From bb11ea78579e849cbec0d8b53c229c8785ae37c2 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Tue, 4 Oct 2022 16:09:42 +0200
Subject: [PATCH 01/14] Common: Add attack tags

---
 monkey/common/tags/__init__.py | 6 ++++++
 monkey/common/tags/attack.py   | 4 ++++
 2 files changed, 10 insertions(+)
 create mode 100644 monkey/common/tags/__init__.py
 create mode 100644 monkey/common/tags/attack.py

diff --git a/monkey/common/tags/__init__.py b/monkey/common/tags/__init__.py
new file mode 100644
index 000000000..fd85dfe54
--- /dev/null
+++ b/monkey/common/tags/__init__.py
@@ -0,0 +1,6 @@
+from .attack import (
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1110_ATTACK_TECHNIQUE_TAG,
+    T1222_ATTACK_TECHNIQUE_TAG,
+    T1021_ATTACK_TECHNIQUE_TAG,
+)
diff --git a/monkey/common/tags/attack.py b/monkey/common/tags/attack.py
new file mode 100644
index 000000000..e12fdf1ad
--- /dev/null
+++ b/monkey/common/tags/attack.py
@@ -0,0 +1,4 @@
+T1105_ATTACK_TECHNIQUE_TAG = "attack-t1105"
+T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
+T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"
+T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"

From dd35bebb3e98be791a1b1178c1e676fa210b5c45 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Tue, 4 Oct 2022 16:23:17 +0200
Subject: [PATCH 02/14] Common: Add T1203 attack technique tag

---
 monkey/common/tags/__init__.py | 1 +
 monkey/common/tags/attack.py   | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/monkey/common/tags/__init__.py b/monkey/common/tags/__init__.py
index fd85dfe54..b95f346f1 100644
--- a/monkey/common/tags/__init__.py
+++ b/monkey/common/tags/__init__.py
@@ -3,4 +3,5 @@ from .attack import (
     T1110_ATTACK_TECHNIQUE_TAG,
     T1222_ATTACK_TECHNIQUE_TAG,
     T1021_ATTACK_TECHNIQUE_TAG,
+    T1203_ATTACK_TECHINQUE_TAG,
 )
diff --git a/monkey/common/tags/attack.py b/monkey/common/tags/attack.py
index e12fdf1ad..d3b724f85 100644
--- a/monkey/common/tags/attack.py
+++ b/monkey/common/tags/attack.py
@@ -2,3 +2,5 @@ T1105_ATTACK_TECHNIQUE_TAG = "attack-t1105"
 T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
 T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"
 T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
+
+T1203_ATTACK_TECHINQUE_TAG = "attack-t1203"

From 8b4af5c3499c95173bd2e55134ef624fa1bade42 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Tue, 4 Oct 2022 16:37:01 +0200
Subject: [PATCH 03/14] Common: Fix typo in attack tags

---
 monkey/common/tags/__init__.py | 2 +-
 monkey/common/tags/attack.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/monkey/common/tags/__init__.py b/monkey/common/tags/__init__.py
index b95f346f1..b91ecbeef 100644
--- a/monkey/common/tags/__init__.py
+++ b/monkey/common/tags/__init__.py
@@ -3,5 +3,5 @@ from .attack import (
     T1110_ATTACK_TECHNIQUE_TAG,
     T1222_ATTACK_TECHNIQUE_TAG,
     T1021_ATTACK_TECHNIQUE_TAG,
-    T1203_ATTACK_TECHINQUE_TAG,
+    T1203_ATTACK_TECHNIQUE_TAG,
 )
diff --git a/monkey/common/tags/attack.py b/monkey/common/tags/attack.py
index d3b724f85..b510d9923 100644
--- a/monkey/common/tags/attack.py
+++ b/monkey/common/tags/attack.py
@@ -3,4 +3,4 @@ T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
 T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"
 T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
 
-T1203_ATTACK_TECHINQUE_TAG = "attack-t1203"
+T1203_ATTACK_TECHNIQUE_TAG = "attack-t1203"

From 6a100105be0ad0598c737094b7a533fa831e1163 Mon Sep 17 00:00:00 2001
From: Kekoa Kaaikala <kekoa.kaaikala@gmail.com>
Date: Tue, 4 Oct 2022 16:16:50 +0000
Subject: [PATCH 04/14] Common: Order attack tags alphanumerically

---
 monkey/common/tags/__init__.py | 4 ++--
 monkey/common/tags/attack.py   | 5 ++---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/monkey/common/tags/__init__.py b/monkey/common/tags/__init__.py
index b91ecbeef..05ebc3894 100644
--- a/monkey/common/tags/__init__.py
+++ b/monkey/common/tags/__init__.py
@@ -1,7 +1,7 @@
 from .attack import (
+    T1021_ATTACK_TECHNIQUE_TAG,
     T1105_ATTACK_TECHNIQUE_TAG,
     T1110_ATTACK_TECHNIQUE_TAG,
-    T1222_ATTACK_TECHNIQUE_TAG,
-    T1021_ATTACK_TECHNIQUE_TAG,
     T1203_ATTACK_TECHNIQUE_TAG,
+    T1222_ATTACK_TECHNIQUE_TAG,
 )
diff --git a/monkey/common/tags/attack.py b/monkey/common/tags/attack.py
index b510d9923..83d986a51 100644
--- a/monkey/common/tags/attack.py
+++ b/monkey/common/tags/attack.py
@@ -1,6 +1,5 @@
+T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
 T1105_ATTACK_TECHNIQUE_TAG = "attack-t1105"
 T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
-T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"
-T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
-
 T1203_ATTACK_TECHNIQUE_TAG = "attack-t1203"
+T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"

From d1a8ce208218ce91baf71d9c23d147ce838e55d6 Mon Sep 17 00:00:00 2001
From: Kekoa Kaaikala <kekoa.kaaikala@gmail.com>
Date: Tue, 4 Oct 2022 16:39:21 +0000
Subject: [PATCH 05/14] Common: Add T1210 tag

---
 monkey/common/tags/__init__.py | 1 +
 monkey/common/tags/attack.py   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/monkey/common/tags/__init__.py b/monkey/common/tags/__init__.py
index 05ebc3894..de2ce1956 100644
--- a/monkey/common/tags/__init__.py
+++ b/monkey/common/tags/__init__.py
@@ -3,5 +3,6 @@ from .attack import (
     T1105_ATTACK_TECHNIQUE_TAG,
     T1110_ATTACK_TECHNIQUE_TAG,
     T1203_ATTACK_TECHNIQUE_TAG,
+    T1210_ATTACK_TECHNIQUE_TAG,
     T1222_ATTACK_TECHNIQUE_TAG,
 )
diff --git a/monkey/common/tags/attack.py b/monkey/common/tags/attack.py
index 83d986a51..e90927a43 100644
--- a/monkey/common/tags/attack.py
+++ b/monkey/common/tags/attack.py
@@ -2,4 +2,5 @@ T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
 T1105_ATTACK_TECHNIQUE_TAG = "attack-t1105"
 T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
 T1203_ATTACK_TECHNIQUE_TAG = "attack-t1203"
+T1210_ATTACK_TECHNIQUE_TAG = "attack-t1210"
 T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"

From a07eadce6045d587b30d25686c9b5e09c9399cff Mon Sep 17 00:00:00 2001
From: Kekoa Kaaikala <kekoa.kaaikala@gmail.com>
Date: Tue, 4 Oct 2022 18:00:41 +0000
Subject: [PATCH 06/14] Common: Add T1570 attack technique

