island: Move T1216's details from T1216.py to attack_schema.py so that it's

shown in the config instead of the ATT&CK report
2021-09-22 18:23:17 +05:30 · 2021-09-22 18:23:17 +05:30 · 9564fb1aaa
parent ba2207b21d
commit 9564fb1aaa
2 changed files with 6 additions and 13 deletions
--- a/monkey/monkey_island/cc/services/attack/attack_schema.py
+++ b/monkey/monkey_island/cc/services/attack/attack_schema.py
@ -214,9 +214,10 @@ SCHEMA = {
                    "value": False,
                    "necessary": False,
                    "link": "https://attack.mitre.org/techniques/T1216",
-                    "description": "Adversaries may use scripts signed with "
-                    "trusted certificates to "
-                    "proxy execution of malicious files on Windows systems.",
+                    "description": "Adversaries may use scripts signed with trusted certificates "
+                    "to proxy execution of malicious files on Windows systems. This behavior could "
+                    "be abused by adversaries to execute malicious files that could bypass "
+                    "application control and signature validation on systems.",
                },
            },
        },
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1216.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1216.py
@ -6,22 +6,14 @@ class T1216(PostBreachTechnique):
    tech_id = "T1216"
    unscanned_msg = (
        "Monkey didn't attempt to execute an arbitrary program with the help of a "
-        + "pre-existing signed script since it didn't run on any Windows machines. "
-        + "If successful, this behavior could be abused by adversaries to execute malicious "
-        "files that could " + "bypass application control and signature validation on "
-        "systems."
+        "pre-existing signed script since it didn't run on any Windows machines. "
    )
    scanned_msg = (
        "Monkey attempted to execute an arbitrary program with the help of a "
-        + "pre-existing signed script on Windows but failed. "
-        + "If successful, this behavior could be abused by adversaries to execute malicious "
-        "files that could " + "bypass application control and signature validation on "
-        "systems."
+        "pre-existing signed script on Windows but failed. "
    )
    used_msg = (
        "Monkey executed an arbitrary program with the help of a pre-existing signed script "
        "on Windows. "
-        + "This behavior could be abused by adversaries to execute malicious files that could "
-        + "bypass application control and signature validation on systems."
    )
    pba_names = [POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC]