| Name | Category | Info |
|---|---|---|
| C2 Koadic | Security | Koadic is a Windows post-exploitation framework written in Python. The major difference between Koadic and other C2 Frameworks is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). |
| Flipkart Mobile May21 | Mobile | Flipkart is an Indian e-commerce company, headquartered in Bangalore, Karnataka, India, and incorporated in Singapore as a private limited company. The company initially focused on online book sales before expanding into other product categories such as consumer electronics, fashion, home essentials, groceries, and lifestyle products. This simulates the Mobile version of the application. |
| Google Quic Version 51 | Data Transfer/File Sharing | This is a simulation of Google proprietary Quic protocol (gQUIC) version T051. The traffic is encapsulated in UDP packets. |
| ROC | SCADA | ROC (Remote Automation Controller) protocol is used for remotely controlling and monitoring analog/digital endpoints. |
| Tubi Jun21 | Voice/Video/Media | Tubi is an ad-supported streaming service owned by Fox Corporation. Tubi offers over 20,000 older TV shows and movies to watch for free. Their library holds content from studios including Paramount, MGM and Lionsgate and networks including A&E, Lifetime and Starz. The service was first launched in April 1, 2014 and is based in San Francisco, California. |
| Name | Category | Tags | Info |
|---|---|---|---|
| C2 Koadic | Security | C2-Framework | Simulates the scenario in Koadic C2 communication over HTTP where the victim and server completes the staging phase. Then the server asks the victim to perform a task, victim executes the task and returns the results. Then server asks the victim to exfiltrate a file present on the victim machine. Victim then returns the file asked over the network. |
| C2 Koadic File Exfiltration | Security | C2-Framework | Simulates the scenario in Koadic C2 communication over HTTP the victim sends beacon to the server for any task to perform. Server then commands the victim to exfiltrate a file from the victim machine and victim returns the results. |
| C2 Koadic HTTPS | Security | C2-Framework | Simulates the scenario in Koadic C2 communication over HTTPS where the victim and server completes the staging phase. Then the server asks the victim to perform a task, victim executes the task and returns the results. |
| C2 Koadic Post Exploitation Modules | Security | C2-Framework | Simulates the scenario in Koadic C2 communication over HTTP where the victim sends beacon to the server for any task to perform. Server then commands the victim to perform one of the many available post-exploitation commands supported by Koadic and victim returns the results. |
| C2 Koadic Staging | Security | C2-Framework | Simulates the staging scenario of Koadic C2 communication over HTTP where the victim contacts the server after the stager is being executed, server sends the victim the various secondary payload required for further C2 communication. |
| Flipkart Mobile May21 | Mobile | MobileApp Financial IndiaApp |
Simulates the use of Flipkart Mobile App as of May 2021, where a user opens the app, logs in to the app, browses all categories, selects a category, selects a product, adds the product to the cart, opens the cart, places order, goes to orders tab, cancels the order, then opens the videos tab, selects a video and watches it and finally logs out from the app. |
| Flipkart Mobile May21 Shop | Mobile | MobileApp Financial IndiaApp |
Simulates the use of Flipkart Mobile App as of May 2021, where a user opens the app, logs in to the app, browses all categories, selects a category, selects a product, adds the product to the cart, opens the cart, places order, and logs out from the app. |
| Flipkart Mobile May21 Cancel Order | Mobile | MobileApp Financial IndiaApp |
Simulates the use of Flipkart Mobile App as of May 2021, where a user opens the app, logs in to the app, goes to orders tab, cancels the order, and logs out from the app. |
| Flipkart Mobile May21 Videos | Mobile | MobileApp Financial IndiaApp |
Simulates the use of Flipkart Mobile App as of May 2021, where a user opens the app, logs in to the app, opens the video tab, selects a video and watches it and logs out from the app. |
| Google QUIC T051 | Data Transfer/File Sharing | Security HTTP/3 |
Simulates generic Google QUIC T051 handshake and payload sessions. |
| Google QUIC T051 Bandwidth | Data Transfer/File Sharing | Security HTTP/3 |
Simulates generic Google QUIC T051 handshake and payload sessions and generates around 10MB of data. |
| Instagram Mobile Play Video (5 MB) | Data Transfer/File Sharing | Security HTTP/3 |
Simulates video streaming of 5 MB over QUIC Facebook mvfst (Draft-27) in the Instagram android mobile app. |
| Instagram Mobile Video Upload (5 MB) | Data Transfer/File Sharing | Security HTTP/3 |
Simulates video upload of 5 MB over QUIC Facebook mvfst (Draft-27) in the Instagram android mobile app. |
| QUIC Facebook mvfst (Draft-22) | Data Transfer/File Sharing | Security HTTP/3 |
Simulates the generic QUIC Facebook mvfst (Draft-22) or FB01 handshake and payload sessions. |
| QUIC Facebook mvfst (Draft-22) Bandwidth | Data Transfer/File Sharing | Security HTTP/3 |
Simulates video streaming over the generic QUIC Facebook mvfst (Draft-22) or FB01 which generates around 10 MB of data. |
| QUIC Facebook mvfst (Draft-27) | Data Transfer/File Sharing | Security HTTP/3 |
Simulates the generic QUIC Facebook mvfst (Draft-27) or FB02 handshake and payload sessions. |
| QUIC Facebook mvfst (Draft-27) Bandwidth | Data Transfer/File Sharing | Security HTTP/3 |
Simulates video streaming over the generic QUIC Facebook mvfst (Draft-27) or FB02 which generates around 10 MB of data. |
| ROC | SCADA | ICS | ROC (Remote Automation Controller) is a communication protocol for remotely controlling and monitoring analog/digital endpoints. The protocol provides access to database configuration, real-time clock, event and alarm logs, and historically archived data. This simulates sending and current configuration request to ROC and getting current ROC configuration back, also simulates sending and receiving current configured time in ROC. |
| Tubi Jun 21 | Voice/Video/Media | Simulates the use of Tubi application as of June 2021, where the user opens Tubi website, logs in to it, browses Tubi interface, selects a movie/series from the list, plays the video, pauses the video, selects a movie/series from the recommended list and logs out. | |
| Tubi Jun 21 Stream | Voice/Video/Media | Simulates the use of Tubi application as of June 2021, where the user selects a movie/series from the list, plays the video and pauses the video. |
| Name | Info | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Raccoon June 2021 Campaign | The Raccoon stealer is one of the 2019 top 10 most-mentioned malware in the underground economy and is widely known to have infected hundreds of thousands of devices around the world, despite it not being overly sophisticated or innovative. This strain of malware first emerged as recently as 2019, and has already established a strong following among cybercriminals. Its popularity, even with a limited feature set, signals the continuation of a growing trend of the commoditization of malware as they follow a MaaS (Malware-as-a-Service) model and evolve their efforts. *https://www.cybereason.com/blog/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block This strikelist contains 3 strikes simulating the 'Raccoon June 2021 Campaign'. 1. The first strike simulates the phishing attack. This is the first infection vector for this campaign in which a malicious hta file attachment is inside the email message. 2. The second strike simulates the download of the Raccoon malware. 3. The third strike simulates the traffic that occurs after the execution of the Raccoon malware. The victim sends an HTTP POST request contains encrypted data to the attacker, and the attacker sends HTTP reply message contains encrypted data. It contains the following sequence of strikes: 1) /strikes/phishing/raccoon_june_2021_campaign_phishing_email.xml 2) /strikes/malware/apt/raccoon_june_2021_campaign/malware_563e77bdcd9a6e5a62c146bddd816727cb6f32c2.xml 3) /strikes/botnets/apt/raccoon_june_2021_campaign/raccoon_june_2021_campaign_raccoon_command_control.xml
|
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E21-c6bl1 | CVE-2021-21985CVSSCVSSv3CWE-20URL | Exploits | The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. The flaw may be exploited by an unauthenticated attacker to execute arbitrary code in the context of the service running on the target server. |
| 7.5 | E21-cbw01 | CVE-2021-29200CVSSCVSSv3CWE-502URL | Exploits | This strike exploits an insecure deserialization vulnerability in Apache OFBiz. The vulnerability is a result of insufficient validation of XML-RPC requests in the UtilObject class. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation can lead to remote code execution, in the context of the user running the server. |
| 6.8 | E21-cbdy1 | CVE-2021-28550CVSSCVSSv3CWE-416URL | Exploits | This strike exploits a memory corruption vulnerability in Adobe Acrobat Reader DC. The vulnerability occurs due to a side-effect of handling events in the Annotations API. An object might be destroyed and re-accessed, leading to use-after-free condition. An attacker could exploit this vulnerability by enticing a user to open a maliciously crafted PDF document with the vulnerable software, potentially executing arbitrary code. |