---
 monkey/common/tags/__init__.py | 1 +
 monkey/common/tags/attack.py   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/monkey/common/tags/__init__.py b/monkey/common/tags/__init__.py
index de2ce1956..1215408ec 100644
--- a/monkey/common/tags/__init__.py
+++ b/monkey/common/tags/__init__.py
@@ -5,4 +5,5 @@ from .attack import (
     T1203_ATTACK_TECHNIQUE_TAG,
     T1210_ATTACK_TECHNIQUE_TAG,
     T1222_ATTACK_TECHNIQUE_TAG,
+    T1570_ATTACK_TECHNIQUE_TAG,
 )
diff --git a/monkey/common/tags/attack.py b/monkey/common/tags/attack.py
index e90927a43..dbc000d05 100644
--- a/monkey/common/tags/attack.py
+++ b/monkey/common/tags/attack.py
@@ -4,3 +4,4 @@ T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
 T1203_ATTACK_TECHNIQUE_TAG = "attack-t1203"
 T1210_ATTACK_TECHNIQUE_TAG = "attack-t1210"
 T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"
+T1570_ATTACK_TECHNIQUE_TAG = "attack-t1570"

From e46bb8964d603ebb13d2758e8698ae9e499df9ee Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 5 Oct 2022 11:11:18 +0200
Subject: [PATCH 07/14] Common: Add T1003 and T1098 attack technique tags

---
 monkey/common/tags/__init__.py | 2 ++
 monkey/common/tags/attack.py   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/monkey/common/tags/__init__.py b/monkey/common/tags/__init__.py
index 1215408ec..704f4031c 100644
--- a/monkey/common/tags/__init__.py
+++ b/monkey/common/tags/__init__.py
@@ -1,5 +1,7 @@
 from .attack import (
+    T1003_ATTACK_TECHNIQUE_TAG,
     T1021_ATTACK_TECHNIQUE_TAG,
+    T1098_ATTACK_TECHNIQUE_TAG,
     T1105_ATTACK_TECHNIQUE_TAG,
     T1110_ATTACK_TECHNIQUE_TAG,
     T1203_ATTACK_TECHNIQUE_TAG,
diff --git a/monkey/common/tags/attack.py b/monkey/common/tags/attack.py
index dbc000d05..79ca5464b 100644
--- a/monkey/common/tags/attack.py
+++ b/monkey/common/tags/attack.py
@@ -1,4 +1,6 @@
+T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
 T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
+T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098"
 T1105_ATTACK_TECHNIQUE_TAG = "attack-t1105"
 T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
 T1203_ATTACK_TECHNIQUE_TAG = "attack-t1203"

From 0ed167fb48ed68d7435900be166d433eca6535d1 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 5 Oct 2022 11:13:39 +0200
Subject: [PATCH 08/14] Agent: Import attack technique tags from common in
 Zerologon

---
 monkey/infection_monkey/exploit/zerologon.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/monkey/infection_monkey/exploit/zerologon.py b/monkey/infection_monkey/exploit/zerologon.py
index bae4a4054..19445f6ab 100644
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@@ -18,6 +18,7 @@ from impacket.dcerpc.v5.dtypes import NULL
 from common.agent_events import CredentialsStolenEvent
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
 from common.credentials import Credentials, LMHash, NTHash, Username
+from common.tags import T1003_ATTACK_TECHNIQUE_TAG, T1098_ATTACK_TECHNIQUE_TAG
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.wmi_tools import WmiTools
 from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
@@ -32,9 +33,6 @@ from infection_monkey.utils.threading import interruptible_iter
 logger = logging.getLogger(__name__)
 
 ZEROLOGON_EXPLOITER_TAG = "zerologon-exploiter"
-T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
-T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098"
-
 
 ZEROLOGON_EVENT_TAGS = frozenset(
     {
@@ -315,7 +313,7 @@ class ZerologonExploiter(HostExploiter):
             tags=ZEROLOGON_EVENT_TAGS,
             stolen_credentials=extracted_credentials,
         )
-        self.event_queue.publish(credentials_stolen_event)
+        self.agent_event_queue.publish(credentials_stolen_event)
 
     def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> Optional[str]:
         if not self.save_HKLM_keys_locally(username, user_pwd_hashes):

From 491612f9e8f97ffa4c68ead2382830018d3fea54 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 5 Oct 2022 11:21:28 +0200
Subject: [PATCH 09/14] Common: Add T1005 and T1145 attack technique tags

