| Name | Category | Info |
|---|---|---|
| IETF QUIC Draft-29 | Data Transfer/File Sharing | This simulates IETF QUIC protocol of version draft-29. The traffic is encapsulated in UDP packets. The protocol uses QUIC CRYPTO over the common TLS, for enhanced security and performance. |
| Naukri Apr21 | Social Networking/Search | Naukri.com is an Indian employment website operating in India and Middle East founded in March 1997. The website is used by the recruiters to post the job and by the applicants to view and apply to those opportunities. |
| Name | Category | Tags | Info |
|---|---|---|---|
| Alipay Mobile May 2021 | Secure Data Transfer | Financial Simulated TLS MobileApp ChinaApp |
Alipay is a Chinese mobile payment application. This is simulation of Alipay v10.2.20 where the user goes to Alipay, withdraws money from Alipay wallet to a bank card. |
| IETF QUIC Draft-29 | Data Transfer/File Sharing | Security HTTP/3 |
Simulates the generic IETF QUIC draft-29 handshake and payload sessions. |
| IETF QUIC Draft-29 Bandwidth | Data Transfer/File Sharing | Security HTTP/3 |
Simulates video streaming over the generic IETF QUIC draft-29 which generates 10 MB of data. | Naukri Apr 21 | Social Networking/Search | IndiaApp | Simulates the use of Naukri application as of April 2021, where the user opens Naukri website, logs in as an applicant, updates profile, views jobs, applies to a recommended job, browses recruiters, follows a recruiter, browses companies, reads an article, logs out from the applicant account, then logs in as an employer, posts a job and logs out from the employer account. | Naukri Apr 21 Apply Jobs | Social Networking/Search | IndiaApp | Simulates the use of Naukri application as of April 2021, where the user opens Naukri website, logs in as an applicant, updates profile, views jobs, applies to a recommended job, browses recruiters, follows a recruiter, browses companies and logs out. |
| Naukri Apr 21 Recruiters | Social Networking/Search | IndiaApp | Simulates the use of Naukri application as of April 2021, where the user opens Naukri website, logs in as an employer, posts a job and logs out. |
| Name | Info | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Darkside Ransomware May 2021 Campaign | This strikelist contains 3 strikes simulating the 'Darkside Ransomware May 2021 Campaign'. Darkside is a Ransomware-as-a-Service that allowed its affiliates to create global ransomware attacks in more than 15 countries. Started from November 2020, Darkside continued making a profit by charging a certain percentage of the ransom from the victim, including the Colonial Pipeline. 1. The first strike simulates the phishing attack. This is the first infection vector for this campaign in which a phishing link is inside the email message. 2. The second strike simulates the download of the 'Darkside' ransomware. This ransomware is the second infection vector for this campaign in which an EXE file will download and execute. 3. The third strike simulates the traffic that occurs after executing the 'Darkside' executable. The victim sends HTTPS encrypted traffic to the attacker. It contains the following sequence of strikes: 1) /strikes/phishing/darkside_ransomware_may_2021_campaign_phishing_email.xml 2) /strikes/malware/apt/darkside_ransomware_may_2021_campaign/malware_eeb28144f39b275ee1ec008859e80f215710dc57.xml 3) /strikes/botnets/apt/darkside_ransomware_may_2021_campaign/darkside_ransomware_may_2021_campaign_command_control.xml
|
||||||||||||||||
| Shlayer May 2021 Campaign | This strikelist contains 2 strikes simulating the 'Shlayer May 2021 Campaign'. Shlayer malware (also tracked as BundleLore by some) is a trojan that is known for delivering malicious adware. The trojan masquerades as an installer for various applications like Adobe Flash Player to install adware from the Cimpli family. 1. The first strike simulates the download of a malicious macOS installer DMG file. This is the first infection vector for this campaign in which it exploits CVE-2021-30657 to bypass macOS Gatekeeper and executes to download the next stage malware. This infection vector is usually distributed via fake webpages and is distributed as an update to Adobe Flash Player. 2. The second strike simulates the traffic that occurs after executing the malicious executable. The victim sends plain text HTTP traffic to the server to download specific malicious adware as per the system configuration. It contains the following sequence of strikes: 1) /strikes/malware/apt/shlayer_may_2021_campaign/malware_55869270ed20956e5c3e5533fb4472e4eb533dc2.xml 2) /strikes/botnets/apt/shlayer_may_2021_campaign/shlayer_may_2021_campaign_command_control.xml
|
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.0 | E21-abne1 | CVE-2020-35578CVSSCVSSv3CWE-78URL | Exploits | This strike exploits a command injection vulnerability in the admin webpage 'monitoringplugins.php' script for Nagios XI. The flaw is due to the insufficient validation of the 'uploadedfile' multipart filename. The flaw may be exploited by an authenticated attacker to execute arbitrary code in the context of the Nagios user on the target server. |
| 7.5 | E21-cdem1 | CVE-2021-31166CVSSCVSSv3CWE-416URLURL | Exploits | A use-after-free vulnerability exists in the HTTP Protocol Stack HTTP.sys for Microsoft Internet Information Services. The vulnerability is due to a design weakness in the UlpParseAcceptEncoding method. This vulnerability can be exploited by a remote, unauthenticated attacker by sending a crafted Accept-Encoding header in an HTTP request to the target server. Successful exploitation could lead to remote code execution with kernel privileges or to a denial of service. |
| Component | Info |
|---|---|
| Security | Strike E20-0zk02 has been fixed to not result in any malformed packets for SMB negotiation setup and requests a connection to a valid share name. |