From 84868b29ef598135531ef5e77ad3524f5233919f Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 21 Jun 2021 10:56:44 +0300 Subject: [PATCH 1/7] Adds ransomware section to island's configuration schema --- monkey/monkey_island/cc/services/config_schema/config_schema.py | 2 ++ monkey/monkey_island/cc/services/config_schema/ransomware.py | 1 + 2 files changed, 3 insertions(+) create mode 100644 monkey/monkey_island/cc/services/config_schema/ransomware.py diff --git a/monkey/monkey_island/cc/services/config_schema/config_schema.py b/monkey/monkey_island/cc/services/config_schema/config_schema.py index 3900b0675..fb1e35b45 100644 --- a/monkey/monkey_island/cc/services/config_schema/config_schema.py +++ b/monkey/monkey_island/cc/services/config_schema/config_schema.py @@ -10,6 +10,7 @@ from monkey_island.cc.services.config_schema.definitions.system_info_collector_c ) from monkey_island.cc.services.config_schema.internal import INTERNAL from monkey_island.cc.services.config_schema.monkey import MONKEY +from monkey_island.cc.services.config_schema.ransomware import RANSOMWARE SCHEMA = { "title": "Monkey", @@ -27,6 +28,7 @@ SCHEMA = { "basic": BASIC, "basic_network": BASIC_NETWORK, "monkey": MONKEY, + "ransomware": RANSOMWARE, "internal": INTERNAL, }, "options": {"collapsed": True}, diff --git a/monkey/monkey_island/cc/services/config_schema/ransomware.py b/monkey/monkey_island/cc/services/config_schema/ransomware.py new file mode 100644 index 000000000..83619b0b4 --- /dev/null +++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py @@ -0,0 +1 @@ +RANSOMWARE = {"linux_dir": "", "windows_dir": ""} From 1ede7ebaecad22cef06cb26abf1ff1d504e00b67 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 22 Jun 2021 09:14:29 +0300 Subject: [PATCH 2/7] Adds ransomware configuration options to monkey configuration --- monkey/infection_monkey/config.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index d00d55814..5e2c3ec21 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -193,7 +193,12 @@ class Configuration(object): ms08_067_exploit_attempts = 5 user_to_add = "Monkey_IUSER_SUPPORT" - # User and password dictionaries for exploits. + ########################### + # ransomware config + ########################### + + windows_dir = "" + linux_dir = "" def get_exploit_user_password_pairs(self): """ From 9ef4ce8bac9557ee4d32bc311e417c51f5319c9b Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 22 Jun 2021 09:47:11 +0300 Subject: [PATCH 3/7] Fixes formatting and naming for ransomware configuration options --- monkey/infection_monkey/config.py | 4 +-- .../cc/services/config_schema/ransomware.py | 27 ++++++++++++++++++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 5e2c3ec21..5111bae48 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -197,8 +197,8 @@ class Configuration(object): # ransomware config ########################### - windows_dir = "" - linux_dir = "" + windows_dir_ransom = "" + linux_dir_ransom = "" def get_exploit_user_password_pairs(self): """ diff --git a/monkey/monkey_island/cc/services/config_schema/ransomware.py b/monkey/monkey_island/cc/services/config_schema/ransomware.py index 83619b0b4..b5d250f00 100644 --- a/monkey/monkey_island/cc/services/config_schema/ransomware.py +++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py @@ -1 +1,26 @@ -RANSOMWARE = {"linux_dir": "", "windows_dir": ""} +RANSOMWARE = { + "title": "Ransomware", + "type": "object", + "properties": { + "directories": { + "title": "Directories to encrypt", + "type": "object", + "properties": { + "linux_dir_ransom": { + "title": "Linux encryptable directory", + "type": "string", + "default": "", + "description": "Files in the specified directory will be encrypted " + "using bitflip to simulate ransomware.", + }, + "windows_dir_ransom": { + "title": "Windows encryptable directory", + "type": "string", + "default": "", + "description": "Files in the specified directory will be encrypted " + "using bitflip to simulate ransomware.", + }, + }, + } + }, +} From 00edb17b86b7bad3b8efb98a6d4793c587981f43 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 22 Jun 2021 10:35:21 +0300 Subject: [PATCH 4/7] Adds ransomware page to the configuration UI --- .../monkey_island/cc/ui/src/components/pages/ConfigurePage.