Agent: Add tags to exploitation and propagation events in Log4Shell

2022-10-04 16:24:03 +02:00 · 2022-10-04 16:24:03 +02:00 · ef4a465515
parent c5506f98e8
commit ef4a465515
1 changed files with 6 additions and 0 deletions
--- a/monkey/infection_monkey/exploit/log4shell.py
+++ b/monkey/infection_monkey/exploit/log4shell.py
@ -4,6 +4,7 @@ from pathlib import PurePath

 from common import OperatingSystem
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
+from common.tags import T1203_ATTACK_TECHINQUE_TAG
 from common.utils import Timer
 from infection_monkey.exploit.log4shell_utils import (
    LINUX_EXPLOIT_TEMPLATE_PATH,
@ -26,6 +27,8 @@ from infection_monkey.utils.threading import interruptible_iter

 logger = logging.getLogger(__name__)

+LOG4SHELL_EXPLOITER_TAG = "log4shel-exploiter"
+

 class Log4ShellExploiter(WebRCE):
    _EXPLOITED_SERVICE = "Log4j"
@ -163,6 +166,7 @@ class Log4ShellExploiter(WebRCE):
                        target=self.host.ip_addr,
                        exploitation_success=False,
                        error_message=error_message,
+                        tags=(LOG4SHELL_EXPLOITER_TAG,),
                    )

                if self._wait_for_victim():
@ -188,6 +192,7 @@ class Log4ShellExploiter(WebRCE):
                self._publish_exploitation_event(
                    target=self.host.ip_addr,
                    exploitation_success=True,
+                    tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHINQUE_TAG),
                )
                self.exploit_result.exploitation_success = True
                return True
@ -206,6 +211,7 @@ class Log4ShellExploiter(WebRCE):
                self._publish_propagation_event(
                    target=self.host.ip_addr,
                    propagation_success=True,
+                    tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHINQUE_TAG),
                )
                self.exploit_result.propagation_success = True
                break