Merge pull request #1308 from guardicore/ransomware_encryption_table_data

Ransomware encryption table data
This commit is contained in:
Mike Salvatore 2021-07-13 06:46:58 -04:00 committed by GitHub
commit afe7498019
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 568 additions and 148 deletions

View File

@ -34,7 +34,7 @@ pyaescrypt = "*"
[dev-packages] [dev-packages]
virtualenv = ">=20.0.26" virtualenv = ">=20.0.26"
mongomock = "==3.19.0" mongomock = "==3.23.0"
pytest = ">=5.4" pytest = ">=5.4"
requests-mock = "==1.8.0" requests-mock = "==1.8.0"
black = "==20.8b1" black = "==20.8b1"

View File

@ -1,7 +1,7 @@
{ {
"_meta": { "_meta": {
"hash": { "hash": {
"sha256": "94483f0315aa31ddeb508e5dc5ef4dcf424d09487c6ea01bc857082636df59cc" "sha256": "7157e13d928bde23582b6289405713962f3334bd32ac80b22202b605ed4dcefb"
}, },
"pipfile-spec": 6, "pipfile-spec": 6,
"requires": { "requires": {
@ -98,58 +98,49 @@
}, },
"cffi": { "cffi": {
"hashes": [ "hashes": [
"sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813", "sha256:06c54a68935738d206570b20da5ef2b6b6d92b38ef3ec45c5422c0ebaf338d4d",
"sha256:04c468b622ed31d408fea2346bec5bbffba2cc44226302a0de1ade9f5ea3d373", "sha256:0c0591bee64e438883b0c92a7bed78f6290d40bf02e54c5bf0978eaf36061771",
"sha256:06d7cd1abac2ffd92e65c0609661866709b4b2d82dd15f611e602b9b188b0b69", "sha256:19ca0dbdeda3b2615421d54bef8985f72af6e0c47082a8d26122adac81a95872",
"sha256:06db6321b7a68b2bd6df96d08a5adadc1fa0e8f419226e25b2a5fbf6ccc7350f", "sha256:22b9c3c320171c108e903d61a3723b51e37aaa8c81255b5e7ce102775bd01e2c",
"sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06", "sha256:26bb2549b72708c833f5abe62b756176022a7b9a7f689b571e74c8478ead51dc",
"sha256:0f861a89e0043afec2a51fd177a567005847973be86f709bbb044d7f42fc4e05", "sha256:33791e8a2dc2953f28b8d8d300dde42dd929ac28f974c4b4c6272cb2955cb762",
"sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea", "sha256:3c8d896becff2fa653dc4438b54a5a25a971d1f4110b32bd3068db3722c80202",
"sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee", "sha256:4373612d59c404baeb7cbd788a18b2b2a8331abcc84c3ba40051fcd18b17a4d5",
"sha256:1bf1ac1984eaa7675ca8d5745a8cb87ef7abecb5592178406e55858d411eadc0", "sha256:487d63e1454627c8e47dd230025780e91869cfba4c753a74fda196a1f6ad6548",
"sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396", "sha256:4922cd707b25e623b902c86188aca466d3620892db76c0bdd7b99a3d5e61d35f",
"sha256:24a570cd11895b60829e941f2613a4f79df1a27344cbbb82164ef2e0116f09c7", "sha256:55af55e32ae468e9946f741a5d51f9896da6b9bf0bbdd326843fec05c730eb20",
"sha256:24ec4ff2c5c0c8f9c6b87d5bb53555bf267e1e6f70e52e5a9740d32861d36b6f", "sha256:5d4b68e216fc65e9fe4f524c177b54964af043dde734807586cf5435af84045c",
"sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73", "sha256:64fda793737bc4037521d4899be780534b9aea552eb673b9833b01f945904c2e",
"sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315", "sha256:6d6169cb3c6c2ad50db5b868db6491a790300ade1ed5d1da29289d73bbe40b56",
"sha256:293e7ea41280cb28c6fcaaa0b1aa1f533b8ce060b9e701d78511e1e6c4a1de76", "sha256:7bcac9a2b4fdbed2c16fa5681356d7121ecabf041f18d97ed5b8e0dd38a80224",
"sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1", "sha256:80b06212075346b5546b0417b9f2bf467fea3bfe7352f781ffc05a8ab24ba14a",
"sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49", "sha256:818014c754cd3dba7229c0f5884396264d51ffb87ec86e927ef0be140bfdb0d2",
"sha256:3c3f39fa737542161d8b0d680df2ec249334cd70a8f420f71c9304bd83c3cbed", "sha256:8eb687582ed7cd8c4bdbff3df6c0da443eb89c3c72e6e5dcdd9c81729712791a",
"sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892", "sha256:99f27fefe34c37ba9875f224a8f36e31d744d8083e00f520f133cab79ad5e819",
"sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482", "sha256:9f3e33c28cd39d1b655ed1ba7247133b6f7fc16fa16887b120c0c670e35ce346",
"sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058", "sha256:a8661b2ce9694ca01c529bfa204dbb144b275a31685a075ce123f12331be790b",
"sha256:51182f8927c5af975fece87b1b369f722c570fe169f9880764b1ee3bca8347b5", "sha256:a9da7010cec5a12193d1af9872a00888f396aba3dc79186604a09ea3ee7c029e",
"sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53", "sha256:b315d709717a99f4b27b59b021e6207c64620790ca3e0bde636a6c7f14618abb",
"sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045", "sha256:ba6f2b3f452e150945d58f4badd92310449876c4c954836cfb1803bdd7b422f0",
"sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3", "sha256:c33d18eb6e6bc36f09d793c0dc58b0211fccc6ae5149b808da4a62660678b156",
"sha256:681d07b0d1e3c462dd15585ef5e33cb021321588bebd910124ef4f4fb71aef55", "sha256:c9a875ce9d7fe32887784274dd533c57909b7b1dcadcc128a2ac21331a9765dd",
"sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5", "sha256:c9e005e9bd57bc987764c32a1bee4364c44fdc11a3cc20a40b93b444984f2b87",
"sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e", "sha256:d2ad4d668a5c0645d281dcd17aff2be3212bc109b33814bbb15c4939f44181cc",
"sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c", "sha256:d950695ae4381ecd856bcaf2b1e866720e4ab9a1498cba61c602e56630ca7195",
"sha256:72d8d3ef52c208ee1c7b2e341f7d71c6fd3157138abf1a95166e6165dd5d4369", "sha256:e22dcb48709fc51a7b58a927391b23ab37eb3737a98ac4338e2448bef8559b33",
"sha256:8ae6299f6c68de06f136f1f9e69458eae58f1dacf10af5c17353eae03aa0d827", "sha256:e8c6a99be100371dbb046880e7a282152aa5d6127ae01783e37662ef73850d8f",
"sha256:8b198cec6c72df5289c05b05b8b0969819783f9418e0409865dac47288d2a053", "sha256:e9dc245e3ac69c92ee4c167fbdd7428ec1956d4e754223124991ef29eb57a09d",
"sha256:99cd03ae7988a93dd00bcd9d0b75e1f6c426063d6f03d2f90b89e29b25b82dfa", "sha256:eb687a11f0a7a1839719edd80f41e459cc5366857ecbed383ff376c4e3cc6afd",
