forked from p34709852/monkey
agent: Rename RansomwareTelem -> FileEncryptionTelem
Ransomware will soon do more than just encrypt files. We should give the telemetry that's related to encrypting files a more descriptive name that better describes what it is reporting.
This commit is contained in:
parent
543f0031a2
commit
49eb1cd996
|
@ -8,4 +8,4 @@ class TelemCategoryEnum:
|
||||||
TRACE = "trace"
|
TRACE = "trace"
|
||||||
TUNNEL = "tunnel"
|
TUNNEL = "tunnel"
|
||||||
ATTACK = "attack"
|
ATTACK = "attack"
|
||||||
RANSOMWARE = "ransomware"
|
FILE_ENCRYPTION = "file_encryption"
|
||||||
|
|
|
@ -5,8 +5,8 @@ from typing import List, Optional, Tuple
|
||||||
from infection_monkey.ransomware.bitflip_encryptor import BitflipEncryptor
|
from infection_monkey.ransomware.bitflip_encryptor import BitflipEncryptor
|
||||||
from infection_monkey.ransomware.file_selectors import select_production_safe_target_files
|
from infection_monkey.ransomware.file_selectors import select_production_safe_target_files
|
||||||
from infection_monkey.ransomware.valid_file_extensions import VALID_FILE_EXTENSIONS_FOR_ENCRYPTION
|
from infection_monkey.ransomware.valid_file_extensions import VALID_FILE_EXTENSIONS_FOR_ENCRYPTION
|
||||||
|
from infection_monkey.telemetry.file_encryption_telem import FileEncryptionTelem
|
||||||
from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
|
from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
|
||||||
from infection_monkey.telemetry.ransomware_telem import RansomwareTelem
|
|
||||||
from infection_monkey.utils.environment import is_windows_os
|
from infection_monkey.utils.environment import is_windows_os
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
@ -68,5 +68,5 @@ class RansomewarePayload:
|
||||||
filepath.rename(new_filepath)
|
filepath.rename(new_filepath)
|
||||||
|
|
||||||
def _send_telemetry(self, filepath: Path, error: str):
|
def _send_telemetry(self, filepath: Path, error: str):
|
||||||
encryption_attempt = RansomwareTelem((str(filepath), str(error)))
|
encryption_attempt = FileEncryptionTelem((str(filepath), str(error)))
|
||||||
self._telemetry_messenger.send_telemetry(encryption_attempt)
|
self._telemetry_messenger.send_telemetry(encryption_attempt)
|
||||||
|
|
|
@ -6,10 +6,10 @@ from infection_monkey.telemetry.batchable_telem_mixin import BatchableTelemMixin
|
||||||
from infection_monkey.telemetry.i_batchable_telem import IBatchableTelem
|
from infection_monkey.telemetry.i_batchable_telem import IBatchableTelem
|
||||||
|
|
||||||
|
|
||||||
class RansomwareTelem(BatchableTelemMixin, IBatchableTelem, BaseTelem):
|
class FileEncryptionTelem(BatchableTelemMixin, IBatchableTelem, BaseTelem):
|
||||||
def __init__(self, entry: Tuple[str, str]):
|
def __init__(self, entry: Tuple[str, str]):
|
||||||
"""
|
"""
|
||||||
Ransomware telemetry constructor
|
File Encryption telemetry constructor
|
||||||
:param attempts: List of tuples with each tuple containing the path
|
:param attempts: List of tuples with each tuple containing the path
|
||||||
of a file it tried encrypting and its result.
|
of a file it tried encrypting and its result.
