forked from p34709852/monkey
Shreya
parent
c1c412f176
commit
7cb0e111cc
|
|
@ -6,31 +6,9 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||||
__author__ = "shreyamalviya"
|
__author__ = "shreyamalviya"
|
||||||
|
|
||||||
|
|
||||||
class T1158(AttackTechnique):
|
class T1158(PostBreachTechnique):
|
||||||
tech_id = "T1158"
|
tech_id = "T1158"
|
||||||
unscanned_msg = "Monkey did not try creating hidden files or folders."
|
unscanned_msg = "Monkey did not try creating hidden files or folders."
|
||||||
scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
|
scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
|
||||||
used_msg = "Monkey created hidden files and folders on the system."
|
used_msg = "Monkey created hidden files and folders on the system."
|
||||||
|
pba_name = POST_BREACH_HIDDEN_FILES
|
||||||
query = [{'$match': {'telem_category': 'post_breach',
|
|
||||||
'data.name': POST_BREACH_HIDDEN_FILES}},
|
|
||||||
{'$project': {'_id': 0,
|
|
||||||
'machine': {'hostname': '$data.hostname',
|
|
||||||
'ips': ['$data.ip']},
|
|
||||||
'result': '$data.result'}}]
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def get_report_data():
|
|
||||||
data = {'title': T1158.technique_title(), 'info': []}
|
|
||||||
|
|
||||||
hidden_file_info = list(mongo.db.telemetry.aggregate(T1158.query))
|
|
||||||
|
|
||||||
status = []
|
|
||||||
for pba_node in hidden_file_info:
|
|
||||||
status.append(pba_node['result'][1])
|
|
||||||
status = (ScanStatus.USED.value if any(status) else ScanStatus.SCANNED.value)\
|
|
||||||
if status else ScanStatus.UNSCANNED.value
|
|
||||||
|
|
||||||
data.update(T1158.get_base_data_by_status(status))
|
|
||||||
data.update({'info': hidden_file_info})
|
|
||||||
return data
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,41 @@
|
||||||
|
import abc
|
||||||
|
|
||||||
|
from monkey_island.cc.services.attack.attack_config import AttackConfig
|
||||||
|
from monkey_island.cc.database import mongo
|
||||||
|
from common.utils.attack_utils import ScanStatus
|
||||||
|
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||||
|
|
||||||
|
|
||||||
|
class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
|
||||||
|
@property
|
||||||
|
@abc.abstractmethod
|
||||||
|
def pba_name(self):
|
||||||
|
"""
|
||||||
|
:return: name of post breach action
|
||||||
|
"""
|
||||||
|
pass
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def get_pba_query(cls, post_breach_action_name):
|
||||||
|
return [{'$match': {'telem_category': 'post_breach',
|
||||||
|
'data.name': post_breach_action_name}},
|
||||||
|
{'$project': {'_id': 0,
|
||||||
|
'machine': {'hostname': '$data.hostname',
|
||||||
|
'ips': ['$data.ip']},
|
||||||
|
'result': '$data.result'}}]
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def get_report_data(cls):
|
||||||
|
data = {'title': cls.technique_title(), 'info': []}
|
||||||
|
|
||||||
|
info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_name)))
|
||||||
|
|
||||||
|
status = []
|
||||||
|
for pba_node in info:
|
||||||
|
status.append(pba_node['result'][1])
|
||||||
|
status = (ScanStatus.USED.value if any(status) else ScanStatus.SCANNED.value)\
|
||||||
|
if status else ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
|
data.update(cls.get_base_data_by_status(status))
|
||||||
|
data.update({'info': info})
|
||||||
|
return data
|
||||||
Loading…
Reference in New Issue