"sha256:9cf8022fb8d07a97c178b02327b284521c7708d7c71a9c9c355c178ac4bbd3d4", "sha256:eb9e2a346c5238a30a746893f23a9535e700f8192a68c07c0258e7ece6ff3728",
"sha256:9de2e279153a443c656f2defd67769e6d1e4163952b3c622dcea5b08a6405322", "sha256:ed38b924ce794e505647f7c331b22a693bee1538fdf46b0222c4717b42f744e7",
"sha256:9e93e79c2551ff263400e1e4be085a1210e12073a31c2011dbbda14bda0c6132", "sha256:f0c5d1acbfca6ebdd6b1e3eded8d261affb6ddcf2186205518f1428b8569bb99",
"sha256:9ff227395193126d82e60319a673a037d5de84633f11279e336f9c0f189ecc62", "sha256:f10afb1004f102c7868ebfe91c28f4a712227fe4cb24974350ace1f90e1febbf",
"sha256:a465da611f6fa124963b91bf432d960a555563efe4ed1cc403ba5077b15370aa", "sha256:f174135f5609428cc6e1b9090f9268f5c8935fddb1b25ccb8255a2d50de6789e",
"sha256:ad17025d226ee5beec591b52800c11680fca3df50b8b29fe51d882576e039ee0", "sha256:f3ebe6e73c319340830a9b2825d32eb6d8475c1dac020b4f0aa774ee3b898d1c",
"sha256:afb29c1ba2e5a3736f1c301d9d0abe3ec8b86957d04ddfa9d7a6a42b9367e396", "sha256:fd4305f86f53dfd8cd3522269ed7fc34856a8ee3709a5e28b2836b2db9d4cd69"
"sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e",
"sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991",
"sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6",
"sha256:cc5a8e069b9ebfa22e26d0e6b97d6f9781302fe7f4f2b8776c3e1daea35f1adc",
"sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1",
"sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406",
"sha256:df5052c5d867c1ea0b311fb7c3cd28b19df469c056f7fdcfe88c7473aa63e333",
"sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d",
"sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c"
], ],
"index": "pypi", "index": "pypi",
"version": "==1.14.5" "version": "==1.14.6"
}, },
"chardet": { "chardet": {
"hashes": [ "hashes": [
@ -169,11 +160,11 @@
}, },
"cherrypy": { "cherrypy": {
"hashes": [ "hashes": [
"sha256:56608edd831ad00991ae585625e0206ed61cf1a0850e4b2cc48489fb2308c499", "sha256:55659e6f012d374898d6d9d581e17cc1477b6a14710218e64f187b9227bea038",
"sha256:c0a7283f02a384c112a0a18404fd3abd849fc7fd4bec19378067150a2573d2e4" "sha256:f33e87286e7b3e309e04e7225d8e49382d9d7773e6092241d7f613893c563495"
], ],
"markers": "python_version >= '3.5'", "markers": "python_version >= '3.5'",
"version": "==18.6.0" "version": "==18.6.1"
}, },
"cherrypy-cors": { "cherrypy-cors": {
"hashes": [ "hashes": [
@ -196,7 +187,7 @@
"sha256:7d73d2a99753107a36ac6b455ee49046802e59d9d076ef8e47b61499fa29afff", "sha256:7d73d2a99753107a36ac6b455ee49046802e59d9d076ef8e47b61499fa29afff",
"sha256:e96da0d330793e2cb9485e9ddfd918d456036c7149416295932478192f4436a1" "sha256:e96da0d330793e2cb9485e9ddfd918d456036c7149416295932478192f4436a1"
], ],
"markers": "python_version != '3.4' and sys_platform == 'win32' and platform_system == 'Windows'", "markers": "python_version != '3.4' and platform_system == 'Windows' and sys_platform == 'win32' and platform_system == 'Windows'",