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js index c6e27f476..ed827401b 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js @@ -30,7 +30,7 @@ class ConfigurePageComponent extends AuthComponent { this.currentFormData = {}; this.initialConfig = {}; this.initialAttackConfig = {}; - this.sectionsOrder = ['attack', 'basic', 'basic_network', 'monkey', 'internal']; + this.sectionsOrder = ['attack', 'basic', 'basic_network', 'ransomware', 'monkey', 'internal']; this.state = { attackConfig: {}, From d7f4035884c33f1548960e546345ebb4a131d661 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 22 Jun 2021 10:39:02 +0300 Subject: [PATCH 5/7] Adds ransomware entrypoint in monkey and logs values provided in ransomware configuration options --- monkey/infection_monkey/monkey.py | 3 +++ monkey/infection_monkey/ransomware/__init__.py | 10 ++++++++++ 2 files changed, 13 insertions(+) create mode 100644 monkey/infection_monkey/ransomware/__init__.py diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 7e188b74d..e03296570 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -19,6 +19,7 @@ from infection_monkey.network.HostFinger import HostFinger from infection_monkey.network.network_scanner import NetworkScanner from infection_monkey.network.tools import get_interface_to_target, is_running_on_island from infection_monkey.post_breach.post_breach_handler import PostBreach +from infection_monkey.ransomware import start_ransomware from infection_monkey.system_info import SystemInfoCollector from infection_monkey.system_singleton import SystemSingleton from infection_monkey.telemetry.attack.t1106_telem import T1106Telem @@ -232,6 +233,8 @@ class InfectionMonkey(object): if not self._keep_running: break + start_ransomware() + if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1): time_to_sleep = WormConfiguration.timeout_between_iterations LOG.info("Sleeping %d seconds before next life cycle iteration", time_to_sleep) diff --git a/monkey/infection_monkey/ransomware/__init__.py b/monkey/infection_monkey/ransomware/__init__.py new file mode 100644 index 000000000..42bd69d20 --- /dev/null +++ b/monkey/infection_monkey/ransomware/__init__.py @@ -0,0 +1,10 @@ +import logging + +from infection_monkey.config import WormConfiguration + +LOG = logging.getLogger(__name__) + + +def start_ransomware(): + LOG.info(f"Windows dir configured for encryption is {WormConfiguration.windows_dir_ransom}") + LOG.info(f"Linux dir configured for encryption is {WormConfiguration.linux_dir_ransom}") From 63901bcd264d8f3ef279e9bfc7bc4dba7eacb426 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 22 Jun 2021 16:37:44 +0300 Subject: [PATCH 6/7] Refactor ransomware payload __init__.py into ransomware_payload.py with a stubbed ransomware payload class --- .../infection_monkey/ransomware/__init__.py | 10 ------- .../ransomware/ransomware_payload.py | 27 +++++++++++++++++++ 2 files changed, 27 insertions(+), 10 deletions(-) delete mode 100644 monkey/infection_monkey/ransomware/__init__.py create mode 100644 monkey/infection_monkey/ransomware/ransomware_payload.py diff --git a/monkey/infection_monkey/ransomware/__init__.py b/monkey/infection_monkey/ransomware/__init__.py deleted file mode 100644 index 42bd69d20..000000000 --- a/monkey/infection_monkey/ransomware/__init__.py +++ /dev/null @@ -1,10 +0,0 @@ -import logging - -from infection_monkey.config import WormConfiguration - -LOG = logging.getLogger(__name__) - - -def start_ransomware(): - LOG.info(f"Windows dir configured for encryption is {WormConfiguration.windows_dir_ransom}") - LOG.info(f"Linux dir configured for encryption is {WormConfiguration.linux_dir_ransom}") diff --git a/monkey/infection_monkey/ransomware/ransomware_payload.py b/monkey/infection_monkey/ransomware/ransomware_payload.py new file mode 100644 index 000000000..941055062 --- /dev/null +++ b/monkey/infection_monkey/ransomware/ransomware_payload.py @@ -0,0 +1,27 @@ +import logging + +LOG = logging.getLogger(__name__) + + +class RansomewarePayload: + def __init__(self, config: dict): + self.config = config + + def run_payload(self): + LOG.info( + f"Windows dir configured for encryption is " f"{self.config['windows_dir_ransom']}" + ) + LOG.info(f"Linux dir configured for encryption is " f"{self.config['linux_dir_ransom']}") + + file_list = self._find_files() + self._encrypt_files(file_list) + + def _find_files(self): + return [] + + def _encrypt_files(self, file_list): + for file in file_list: + self._encrypt_file(file) + + def _encrypt_file(self, file): + pass From 947a03c9a1eeb70bb0e926eff100d2defa30f28e Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 22 Jun 2021 16:42:09 +0300 Subject: [PATCH 7/7] Refactor ransomware configuration option from flattened to a dict that encompasses any ransomware options --- monkey/infection_monkey/config.py | 3 +-- monkey/infection_monkey/monkey.py | 4 ++-- monkey/monkey_island/cc/services/config.py | 4 ++++ monkey/monkey_island/cc/services/config_schema/ransomware.py | 4 ++-- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 5111bae48..f7ec13af6 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -197,8 +197,7 @@ class Configuration(object): # ransomware config ########################### - windows_dir_ransom = "" - linux_dir_ransom = "" + ransomware = "" def get_exploit_user_password_pairs(self): """ diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index e03296570..abd0b3f18 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -19,7 +19,7 @@ from infection_monkey.network.HostFinger import HostFinger from infection_monkey.network.network_scanner import NetworkScanner from infection_monkey.network.tools import get_interface_to_target, is_running_on_island from infection_monkey.post_breach.post_breach_handler import PostBreach -from infection_monkey.ransomware import start_ransomware +from infection_monkey.ransomware.ransomware_payload import RansomewarePayload from infection_monkey.system_info import SystemInfoCollector from infection_monkey.system_singleton import SystemSingleton from infection_monkey.telemetry.attack.t1106_telem import T1106Telem @@ -233,7 +233,7 @@ class InfectionMonkey(object): if not self._keep_running: break - start_ransomware() + RansomewarePayload(WormConfiguration.ransomware).run_payload() if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1): time_to_sleep = WormConfiguration.timeout_between_iterations diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 7c7429756..acb12d48a 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -106,6 +106,10 @@ class ConfigService: config_json = ConfigService.get_config(is_initial_config, should_decrypt) flat_config_json = {} for i in config_json: + if i == "ransomware": + # Don't flatten the ransomware because ransomware payload expects a dictionary #1260 + flat_config_json[i] = config_json[i] + continue for j in config_json[i]: for k in config_json[i][j]: if isinstance(config_json[i][j][k], dict): diff --git a/monkey/monkey_island/cc/services/config_schema/ransomware.py b/monkey/monkey_island/cc/services/config_schema/ransomware.py index b5d250f00..74b5d3d67 100644 --- a/monkey/monkey_island/cc/services/config_schema/ransomware.py +++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py @@ -6,14 +6,14 @@ RANSOMWARE = { "title": "Directories to encrypt", "type": "object", "properties": { - "linux_dir_ransom": { + "linux_dir": { "title": "Linux encryptable directory", "type": "string", "default": "", "description": "Files in the specified directory will be encrypted " "using bitflip to simulate ransomware.", }, - "windows_dir_ransom": { + "windows_dir": { "title": "Windows encryptable directory", "type": "string", "default": "",