Name | Category | Info |
---|---|---|
China Merchants Bank Mobile Apr 2022 | Financial | China Merchants Bank is a popular Chinese banking application. | ELeMe Mobile Apr 2022 | Social Networking/Search | ELeMe is a Chinese food ordering and delivery service platform. | JT/T 905 | SCADA | JT/T 905 is a Chinese IoV (Internet of Vehicles) specification of taxi service and management information system. |
Name | Category | Tags | Info |
---|---|---|---|
China Merchants Bank Mobile Apr 2022 | Financial | ChinaApp MobileApp SimulatedTLS |
China Merchants Bank is a popular Chinese banking application. This is the simulation of China Merchants Bank v8.5.12 where the user logs on to the application, checks balance and transfers cash. |
ELeMe Mobile Apr 2022 | Social Networking/Search | E-Commerce ChinaApp MobileApp SimulatedTLS |
ELeMe is a Chinese food ordering and delivery service platform. This is the simulation of ELeMe v10.7.5 where the user logs on to the application, checks restaurants, orders food and pays for it. |
JT/T 905 | SCADA | ICS ChinaApp |
Simulates a scenario where location information is transferred from ISU (Intelligent Service Unit) to server, and a telephone call booking service session is started by server, the ISU responds to it. |
JT/T 905 Bandwidth | SCADA | ICS ChinaApp |
Simulates a scenario where around 5MB of location information data is transferred between an ISU and the server. |
Name | Info | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Corporativo Apr 2022 Malspam Campaign | This strike list contains 2 strikes simulating the 'Corporativo Apr 2022 Malspam Campaign'. 1. The first strike simulates the phishing attack. This is the first infection vector for this campaign in which a phishing link is inside the email message. 2. The second strike simulates the download of the 'Corporativo' malware package. This package includes the malware loader Corporativo and the Trojan dll. It contains the following sequence of strikes: 1) /strikes/phishing/corporativo_apr_2022_malspam_phishing_email.xml 2) /strikes/malware/apt/corporativo_apr_2022_malspam_campaign/malware_56df9c22fad0934ee34ef97d14e5524904503816.xml
|
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E22-1e9r1 | CVE-2022-0543CVSSCVSSv3URL | Exploits | This strike exploits a Lua sandbox escape vulnerability in Redis. The vulnerability is due to packaging issue and affects only Debian based systems. A successful attack can result in arbitrary code execution in the context of the Redis server. |
6.5 | G22-095e1 | CVE-2016-7250CVSSCVSSv3CWE-264URL | Exploits | A privilege escalation vulnerability exists in Microsoft SQL Server. The vulnerability is due to the improper handling of a SQL query containing a Universal Naming Convention (UNC) path. A remote, authenticated attacker can exploit the vulnerability by sending a crafted SQL request to the server. Successful exploitation could allow an attacker to gain the password hashes of the account used to run the server service. |
6.0 | E22-ec8l1 | CVE-2022-22965CVSSCVSSv3CWE-94URLURL | Exploits | This strike exploits a remote code execution vulnerability in Spring Cloud Foundation. The vulnerability is due to inadequate validation of parameters used for data binding, allowing for manipulation of the ClassLoader. A remote attacker could exploit this vulnerability by providing a crafted parameter in an HTTP request. Successful exploitation could lead to ClassLoader manipulation, which may lead to execution of arbitrary code under the security context of the container of the target application. *NOTE: In one-arm, the strike will attempt to create a webshell at webapps/ROOT/shell.jsp which can be used for Remote Code Execution. |
5.0 | E22-cn5i1 | CVE-2021-43798CVSSCVSSv3CWE-22URL | Exploits | This strike exploits a directory traversal vulnerability in Grafana. The vulnerability is due to improper sanitization for the plugin assets route. A remote, unauthenticated attacker could exploit the vulnerability by sending crafted HTTP requests to a target server. Successful exploitation can result in arbitrary file read in the context of the Grafana user. |
Component | Info |
---|---|
Apps | Added two new parameters for DNS over HTTPS actions, with the name of "Custom HTTP Header" and "Custom HTTP Header Value" which add custom HTTP header to the GET/POST request if it already does not exist. If the provided HTTP header exists then the given value overrides it. The "Custom HTTP Header" field is case-insensitive in case of an override. |
Security | Malware and FileTransfer strikes using HTTP:POST are now sent by MULTI PART FORM DATA (a more modern approach) and can be reverted back by using "Global::RevertMalwarePOST" Evasion Option. |