p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Mongo search logic changes + used/scanned/unscanned message changes

This commit is contained in:
Shreya 2020-06-26 18:22:58 +05:30
parent 7588cd8eea
commit 9c0c298631
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
monkey/monkey_island/cc/services/attack/technique_reports/T1053.py
View File

@ -9,12 +9,13 @@ __author__ = "shreyamalviya"
class T1053(AttackTechnique): class T1053(AttackTechnique):
tech_id = "T1053" tech_id = "T1053"
unscanned_msg = "Monkey did not try scheduling a job." unscanned_msg = "Monkey did not try scheduling a job on Windows."
scanned_msg = "Monkey tried scheduling a job on the system but failed." scanned_msg = "Monkey tried scheduling a job on the Windows system but failed."
used_msg = "Monkey scheduled a job on the system." used_msg = "Monkey scheduled a job on the Windows system."
query = [{'$match': {'telem_category': 'post_breach', query = [{'$match': {'telem_category': 'post_breach',
'data.name': POST_BREACH_JOB_SCHEDULING}}, 'data.name': POST_BREACH_JOB_SCHEDULING,
'data.command': {'$regex': 'schtasks'}}},
{'$project': {'_id': 0, {'$project': {'_id': 0,
'machine': {'hostname': '$data.hostname', 'machine': {'hostname': '$data.hostname',
'ips': ['$data.ip']}, 'ips': ['$data.ip']},

9
monkey/monkey_island/cc/services/attack/technique_reports/T1168.py
View File

@ -9,12 +9,13 @@ __author__ = "shreyamalviya"
class T1168(AttackTechnique): class T1168(AttackTechnique):
tech_id = "T1168" tech_id = "T1168"
unscanned_msg = "Monkey did not try scheduling a job." unscanned_msg = "Monkey did not try scheduling a job on Linux."
scanned_msg = "Monkey tried scheduling a job on the system but failed." scanned_msg = "Monkey tried scheduling a job on the Linux system but failed."
used_msg = "Monkey scheduled a job on the system." used_msg = "Monkey scheduled a job on the Linux system."
query = [{'$match': {'telem_category': 'post_breach', query = [{'$match': {'telem_category': 'post_breach',
'data.name': POST_BREACH_JOB_SCHEDULING}}, 'data.name': POST_BREACH_JOB_SCHEDULING,
'data.command': {'$regex': 'crontab'}}},
{'$project': {'_id': 0, {'$project': {'_id': 0,
'machine': {'hostname': '$data.hostname', 'machine': {'hostname': '$data.hostname',
'ips': ['$data.ip']}, 'ips': ['$data.ip']},