From ad9b2aa6de6b3ff7e7c8f684b7e219b9d963c76a Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Thu, 27 Jun 2019 10:26:52 +0300
Subject: [PATCH] Implemented uncommonly used port attack technique

---
 .../cc/services/attack/attack_report.py       |  5 +++--
 .../cc/services/attack/attack_schema.py       | 14 +++++++++++++
 .../attack/technique_reports/T1065.py         | 20 +++++++++++++++++++
 .../src/components/attack/techniques/T1065.js | 16 +++++++++++++++
 .../report-components/AttackReport.js         |  4 +++-
 5 files changed, 56 insertions(+), 3 deletions(-)
 create mode 100644 monkey/monkey_island/cc/services/attack/technique_reports/T1065.py
 create mode 100644 monkey/monkey_island/cc/ui/src/components/attack/techniques/T1065.js

diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py
index 7bec85a32..085a4c0be 100644
--- a/monkey/monkey_island/cc/services/attack/attack_report.py
+++ b/monkey/monkey_island/cc/services/attack/attack_report.py
@@ -1,6 +1,6 @@
 import logging
 from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082
-from monkey_island.cc.services.attack.technique_reports import T1145
+from monkey_island.cc.services.attack.technique_reports import T1145, T1065
 from monkey_island.cc.services.attack.attack_config import AttackConfig
 from monkey_island.cc.database import mongo
 
@@ -17,7 +17,8 @@ TECHNIQUES = {'T1210': T1210.T1210,
               'T1059': T1059.T1059,
               'T1086': T1086.T1086,
               'T1082': T1082.T1082,
-              'T1145': T1145.T1145}
+              'T1145': T1145.T1145,
+              'T1065': T1065.T1065}
 
 REPORT_NAME = 'new_report'
 
diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py
index 00d3e9536..f2ef0dceb 100644
--- a/monkey/monkey_island/cc/services/attack/attack_schema.py
+++ b/monkey/monkey_island/cc/services/attack/attack_schema.py
@@ -131,5 +131,19 @@ SCHEMA = {
                 }
             }
         },
+        "command_and_control": {
+            "title": "Command and Control",
+            "type": "object",
+            "properties": {
+                "T1065": {
+                    "title": "T1065 Uncommonly used port",
+                    "type": "bool",
+                    "value": True,
+                    "necessary": True,
+                    "description": "Adversaries may conduct C2 communications over a non-standard "
+                                   "port to bypass proxies and firewalls that have been improperly configured."
+                }
+            }
+        },
     }
 }
diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py
new file mode 100644
index 000000000..fd34e80e9
--- /dev/null
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py
@@ -0,0 +1,20 @@
+from monkey_island.cc.services.attack.technique_reports import AttackTechnique
+from common.utils.attack_utils import ScanStatus
+from monkey_island.cc.services.config import ConfigService
+
+__author__ = "VakarisZ"
+
+
+class T1065(AttackTechnique):
+
+    tech_id = "T1065"
+    unscanned_msg = ""
+    scanned_msg = ""
+    used_msg = ""
+    message = "Monkey used port %s to communicate to C2 server."
+
+    @staticmethod
+    def get_report_data():
+        port = ConfigService.get_config_value(['cnc', 'servers', 'current_server']).split(':')[1]
+        T1065.used_msg = T1065.message % port
+        return T1065.get_base_data_by_status(ScanStatus.USED)
diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1065.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1065.js
new file mode 100644
index 000000000..5d5a8df4c
--- /dev/null
+++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1065.js
@@ -0,0 +1,16 @@
+import React from 'react';
+import '../../../styles/Collapse.scss'
+
+
+class T1065 extends React.Component {
+
+  render() {
+    return (
+      <div>
+        <div>{this.props.data.message}</div>
+      </div>
+    );
+  }
+}
+
+export default T1065;
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js
index 348510175..320181a20 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js
@@ -14,6 +14,7 @@ import T1059 from "../attack/techniques/T1059";
 import T1086 from "../attack/techniques/T1086";
 import T1082 from "../attack/techniques/T1082";
 import T1145 from "../attack/techniques/T1145";
+import T1065 from "../attack/techniques/T1065";
 
 const tech_components = {
   'T1210': T1210,
@@ -24,7 +25,8 @@ const tech_components = {
   'T1059': T1059,
   'T1086': T1086,
   'T1082': T1082,
-  'T1145': T1145
+  'T1145': T1145,
+  'T1065': T1065
 };
 
 const classNames = require('classnames');