telem: Add ransomware telemetry

2021-06-22 15:23:45 +05:30 · 2021-06-22 15:23:45 +05:30 · 29bd48f703
parent d600aa7208
commit 29bd48f703
2 changed files with 25 additions and 1 deletions
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@ -25,6 +25,7 @@ from infection_monkey.system_singleton import SystemSingleton
 from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
 from infection_monkey.telemetry.attack.t1107_telem import T1107Telem
 from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
+from infection_monkey.telemetry.ransomware_telem import RansomwareTelem
 from infection_monkey.telemetry.scan_telem import ScanTelem
 from infection_monkey.telemetry.state_telem import StateTelem
 from infection_monkey.telemetry.system_info_telem import SystemInfoTelem
@ -233,7 +234,8 @@ class InfectionMonkey(object):
                    if not self._keep_running:
                        break

-                RansomewarePayload(WormConfiguration.ransomware).run_payload()
+                ransomware_attempts = RansomewarePayload(WormConfiguration.ransomware).run_payload()
+                RansomwareTelem(ransomware_attempts).send()

                if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1):
                    time_to_sleep = WormConfiguration.timeout_between_iterations
--- a/monkey/infection_monkey/telemetry/ransomware_telem.py
+++ b/monkey/infection_monkey/telemetry/ransomware_telem.py
@ -0,0 +1,22 @@
+from typing import List, Tuple
+
+from common.common_consts.telem_categories import TelemCategoryEnum
+from infection_monkey.telemetry.base_telem import BaseTelem
+
+
+class RansomwareTelem(BaseTelem):
+    def __init__(self, attempts: List[Tuple[str, str]]):
+        """
+        Ransomware telemetry constructor
+        :param attempts: List of tuples with each tuple containing the path
+                         of a file it tried encrypting and its result.
+                         If ransomware fails completely - list of one tuple
+                         containing the directory path and error string.
+        """
+        super().__init__()
+        self.attempts = attempts
+
+    telem_category = TelemCategoryEnum.RANSOMWARE
+
+    def get_data(self):
+        return {"ransomware_attempts": self.attempts}