"version": "==0.4.3" "version": "==0.4.3"
}, },
"coloredlogs": { "coloredlogs": {
@ -375,11 +366,11 @@
}, },
"humanfriendly": { "humanfriendly": {
"hashes": [ "hashes": [
"sha256:066562956639ab21ff2676d1fda0b5987e985c534fc76700a19bd54bcb81121d", "sha256:332da98c24cc150efcc91b5508b19115209272bfdf4b0764a56795932f854271",
"sha256:d5c731705114b9ad673754f3317d9fa4c23212f36b29bdc4272a892eafc9bc72" "sha256:f7dba53ac7935fd0b4a2fc9a29e316ddd9ea135fb3052d3d0279d10c18ff9c48"
], ],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
"version": "==9.1" "version": "==9.2"
}, },
"idna": { "idna": {
"hashes": [ "hashes": [
@ -391,11 +382,11 @@
}, },
"importlib-metadata": { "importlib-metadata": {
"hashes": [ "hashes": [
"sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", "sha256:079ada16b7fc30dfbb5d13399a5113110dab1aa7c2bc62f66af75f0b717c8cac",
"sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" "sha256:9f55f560e116f8643ecf2922d9cd3e1c7e8d52e683178fecd9d08f6aa357e11e"
], ],
"markers": "python_version < '3.8'", "markers": "python_version < '3.8'",
"version": "==4.5.0" "version": "==4.6.1"
}, },
"ipaddress": { "ipaddress": {
"hashes": [ "hashes": [
@ -577,10 +568,10 @@
}, },
"policyuniverse": { "policyuniverse": {
"hashes": [ "hashes": [
"sha256:6ccb3a4849aa1353fd3b5e8d2b7c2c94797cb0f37f0546ad6b541e153b556a75", "sha256:89265efd6e04c71d073ef3e361bd1b487231890c6aee1c710dd902d254ad1d9f",
"sha256:7e8fa7823bf4268d7a1cbcb4700863ee0f6c2ee40a287c4926fbd3b783900085" "sha256:a5dfe7435f2cc75e910ad79512a109b68c246b3a54974e6d560bcd3e6b028288"
], ],
"version": "==1.3.6.20210602" "version": "==1.3.8.20210707"
}, },
"portend": { "portend": {
"hashes": [ "hashes": [
@ -760,10 +751,30 @@
}, },
"pyrsistent": { "pyrsistent": {
"hashes": [ "hashes": [
"sha256:2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e" "sha256:097b96f129dd36a8c9e33594e7ebb151b1515eb52cceb08474c10a5479e799f2",
"sha256:2aaf19dc8ce517a8653746d98e962ef480ff34b6bc563fc067be6401ffb457c7",
"sha256:404e1f1d254d314d55adb8d87f4f465c8693d6f902f67eb6ef5b4526dc58e6ea",
"sha256:48578680353f41dca1ca3dc48629fb77dfc745128b56fc01096b2530c13fd426",
"sha256:4916c10896721e472ee12c95cdc2891ce5890898d2f9907b1b4ae0f53588b710",
"sha256:527be2bfa8dc80f6f8ddd65242ba476a6c4fb4e3aedbf281dfbac1b1ed4165b1",
"sha256:58a70d93fb79dc585b21f9d72487b929a6fe58da0754fa4cb9f279bb92369396",
"sha256:5e4395bbf841693eaebaa5bb5c8f5cdbb1d139e07c975c682ec4e4f8126e03d2",
"sha256:6b5eed00e597b5b5773b4ca30bd48a5774ef1e96f2a45d105db5b4ebb4bca680",
"sha256:73ff61b1411e3fb0ba144b8f08d6749749775fe89688093e1efef9839d2dcc35",
"sha256:772e94c2c6864f2cd2ffbe58bb3bdefbe2a32afa0acb1a77e472aac831f83427",
"sha256:773c781216f8c2900b42a7b638d5b517bb134ae1acbebe4d1e8f1f41ea60eb4b",
"sha256:a0c772d791c38bbc77be659af29bb14c38ced151433592e326361610250c605b",