---
 monkey/common/tags/__init__.py | 2 ++
 monkey/common/tags/attack.py   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/monkey/common/tags/__init__.py b/monkey/common/tags/__init__.py
index 704f4031c..ea08aa9f5 100644
--- a/monkey/common/tags/__init__.py
+++ b/monkey/common/tags/__init__.py
@@ -1,9 +1,11 @@
 from .attack import (
     T1003_ATTACK_TECHNIQUE_TAG,
+    T1005_ATTACK_TECHNIQUE_TAG,
     T1021_ATTACK_TECHNIQUE_TAG,
     T1098_ATTACK_TECHNIQUE_TAG,
     T1105_ATTACK_TECHNIQUE_TAG,
     T1110_ATTACK_TECHNIQUE_TAG,
+    T1145_ATTACK_TECHNIQUE_TAG,
     T1203_ATTACK_TECHNIQUE_TAG,
     T1210_ATTACK_TECHNIQUE_TAG,
     T1222_ATTACK_TECHNIQUE_TAG,
diff --git a/monkey/common/tags/attack.py b/monkey/common/tags/attack.py
index 79ca5464b..e8881dfa7 100644
--- a/monkey/common/tags/attack.py
+++ b/monkey/common/tags/attack.py
@@ -1,8 +1,10 @@
 T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
+T1005_ATTACK_TECHNIQUE_TAG = "attack-t1005"
 T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
 T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098"
 T1105_ATTACK_TECHNIQUE_TAG = "attack-t1105"
 T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
+T1145_ATTACK_TECHNIQUE_TAG = "attack-t1145"
 T1203_ATTACK_TECHNIQUE_TAG = "attack-t1203"
 T1210_ATTACK_TECHNIQUE_TAG = "attack-t1210"
 T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"

From c8aee645fa2888ba5f79aef790ed65848f418318 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 5 Oct 2022 11:24:52 +0200
Subject: [PATCH 10/14] Agent: Import attack technique tags from common in
 SSHCollector

---
 .../credential_collectors/ssh_collector/ssh_handler.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
index e6add5589..047ee9e7b 100644
--- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
+++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
@@ -6,6 +6,11 @@ from typing import Dict, Iterable, Sequence
 from common.agent_events import CredentialsStolenEvent
 from common.credentials import Credentials, SSHKeypair, Username
 from common.event_queue import IAgentEventQueue
+from common.tags import (
+    T1003_ATTACK_TECHNIQUE_TAG,
+    T1005_ATTACK_TECHNIQUE_TAG,
+    T1145_ATTACK_TECHNIQUE_TAG,
+)
 from common.utils.attack_utils import ScanStatus
 from infection_monkey.telemetry.attack.t1005_telem import T1005Telem
 from infection_monkey.telemetry.attack.t1145_telem import T1145Telem
@@ -17,9 +22,6 @@ logger = logging.getLogger(__name__)
 
 DEFAULT_DIRS = ["/.ssh/", "/"]
 SSH_CREDENTIAL_COLLECTOR_TAG = "ssh-credentials-collector"
-T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
-T1005_ATTACK_TECHNIQUE_TAG = "attack-t1005"
-T1145_ATTACK_TECHNIQUE_TAG = "attack-t1145"
 
 SSH_COLLECTOR_EVENT_TAGS = frozenset(
     (
@@ -170,7 +172,7 @@ def to_credentials(ssh_info: Iterable[Dict]) -> Sequence[Credentials]:
 
 
 def _publish_credentials_stolen_event(
-    collected_credentials: Credentials, event_queue: IAgentEventQueue
+    collected_credentials: Sequence[Credentials], event_queue: IAgentEventQueue
 ):
     credentials_stolen_event = CredentialsStolenEvent(
         source=get_agent_id(),

From 19fcf8d053bc0e989842a747ff76efd133f4af51 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 5 Oct 2022 11:30:09 +0200
Subject: [PATCH 11/14] Agent: Import attack technique tags from common in
 MimikatzCollector

