Agent: Update tags for hadoop events

2022-10-04 19:43:14 +00:00 · 2022-10-04 19:43:14 +00:00 · 54b551b728
parent c31aed94ea
commit 54b551b728
1 changed files with 20 additions and 9 deletions
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@ -13,7 +13,11 @@ import string
 import requests
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
-from common.tags import T1203_ATTACK_TECHNIQUE_TAG
+from common.tags import (
    T1203_ATTACK_TECHNIQUE_TAG,
    T1210_ATTACK_TECHNIQUE_TAG,
    T1570_ATTACK_TECHNIQUE_TAG,
 )
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.exploit.web_rce import WebRCE
@ -28,6 +32,8 @@ from infection_monkey.utils.commands import build_monkey_commandline
 logger = logging.getLogger(__name__)
 HADOOP_EXPLOITER_TAG = "hadoop-exploiter"
 EXPLOIT_TAGS = (HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG)
 PROPAGATION_TAGS = (HADOOP_EXPLOITER_TAG, T1570_ATTACK_TECHNIQUE_TAG)
 class HadoopExploiter(WebRCE):
@ -51,7 +57,7 @@ class HadoopExploiter(WebRCE):
                target=self.host.ip_addr,
                exploitation_success=False,
                error_message=self.exploit_result.error_message,
-                tags=(HADOOP_EXPLOITER_TAG,),
+                tags=PROPAGATION_TAGS,
            )
            return self.exploit_result
@ -61,7 +67,6 @@ class HadoopExploiter(WebRCE):
            self.host, str(monkey_path_on_victim), self.agent_binary_repository
        )
        tags = (HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG)
        try:
            command = self._build_command(monkey_path_on_victim, http_path)
@ -73,16 +78,22 @@ class HadoopExploiter(WebRCE):
                self._publish_propagation_event(
                    target=self.host.ip_addr,
                    propagation_success=True,
-                    tags=(HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
+                    tags=PROPAGATION_TAGS,
                )
            else:
                error_message = f"Failed to exploit via {self.vulnerable_urls[0]}"
-                self._publish_exploitation_event(self.host.ip_addr, False, tags, error_message)
+                self._publish_exploitation_event(
-                self._publish_propagation_event(self.host.ip_addr, False, tags, error_message)
+                    self.host.ip_addr, False, EXPLOIT_TAGS, error_message
                )
                self._publish_propagation_event(
                    self.host.ip_addr, False, PROPAGATION_TAGS, error_message
                )
        except requests.RequestException as err:
            error_message = str(err)
-            self._publish_exploitation_event(self.host.ip_addr, False, tags, error_message)
+            self._publish_exploitation_event(self.host.ip_addr, False, EXPLOIT_TAGS, error_message)
-            self._publish_propagation_event(self.host.ip_addr, False, tags, error_message)
+            self._publish_propagation_event(
                self.host.ip_addr, False, PROPAGATION_TAGS, error_message
            )
        finally:
            http_thread.join(self.DOWNLOAD_TIMEOUT)
            http_thread.stop()
@ -121,7 +132,7 @@ class HadoopExploiter(WebRCE):
            self._publish_exploitation_event(
                target=self.host.ip_addr,
                exploitation_success=True,
-                tags=(HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
+                tags=EXPLOIT_TAGS,
            )
        return success