets in the sign in page, signs into the Twitter Mobile app, adds a Fleet (Story), views the Fleet, deletes the Fleet and signs out. |
| Twitter Mobile Apr21 Host Space | Social Networking/Search | Simulates the use of the Twitter Mobile as of April 2021 where a user gets in the sign in page, signs into the Twitter Mobile app, goes to the profile, starts a new Space (Audio Chat Room), ends the Space and signs out. |
| Twitter Mobile Apr21 Post Tweet | Social Networking/Search | Simulates the use of the Twitter Mobile as of April 2021 where a user gets in the sign in page, signs into the Twitter Mobile app, views the home timeline feed, goes to the profile, posts a tweet and signs out. |
| Twitter Mobile Apr21 Show Profile | Social Networking/Search | Simulates the use of the Twitter Mobile as of April 2021 where a user gets in the sign in page, signs into the Twitter Mobile app, goes to the profile, accesses notification section, shows the list of followed users, unfollows a user, shows the list of followers and signs out. |
| Twitter Mobile Apr21 View Home Timeline | Social Networking/Search | Simulates the use of the Twitter Mobile as of April 2021 where a user gets in the sign in page, signs into the Twitter Mobile app, views the home timeline feed, follows a user, retweets a tweet, replies a tweet, likes a tweet, accesses the notification section, views a Fleet (story) and signs out. |
| Weibo Mobile Apr21 | Social Networking/Search | Simulates viewing micro blogs on Weibo as of April 2021. The user goes to the website, views the blogs and makes comments. |
| Weibo Mobile Apr21 Post Message | Social Networking/Search | Simulates posting message on Weibo as of April 2021. The user goes to the website, logs into Weibo, posts message and logs out. |
| Name | Info | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IcedID Apr 2021 Campaign | This strikelist contains 6 strikes simulating the 'IcedID Apr 2021 Campaign'. 1. The first strike simulates the download of the 'Excel' malware. This is the first infection vector for this campaign in which a Microsoft Excel macro executes to download the next stage malware. 2. The second strike simulates the download of the 'Installer' malware. This malware is the second infection vector for this campaign in which a Dll file will download and execute. 3. The third strike simulates the download of the 'Temporary Loader' malware. This malware is the third stage infection vector for this campaign in which a Dll file will download and execute. 4. The fourth strike simulates the download of the 'Persistent' malware. This malware is the fourth stage infection vector for this campaign in which a Dll file will download and execute. 5. The fifth strike simulates the download of the 'IcedID' malware. This malware is the fifth stage infection vector for this campaign in which an enctypted binary file will download and execute. 6. The fifth strike simulates the traffic that occurs after executing the 'IcedID' executable. The victim sends HTTPS traffic to the attacker which contains victim host information which includes username/hostname/domain name/IP address/OS architecture. It contains the following sequence of strikes: 1) /strikes/malware/apt/icedid_apr_2021_campaign/malware_373d22c9edce34815fbe566a7f15632ad01be5df.xml 2) /strikes/malware/apt/icedid_apr_2021_campaign/malware_e3ff87266aa56dd14e8f5fa70e44fe0539924079.xml 3) /strikes/malware/apt/icedid_apr_2021_campaign/malware_e0dd75e65ca7c37593ae3d938637c5f083402550.xml 4) /strikes/malware/apt/icedid_apr_2021_campaign/malware_f40d73367e73062dfc47e1940a1cc158db4cf016.xml 5) /strikes/malware/apt/icedid_apr_2021_campaign/malware_0febc376cc066bb668f1a80b969ed112da8e871c.xml 6) /strikes/botnets/apt/icedid_apr_2021_campaign/icedid_apr_2021_campaign_icedid_command_control.xml
|
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.4 | E21-c4um1 | CVE-2021-20078CVSSCVSSv3CWE-22URL | Exploits | This strike exploits a directory traversal vulnerability in Zoho ManageEngine OpManager builds below 125346. The vulnerability is due to improper handling of user-supplied path in HTTP requests. A remote, unauthenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary file deletion, which could result in a denial of service. |
| Component | Info |
|---|---|
| Apps | Added EDNS Padding Option(12) in DoH (DNS over HTTPS). |