---
 .../mimikatz_collector/mimikatz_credential_collector.py        | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
index b4bf4135e..b2e3217b3 100644
--- a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
+++ b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
@@ -4,6 +4,7 @@ from typing import Sequence
 from common.agent_events import CredentialsStolenEvent
 from common.credentials import Credentials, LMHash, NTHash, Password, Username
 from common.event_queue import IAgentEventQueue
+from common.tags import T1003_ATTACK_TECHNIQUE_TAG, T1005_ATTACK_TECHNIQUE_TAG
 from infection_monkey.i_puppet import ICredentialCollector
 from infection_monkey.model import USERNAME_PREFIX
 from infection_monkey.utils.ids import get_agent_id
@@ -15,8 +16,6 @@ logger = logging.getLogger(__name__)
 
 
 MIMIKATZ_CREDENTIAL_COLLECTOR_TAG = "mimikatz-credentials-collector"
-T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
-T1005_ATTACK_TECHNIQUE_TAG = "attack-t1005"
 
 MIMIKATZ_EVENT_TAGS = frozenset(
     (

From c7e2b91735af07547e7446768f9b003adac1321f Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 5 Oct 2022 11:34:50 +0200
Subject: [PATCH 12/14] Agent: Rename event_queue to agent_event_queue in
 MimikatzCredentialCollector

---
 .../mimikatz_collector/mimikatz_credential_collector.py     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
index b2e3217b3..4e3efd594 100644
--- a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
+++ b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
@@ -27,8 +27,8 @@ MIMIKATZ_EVENT_TAGS = frozenset(
 
 
 class MimikatzCredentialCollector(ICredentialCollector):
-    def __init__(self, event_queue: IAgentEventQueue):
-        self._event_queue = event_queue
+    def __init__(self, agent_event_queue: IAgentEventQueue):
+        self._agent_event_queue = agent_event_queue
 
     def collect_credentials(self, options=None) -> Sequence[Credentials]:
         logger.info("Attempting to collect windows credentials with pypykatz.")
@@ -81,4 +81,4 @@ class MimikatzCredentialCollector(ICredentialCollector):
             stolen_credentials=collected_credentials,
         )
 
-        self._event_queue.publish(credentials_stolen_event)
+        self._agent_event_queue.publish(credentials_stolen_event)

From 2ece91b9dfc5bbc0001dfd0a6b3624116825cd83 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 5 Oct 2022 11:37:58 +0200
Subject: [PATCH 13/14] Agent: Rename event_queue to agent_event_queue in
 SSHCredentialCollector

---
 .../ssh_collector/ssh_credential_collector.py        |  8 +++++---
 .../ssh_collector/ssh_handler.py                     | 12 ++++++------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
index ed0fc1a8e..d4c1c84da 100644
--- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
+++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
@@ -15,13 +15,15 @@ class SSHCredentialCollector(ICredentialCollector):
     SSH keys credential collector
     """
 
-    def __init__(self, telemetry_messenger: ITelemetryMessenger, event_queue: IAgentEventQueue):
+    def __init__(
+        self, telemetry_messenger: ITelemetryMessenger, agent_event_queue: IAgentEventQueue
+    ):
         self._telemetry_messenger = telemetry_messenger
-        self._event_queue = event_queue
+        self._agent_event_queue = agent_event_queue
 
     def collect_credentials(self, _options=None) -> Sequence[Credentials]:
         logger.info("Started scanning for SSH credentials")
-        ssh_info = ssh_handler.get_ssh_info(self._telemetry_messenger, self._event_queue)
+        ssh_info = ssh_handler.get_ssh_info(self._telemetry_messenger, self._agent_event_queue)
         logger.info("Finished scanning for SSH credentials")
 
         return ssh_handler.to_credentials(ssh_info)
diff --git a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
index 047ee9e7b..3776ce8ef 100644
--- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
+++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
@@ -34,7 +34,7 @@ SSH_COLLECTOR_EVENT_TAGS = frozenset(
 
