Agent: Add attack technique tags from WMIExploiter

This commit is contained in:
Ilija Lazoroski 2022-10-07 14:12:52 +02:00
parent ed191bcf61
commit c09c2c2127
1 changed files with 10 additions and 0 deletions

View File

@ -7,6 +7,11 @@ from time import time
from impacket.dcerpc.v5.rpcrt import DCERPCException from impacket.dcerpc.v5.rpcrt import DCERPCException
from common.credentials import get_plaintext from common.credentials import get_plaintext
from common.tags import (
T1021_ATTACK_TECHNIQUE_TAG,
T1105_ATTACK_TECHNIQUE_TAG,
T1110_ATTACK_TECHNIQUE_TAG,
)
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import get_agent_dst_path from infection_monkey.exploit.tools.helpers import get_agent_dst_path
from infection_monkey.exploit.tools.smb_tools import SmbTools from infection_monkey.exploit.tools.smb_tools import SmbTools
@ -22,10 +27,15 @@ from infection_monkey.utils.threading import interruptible_iter
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
WMI_EXPLOITER_TAG = "wmi-expliter"
class WmiExploiter(HostExploiter): class WmiExploiter(HostExploiter):
_EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)" _EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)"
_EXPLOITER_TAGS = (WMI_EXPLOITER_TAG, T1021_ATTACK_TECHNIQUE_TAG, T1110_ATTACK_TECHNIQUE_TAG)
_PROPAGATION_TAGS = (WMI_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG)
@WmiTools.impacket_user @WmiTools.impacket_user
@WmiTools.dcom_wrap @WmiTools.dcom_wrap
def _exploit_host(self) -> ExploiterResultData: def _exploit_host(self) -> ExploiterResultData: