Merge pull request #1255 from guardicore/ransomware_stub

Adds ransomware stub
This commit is contained in:
Mike Salvatore 2021-06-22 09:59:14 -04:00 committed by GitHub
commit ccc3557021
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 68 additions and 2 deletions

View File

@ -193,7 +193,11 @@ class Configuration(object):
ms08_067_exploit_attempts = 5 ms08_067_exploit_attempts = 5
user_to_add = "Monkey_IUSER_SUPPORT" user_to_add = "Monkey_IUSER_SUPPORT"
# User and password dictionaries for exploits. ###########################
# ransomware config
###########################
ransomware = ""
def get_exploit_user_password_pairs(self): def get_exploit_user_password_pairs(self):
""" """

View File

@ -19,6 +19,7 @@ from infection_monkey.network.HostFinger import HostFinger
from infection_monkey.network.network_scanner import NetworkScanner from infection_monkey.network.network_scanner import NetworkScanner
from infection_monkey.network.tools import get_interface_to_target, is_running_on_island from infection_monkey.network.tools import get_interface_to_target, is_running_on_island
from infection_monkey.post_breach.post_breach_handler import PostBreach from infection_monkey.post_breach.post_breach_handler import PostBreach
from infection_monkey.ransomware.ransomware_payload import RansomewarePayload
from infection_monkey.system_info import SystemInfoCollector from infection_monkey.system_info import SystemInfoCollector
from infection_monkey.system_singleton import SystemSingleton from infection_monkey.system_singleton import SystemSingleton
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
@ -232,6 +233,8 @@ class InfectionMonkey(object):
if not self._keep_running: if not self._keep_running:
break break
RansomewarePayload(WormConfiguration.ransomware).run_payload()
if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1): if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1):
time_to_sleep = WormConfiguration.timeout_between_iterations time_to_sleep = WormConfiguration.timeout_between_iterations
LOG.info("Sleeping %d seconds before next life cycle iteration", time_to_sleep) LOG.info("Sleeping %d seconds before next life cycle iteration", time_to_sleep)

View File

@ -0,0 +1,27 @@
import logging
LOG = logging.getLogger(__name__)
class RansomewarePayload:
def __init__(self, config: dict):
self.config = config
def run_payload(self):
LOG.info(
f"Windows dir configured for encryption is " f"{self.config['windows_dir_ransom']}"
)
LOG.info(f"Linux dir configured for encryption is " f"{self.config['linux_dir_ransom']}")
file_list = self._find_files()
self._encrypt_files(file_list)
def _find_files(self):
return []
def _encrypt_files(self, file_list):
for file in file_list:
self._encrypt_file(file)
def _encrypt_file(self, file):
pass

View File

@ -106,6 +106,10 @@ class ConfigService:
config_json = ConfigService.get_config(is_initial_config, should_decrypt) config_json = ConfigService.get_config(is_initial_config, should_decrypt)
flat_config_json = {} flat_config_json = {}
for i in config_json: for i in config_json:
if i == "ransomware":
# Don't flatten the ransomware because ransomware payload expects a dictionary #1260
flat_config_json[i] = config_json[i]
continue
for j in config_json[i]: for j in config_json[i]:
for k in config_json[i][j]: for k in config_json[i][j]:
if isinstance(config_json[i][j][k], dict): if isinstance(config_json[i][j][k], dict):

View File

@ -10,6 +10,7 @@ from monkey_island.cc.services.config_schema.definitions.system_info_collector_c
) )
from monkey_island.cc.services.config_schema.internal import INTERNAL from monkey_island.cc.services.config_schema.internal import INTERNAL
from monkey_island.cc.services.config_schema.monkey import MONKEY from monkey_island.cc.services.config_schema.monkey import MONKEY
from monkey_island.cc.services.config_schema.ransomware import RANSOMWARE
SCHEMA = { SCHEMA = {
"title": "Monkey", "title": "Monkey",
@ -27,6 +28,7 @@ SCHEMA = {
"basic": BASIC, "basic": BASIC,
"basic_network": BASIC_NETWORK, "basic_network": BASIC_NETWORK,
"monkey": MONKEY, "monkey": MONKEY,
"ransomware": RANSOMWARE,
"internal": INTERNAL, "internal": INTERNAL,
}, },
"options": {"collapsed": True}, "options": {"collapsed": True},

View File

@ -0,0 +1,26 @@
RANSOMWARE = {
"title": "Ransomware",
"type": "object",
"properties": {
"directories": {
"title": "Directories to encrypt",
"type": "object",
"properties": {
"linux_dir": {
"title": "Linux encryptable directory",
"type": "string",
"default": "",
"description": "Files in the specified directory will be encrypted "
"using bitflip to simulate ransomware.",
},
"windows_dir": {
"title": "Windows encryptable directory",
"type": "string",
"default": "",
"description": "Files in the specified directory will be encrypted "
"using bitflip to simulate ransomware.",
},
},
}
},
}

View File

@ -30,7 +30,7 @@ class ConfigurePageComponent extends AuthComponent {
this.currentFormData = {}; this.currentFormData = {};
this.initialConfig = {}; this.initialConfig = {};
this.initialAttackConfig = {}; this.initialAttackConfig = {};
this.sectionsOrder = ['attack', 'basic', 'basic_network', 'monkey', 'internal']; this.sectionsOrder = ['attack', 'basic', 'basic_network', 'ransomware', 'monkey', 'internal'];
this.state = { this.state = {
attackConfig: {}, attackConfig: {},