 
 def get_ssh_info(
-    telemetry_messenger: ITelemetryMessenger, event_queue: IAgentEventQueue
+    telemetry_messenger: ITelemetryMessenger, agent_event_queue: IAgentEventQueue
 ) -> Iterable[Dict]:
     # TODO: Remove this check when this is turned into a plugin.
     if is_windows_os():
@@ -44,7 +44,7 @@ def get_ssh_info(
         return []
 
     home_dirs = _get_home_dirs()
-    ssh_info = _get_ssh_files(home_dirs, telemetry_messenger, event_queue)
+    ssh_info = _get_ssh_files(home_dirs, telemetry_messenger, agent_event_queue)
 
     return ssh_info
 
@@ -85,7 +85,7 @@ def _get_ssh_struct(name: str, home_dir: str) -> Dict:
 def _get_ssh_files(
     user_info: Iterable[Dict],
     telemetry_messenger: ITelemetryMessenger,
-    event_queue: IAgentEventQueue,
+    agent_event_queue: IAgentEventQueue,
 ) -> Iterable[Dict]:
     for info in user_info:
         path = info["home_dir"]
@@ -127,7 +127,7 @@ def _get_ssh_files(
 
                                             collected_credentials = to_credentials([info])
                                             _publish_credentials_stolen_event(
-                                                collected_credentials, event_queue
+                                                collected_credentials, agent_event_queue
                                             )
                                         else:
                                             continue
@@ -172,7 +172,7 @@ def to_credentials(ssh_info: Iterable[Dict]) -> Sequence[Credentials]:
 
 
 def _publish_credentials_stolen_event(
-    collected_credentials: Sequence[Credentials], event_queue: IAgentEventQueue
+    collected_credentials: Sequence[Credentials], agent_event_queue: IAgentEventQueue
 ):
     credentials_stolen_event = CredentialsStolenEvent(
         source=get_agent_id(),
@@ -180,4 +180,4 @@ def _publish_credentials_stolen_event(
         stolen_credentials=collected_credentials,
     )
 
-    event_queue.publish(credentials_stolen_event)
+    agent_event_queue.publish(credentials_stolen_event)

From 63f869d296961ef8c05ed9612cc987ecc47bf23c Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 5 Oct 2022 14:21:23 +0200
Subject: [PATCH 14/14] Project: Add common.tags and HostExploiter publish
 functions to Vulture

---
 vulture_allowlist.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/vulture_allowlist.py b/vulture_allowlist.py
index a844caddb..b3c0011fc 100644
--- a/vulture_allowlist.py
+++ b/vulture_allowlist.py
@@ -9,7 +9,17 @@ from common.agent_configuration.agent_sub_configurations import (
 )
 from common.agent_events import ExploitationEvent, PingScanEvent, PropagationEvent, TCPScanEvent
 from common.credentials import Credentials, LMHash, NTHash
+from common.tags import (
+    T1021_ATTACK_TECHNIQUE_TAG,
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1110_ATTACK_TECHNIQUE_TAG,
+    T1203_ATTACK_TECHNIQUE_TAG,
+    T1210_ATTACK_TECHNIQUE_TAG,
+    T1222_ATTACK_TECHNIQUE_TAG,
+    T1570_ATTACK_TECHNIQUE_TAG,
+)
 from common.types import NetworkPort
+from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.log4shell_utils.ldap_server import LDAPServerFactory
 from monkey_island.cc.event_queue import IslandEventTopic, PyPubSubIslandEventQueue
 from monkey_island.cc.models import Report
@@ -318,6 +328,16 @@ TCPScanEvent.port_status
 # TODO: Remove once #2269 is close
 PropagationEvent
 ExploitationEvent
+T1021_ATTACK_TECHNIQUE_TAG
+T1105_ATTACK_TECHNIQUE_TAG
+T1110_ATTACK_TECHNIQUE_TAG
+T1203_ATTACK_TECHNIQUE_TAG
+T1210_ATTACK_TECHNIQUE_TAG
+T1222_ATTACK_TECHNIQUE_TAG
+T1570_ATTACK_TECHNIQUE_TAG
+HostExploiter._publish_propagation_event
+HostExploiter._publish_exploitation_event
+
 
 # pydantic base models
 underscore_attrs_are_private