This commit is contained in:
Shreya 2020-07-22 01:57:40 +05:30
parent f6556704d6
commit 1fdca52788
4 changed files with 12 additions and 14 deletions

View File

@ -1,5 +1,3 @@
import subprocess
from common.data.post_breach_consts import \ from common.data.post_breach_consts import \
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
@ -7,8 +5,6 @@ from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modifi
get_commands_to_modify_shell_startup_files get_commands_to_modify_shell_startup_files
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
class ModifyShellStartupFiles(PBA): class ModifyShellStartupFiles(PBA):
""" """

View File

@ -2,8 +2,9 @@ from common.data.post_breach_consts import \
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.services.attack.technique_reports import AttackTechnique
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import \ from monkey_island.cc.services.attack.technique_reports.technique_report_tools import (
extract_shell_startup_files_modification_info, get_shell_startup_files_modification_status extract_shell_startup_files_modification_info,
get_shell_startup_files_modification_status)
__author__ = "shreyamalviya" __author__ = "shreyamalviya"
@ -17,8 +18,8 @@ class T1156(AttackTechnique):
query = [{'$match': {'telem_category': 'post_breach', query = [{'$match': {'telem_category': 'post_breach',
'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}}, 'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}},
{'$project': {'_id': 0, {'$project': {'_id': 0,
'machine': {'hostname': '$data.hostname', 'machine': {'hostname': {'$arrayElemAt': ['$data.hostname', 0]},
'ips': ['$data.ip']}, 'ips': [{'$arrayElemAt': ['$data.ip', 0]}]},
'result': '$data.result'}}] 'result': '$data.result'}}]
@staticmethod @staticmethod

View File

@ -2,8 +2,9 @@ from common.data.post_breach_consts import \
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.services.attack.technique_reports import AttackTechnique
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import \ from monkey_island.cc.services.attack.technique_reports.technique_report_tools import (
extract_shell_startup_files_modification_info, get_shell_startup_files_modification_status extract_shell_startup_files_modification_info,
get_shell_startup_files_modification_status)
__author__ = "shreyamalviya" __author__ = "shreyamalviya"
@ -17,8 +18,8 @@ class T1504(AttackTechnique):
query = [{'$match': {'telem_category': 'post_breach', query = [{'$match': {'telem_category': 'post_breach',
'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}}, 'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}},
{'$project': {'_id': 0, {'$project': {'_id': 0,
'machine': {'hostname': '$data.hostname', 'machine': {'hostname': {'$arrayElemAt': ['$data.hostname', 0]},
'ips': ['$data.ip']}, 'ips': [{'$arrayElemAt': ['$data.ip', 0]}]},
'result': '$data.result'}}] 'result': '$data.result'}}]
@staticmethod @staticmethod

View File

@ -1,5 +1,5 @@
from monkey_island.cc.encryptor import encryptor
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from monkey_island.cc.encryptor import encryptor
def parse_creds(attempt): def parse_creds(attempt):
@ -51,7 +51,7 @@ def extract_shell_startup_files_modification_info(shell_startup_files_modificati
required_shell_startup_files_modification_info = [] required_shell_startup_files_modification_info = []
for shell_startup_file_result in shell_startup_files_modification_info[0]['result']: for shell_startup_file_result in shell_startup_files_modification_info[0]['result']:
if any(file_name in shell_startup_file_result[0] for file_name in required_file_names): if any(file_name in shell_startup_file_result[0] for file_name in required_file_names):
shell_startup_files_modification_info.append({ required_shell_startup_files_modification_info.append({
'machine': shell_startup_files_modification_info[0]['machine'], 'machine': shell_startup_files_modification_info[0]['machine'],
'result': shell_startup_file_result 'result': shell_startup_file_result
}) })