Name | Category | Info |
---|---|---|
BeReal May 2022 | Secure Data Transfer | BeReal is a new social media app, which allows user to post photos on the platform. | Twitter Apr22 | Social Networking/Search | Simulates the use of the Twitter as of April 2022 where a user gets in the sign in page, signs into the Twitter website, browses his feed, posts a tweet, follows an account and signs out. | XueXiQiangGuo May22 | Voice/Video/Media | XueXiQiangGuo is a popular Chinese online learning platform. It allows users to view contents and watch all kinds of learning videos. |
Name | Category | Tags | Info |
---|---|---|---|
BeReal May 2022 | Secure Data Transfer | Web SimulatedTLS |
Simulates viewing learning contents and watching videos on XueXiQiangGuo website as of May 2022. The user opens the website, views educational resources and watches a video. |
Twitter Apr22 | Social Networking/Search | Search Social Networking |
Simulates the use of the Twitter as of April 2022 where a user gets in the sign in page, signs into the Twitter website, browses his feed, posts a tweet, follows an account and signs out. |
Twitter Apr22 Browse | Social Networking/Search | Search Social Networking |
Simulates the use of the Twitter as of April 2022 where a user gets in the sign in page, signs into the Twitter website, browses his feed and signs out. |
Twitter Apr22 Follow Account | Social Networking/Search | Search Social Networking |
Simulates the use of the Twitter as of April 2022 where a user gets in the sign in page, signs into the Twitter website, follows an account and signs out. |
Twitter Apr22 Post Tweet | Social Networking/Search | Search Social Networking |
SSimulates the use of the Twitter as of April 2022 where a user gets in the sign in page, signs into the Twitter website, posts a tweet and signs out. |
XueXiQiangGuo May22 | Voice/Video/Media | Education ChinaApp |
Simulates viewing learning contents and watching videos on XueXiQiangGuo website as of May 2022. The user opens the website, views educational resources and watches a video. |
XueXiQiangGuo May22 Video | Voice/Video/Media | Education ChinaApp |
Simulates watching videos on XueXiQiangGuo website as of May 2022. The user watches learning videos. |
Name | Info | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Qakbot DarkVNC Apr 2022 Campaign | This strikelist contains 6 strikes simulating the 'Qakbot DarkVNC Apr 2022 Campaign'. 1. The first strike simulates the download of a compressed Excel document. If the Excel document is opened, an embedded macro would attempt to download the Qakbot malware. 2. The second strike simulates the download of part 1 of the Qakbot malware. 3. The third strike simulates the download of part 2 of the Qakbot malware. 4. The fourth strike simulates the download of part 3 of the Qakbot malware. 5. The fifth strike simulates the command and control traffic that occurs after executing the Qakbot malware. The victim sends an HTTPS message to the attacker over port 443 and then another message over port 65400. 6. The sixth strike simulates the DarkVNC command and control traffic that occurs after communicating with the C2 server. The victim sends an message over port 443 to to the attacker. It contains the following sequence of strikes: 1) /strikes/malware/apt/qakbot_darkvnc_apr_2022_campaign/malware_cd4c02ff9bc9e27c1384d10bb668d376.xml 2) /strikes/malware/apt/qakbot_darkvnc_apr_2022_campaign/malware_9f8bd274644f4dc95f66f963facdd0dd.xml 3) /strikes/malware/apt/qakbot_darkvnc_apr_2022_campaign/malware_d5715f6020fdb99e2451c931cfac43fb.xml 4) /strikes/malware/apt/qakbot_darkvnc_apr_2022_campaign/malware_e7ba93bbeb866e107e65aae0ca992050.xml 5) /strikes/botnets/apt/qakbot_darkvnc_apr_2022_campaign/qakbot_darkvnc_apr_2022_campaign_qakbot_command_control.xml 6) /strikes/botnets/apt/qakbot_darkvnc_apr_2022_campaign/qakbot_darkvnc_apr_2022_campaign_darkvnc_c2.xml
|
CVSS | ID | References | Category | Info |
---|---|---|---|---|
7.5 | E22-ckmz1 | CVE-2021-40539CVSSCVSSv3CWE-287URLURL | Exploits | This strike exploits an authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus. The vulnerability is due to an error in normalizing the URLs before validation. A remote attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could allow the attacker to bypass authentication and exploit endpoints to perform subsequent attacks leading to arbitrary command execution. *NOTE: The strike attempts to perform authentication bypass and call random endpoints which usually requires authentication. |