Name | Category | Info |
---|---|---|
Netflix Aug 2022 | Voice/Video/Media | Netflix is a subscription based provider of streaming media and video-on-demand. |
WireGuard | Security | This flow emulates the WireGuard protocol (as of Augsut 2022) which is a free and open-source suite for efficient implementation of encrypted virtual private networks (VPNs), and was designed with the goals of ease of use, high speed performance, and low attack surface. This protocol utilizes UDP as the transport layer and can also be used as an alternative to other VPN protocols such as OpenVPN and IPSec. |
Name | Category | Tags | Info |
---|---|---|---|
IETF QUIC Version-1 Bandwidth | Data Transfer/File Sharing | Streaming HTTP/3 RFC 9000 |
Simulates video streaming over the IETF QUIC Version-1 (aka RFC 9000) which generates 10 MB of data. |
Netflix Aug 2022 | Voice/Video/Media | Streaming SimulatedTLS |
Netflix is a subscription based provider of streaming media and video-on-demand. This is a TLS traffic simulation of Netflix web application including user login, homepage scroll, search for a video, play video and log out after a short time. |
WireGuard VPN Bandwidth Aug 2022 | Security | Privacy | Simulates a basic use of WireGuard VPN as of August 2022 where the client and server exchange transport data. |
WireGuard VPN Bandwidth Aug 2022 | Security | Privacy | Simulates a basic use of WireGuard VPN as of August 2022 where the client and server exchange transport data. |
Name | Info |
---|---|
Sandvine 2022 Global Downstream | It simulates the downstream traffic generated by the top 10 applications reported in the Sandvine Global Internet Phenomena Report January 2022. |
Name | Info | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
IcedID ISO Aug 2022 Campaign | This strike list contains 2 strikes simulating the 'IcedID ISO Aug 2022 Campaign'. 1. The first strike simulates the network transfer of the IcedID malware in an iso package. When executed this malware mounts to the DVD drive on the machine containing a shortcut lnk and the IcedID malicious dll. Once the shortcut is executed the dll is loaded. 2. The second strike simulates the 'IcedID Command and Control' traffic that occurs after executing the IcedID malware. The malware sends a GET request to the malicious carismorth C2 server and receives a 401 NOT FOUND HTML page in response. This server can the send further commands such as downloading additional malware. It contains the following sequence of strikes: 1) /strikes/malware/apt/icedid_iso_aug_2022_campaign/malware_354c059e6f6a7d52046855496e9bbcff.xml 2) /strikes/botnets/apt/icedid_iso_aug_2022_campaign/icedid_iso_aug_2022_campaign_command_control.xml
|
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E22-cfyh1 | CVE-2021-34473CVSSCVSSv3CWE-918URLZDI-21-821 | Exploits | This strike exploits a server side request forgery (SSRF) vulnerability in the EwsAutodiscoverProxyRequestHandler component of Microsoft Exchange. The vulnerability is due to insufficient handling of explicit logon requests to the autodiscover component of Exchange. An unauthenticated, remote attacker can exploit this vulnerability by sending a crafted request to the vulnerable Exchange server. Successful exploitation results in requests being made to backend servers with administrative privileges without any need of authentication. *NOTE: In OneArm mode, the strike makes requests for enumerating email addresses, Server ID , Legacy DN and saves a draft email with a file attachment with SID 'S-1-5-21-1943555408-1405878097-3563671238-500'. |
7.5 | E22-cfzv1 | CVE-2021-34523CVSSCVSSv3CWE-287URLURLZDI-21-822 | Exploits | This strike exploits a privilege escalation vulnerability in the PowerShell remoting feature of Microsoft Exchange. The vulnerability is due to improperly deserializing access token provided in the request. A remote authenticated attacker can provide the access token for an user (including the Exchange Admin user) as part of X-Rps-CAT query in the request resulting in to run powershell commands impersonating the that user. |
7.5 | E22-eko31 | CVE-2022-33891CVSSCVSSv3CWE-77URL | Exploits | This strike exploits a command injection vulnerability in Apache Spark. The vulnerability is due to improper validation of user input. A remote, unauthenticated attacker could exploit this vulnerability by submitting a specially crafted HTTP request which could result in arbitrary command execution in the context of the user running the server. |
5.0 | E22-c9hh1 | CVE-2021-26085CVSSCVSSv3CWE-862URL | Exploits | This strike exploits an information disclosure vulnerability in Atlassian Confluence. The vulnerability is due to improper path validation. A remote, unauthenticated attacker could exploit this vulnerability by submitting a specially crafted HTTP request which could result in arbitrary file read. |