agent: ransomware: Iterate through files in directory and get list of files to encrypt

This commit is contained in:
Shreya 2021-06-22 11:41:49 +05:30
parent 901485c9e4
commit 5b64ea5151
2 changed files with 95 additions and 0 deletions

View File

@ -0,0 +1,94 @@
import os
from typing import Iterator, List
VALID_FILE_EXTENSIONS_FOR_ENCRYPTION = {
".3ds",
".7z",
".accdb",
".ai",
".asp",
".aspx",
".avhd",
".avi",
".back",
".bak",
".c",
".cfg",
".conf",
".cpp",
".cs",
".ctl",
".dbf",
".disk",
".djvu",
".doc",
".docx",
".dwg",
".eml",
".fdb",
".giff",
".gz",
".h",
".hdd",
".jpg",
".jpeg",
".kdbx",
".mail",
".mdb",
".mpg",
".mpeg",
".msg",
".nrg",
".ora",
".ost",
".ova",
".ovf",
".pdf",
".php",
".pmf",
".png",
".ppt",
".pptx",
".pst",
".pvi",
".py",
".pyc",
".rar",
".rtf",
".sln",
".sql",
".tar",
".tiff",
".txt",
".vbox",
".vbs",
".vcb",
".vdi",
".vfd",
".vmc",
".vmdk",
".vmsd",
".vmx",
".vsdx",
".vsv",
".work",
".xls",
".xlsx",
".xvd",
".zip",
}
def get_files_to_encrypt(dir_path: str) -> List[str]:
all_files = get_all_files_in_directory(dir_path)
files_to_encrypt = []
for file in all_files:
if os.path.splitext(file)[1] in VALID_FILE_EXTENSIONS_FOR_ENCRYPTION:
files_to_encrypt.append(file)
return files_to_encrypt
def get_all_files_in_directory(dir_path: str) -> Iterator:
return filter(os.path.isfile, [os.path.join(dir_path, item) for item in os.listdir(dir_path)])

View File

@ -171,6 +171,7 @@ ISLAND # unused variable (monkey/monkey_island/cc/services/utils/node_states.py
MONKEY_LINUX_RUNNING # unused variable (monkey/monkey_island/cc/services/utils/node_states.py:26)
import_status # monkey_island\cc\resources\configuration_import.py:19
config_schema # monkey_island\cc\resources\configuration_import.py:25
get_files_to_encrypt # monkey/infection_monkey/ransomware/utils.py:82
# these are not needed for it to work, but may be useful extra information to understand what's going on
WINDOWS_PBA_TYPE # unused variable (monkey/monkey_island/cc/resources/pba_file_upload.py:23)