|
||||||
If ransomware fails completely - list of one tuple
|
If ransomware fails completely - list of one tuple
|
||||||
|
@ -19,7 +19,7 @@ class RansomwareTelem(BatchableTelemMixin, IBatchableTelem, BaseTelem):
|
||||||
|
|
||||||
self._telemetry_entries.append(entry)
|
self._telemetry_entries.append(entry)
|
||||||
|
|
||||||
telem_category = TelemCategoryEnum.RANSOMWARE
|
telem_category = TelemCategoryEnum.FILE_ENCRYPTION
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return {"ransomware_attempts": self._telemetry_entries}
|
return {"files": self._telemetry_entries}
|
|
@ -133,10 +133,10 @@ def test_telemetry_success(ransomware_payload, telemetry_messenger_spy):
|
||||||
telem_1 = telemetry_messenger_spy.telemetries[0]
|
telem_1 = telemetry_messenger_spy.telemetries[0]
|
||||||
telem_2 = telemetry_messenger_spy.telemetries[1]
|
telem_2 = telemetry_messenger_spy.telemetries[1]
|
||||||
|
|
||||||
assert ALL_ZEROS_PDF in telem_1.get_data()["ransomware_attempts"][0][0]
|
assert ALL_ZEROS_PDF in telem_1.get_data()["files"][0][0]
|
||||||
assert telem_1.get_data()["ransomware_attempts"][0][1] == ""
|
assert telem_1.get_data()["files"][0][1] == ""
|
||||||
assert TEST_KEYBOARD_TXT in telem_2.get_data()["ransomware_attempts"][0][0]
|
assert TEST_KEYBOARD_TXT in telem_2.get_data()["files"][0][0]
|
||||||
assert telem_2.get_data()["ransomware_attempts"][0][1] == ""
|
assert telem_2.get_data()["files"][0][1] == ""
|
||||||
|
|
||||||
|
|
||||||
def test_telemetry_failure(monkeypatch, ransomware_payload, telemetry_messenger_spy):
|
def test_telemetry_failure(monkeypatch, ransomware_payload, telemetry_messenger_spy):
|
||||||
|
@ -149,5 +149,5 @@ def test_telemetry_failure(monkeypatch, ransomware_payload, telemetry_messenger_
|
||||||
ransomware_payload.run_payload()
|
ransomware_payload.run_payload()
|
||||||
telem_1 = telemetry_messenger_spy.telemetries[0]
|
telem_1 = telemetry_messenger_spy.telemetries[0]
|
||||||
|
|
||||||
assert "/file/not/exist" in telem_1.get_data()["ransomware_attempts"][0][0]
|
assert "/file/not/exist" in telem_1.get_data()["files"][0][0]
|
||||||
assert "No such file or directory" in telem_1.get_data()["ransomware_attempts"][0][1]
|
assert "No such file or directory" in telem_1.get_data()["files"][0][1]
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
import json
|
||||||
|
|
||||||
|
from infection_monkey.telemetry.file_encryption_telem import FileEncryptionTelem
|
||||||
|
|
||||||
|
ENCRYPTION_ATTEMPTS = [("<file1>", "<encryption attempt result>"), ("<file2>", "")]
|
||||||
|
|
||||||
|
|
||||||
|
def test_file_encryption_telem_send(spy_send_telemetry):
|
||||||
|
file_encryption_telem_1 = FileEncryptionTelem(ENCRYPTION_ATTEMPTS[0])
|
||||||
|
file_encryption_telem_2 = FileEncryptionTelem(ENCRYPTION_ATTEMPTS[1])
|
||||||
|
|
||||||
|
file_encryption_telem_1.add_telemetry_to_batch(file_encryption_telem_2)
|
||||||
|
|
||||||
|
file_encryption_telem_1.send()
|
||||||
|
expected_data = {"files": ENCRYPTION_ATTEMPTS}
|
||||||
|
expected_data = json.dumps(expected_data, cls=file_encryption_telem_1.json_encoder)
|
||||||
|
|
||||||
|
assert spy_send_telemetry.data == expected_data
|
||||||
|
assert spy_send_telemetry.telem_category == "file_encryption"
|
|
@ -1,19 +0,0 @@
|
||||||
import json
|
|
||||||
|
|
||||||
from infection_monkey.telemetry.ransomware_telem import RansomwareTelem
|
|
||||||
|
|
||||||
ENCRYPTION_ATTEMPTS = [("<file1>", "<encryption attempt result>"), ("<file2>", "")]
|
|
||||||
|
|
||||||
|
|
||||||
def test_ransomware_telem_send(spy_send_telemetry):
|
|
||||||
ransomware_telem_1 = RansomwareTelem(ENCRYPTION_ATTEMPTS[0])
|
|
||||||
ransomware_telem_2 = RansomwareTelem(ENCRYPTION_ATTEMPTS[1])
|
|
||||||
|
|
||||||
ransomware_telem_1.add_telemetry_to_batch(ransomware_telem_2)
|
|
||||||
|
|
||||||
ransomware_telem_1.send()
|
|
||||||
expected_data = {"ransomware_attempts": ENCRYPTION_ATTEMPTS}
|
|
||||||
expected_data = json.dumps(expected_data, cls=ransomware_telem_1.json_encoder)
|
|
||||||
|
|
||||||
assert spy_send_telemetry.data == expected_data
|
|
||||||
assert spy_send_telemetry.telem_category == "ransomware"
|
|
Loading…
Reference in New Issue