"sha256:b29b869cf58412ca5738d23691e96d8aff535e17390128a1a52717c9a109da4f",
"sha256:c1a9ff320fa699337e05edcaae79ef8c2880b52720bc031b219e5b5008ebbdef",
"sha256:cd3caef37a415fd0dae6148a1b6957a8c5f275a62cca02e18474608cb263640c",
"sha256:d5ec194c9c573aafaceebf05fc400656722793dac57f254cd4741f3c27ae57b4",
"sha256:da6e5e818d18459fa46fac0a4a4e543507fe1110e808101277c5a2b5bab0cd2d",
"sha256:e79d94ca58fcafef6395f6352383fa1a76922268fa02caa2272fff501c2fdc78",
"sha256:f3ef98d7b76da5eb19c37fda834d50262ff9167c65658d1d8f974d2e4d90676b",
"sha256:f4c8cabb46ff8e5d61f56a037974228e978f26bfefce4f61a4b1ac0ba7a2ab72"
], ],
"markers": "python_version >= '3.5'", "markers": "python_version >= '3.6'",
"version": "==0.17.3" "version": "==0.18.0"
}, },
"python-dateutil": { "python-dateutil": {
"hashes": [ "hashes": [
@ -793,7 +804,7 @@
"sha256:dafa18e95bf2a92f298fe9c582b0e205aca45c55f989937c52c454ce65b93c78", "sha256:dafa18e95bf2a92f298fe9c582b0e205aca45c55f989937c52c454ce65b93c78",
"sha256:fb3b4933e0382ba49305cc6cd3fb18525df7fd96aa434de19ce0878133bf8e4a" "sha256:fb3b4933e0382ba49305cc6cd3fb18525df7fd96aa434de19ce0878133bf8e4a"
], ],
"markers": "sys_platform == 'win32'", "markers": "python_version < '3.10' and sys_platform == 'win32' and implementation_name == 'cpython'",
"version": "==301" "version": "==301"
}, },
"pywin32-ctypes": { "pywin32-ctypes": {
@ -833,10 +844,10 @@
}, },
"ring": { "ring": {
"hashes": [ "hashes": [
"sha256:d668e194d1f061faaab79ba86b2391d1a3fab6d459d50969e53ef0150dc85f67" "sha256:c6b4ea68ab79055fce640e68af4a2e2fddd624a803fac2e4edfa33c8727c9601"
], ],
"index": "pypi", "index": "pypi",
"version": "==0.8.1" "version": "==0.8.3"
}, },
"rsa": { "rsa": {
"hashes": [ "hashes": [
@ -939,19 +950,19 @@
}, },
"tempora": { "tempora": {
"hashes": [ "hashes": [
"sha256:10fdc29bf85fa0df39a230a225bb6d093982fc0825b648a414bbc06bddd79909", "sha256:c54da0f05405f04eb67abbb1dff4448fd91428b58cb00f0f645ea36f6a927950",
"sha256:d44aec6278b27d34a47471ead01b710351076eb5d61181551158f1613baf6bc8" "sha256:ef2d8bb35902d5ea7da95df33456685a6d305b97f311725c12e55c13d85c0938"
], ],
"markers": "python_version >= '3.6'", "markers": "python_version >= '3.6'",
"version": "==4.0.2" "version": "==4.1.1"
}, },
"tqdm": { "tqdm": {
"hashes": [ "hashes": [
"sha256:736524215c690621b06fc89d0310a49822d75e599fcd0feb7cc742b98d692493", "sha256:5aa445ea0ad8b16d82b15ab342de6b195a722d75fc1ef9934a46bba6feafbc64",
"sha256:cd5791b5d7c3f2f1819efc81d36eb719a38e0906a7380365c556779f585ea042" "sha256:8bb94db0d4468fea27d004a0f1d1c02da3cdedc00fe491c0de986b76a04d6b0a"
], ],
"index": "pypi", "index": "pypi",
"version": "==4.61.0" "version": "==4.61.2"
}, },
"typing-extensions": { "typing-extensions": {
"hashes": [ "hashes": [
@ -980,9 +991,9 @@
}, },
"wirerope": { "wirerope": {
"hashes": [ "hashes": [
"sha256:a8cb4642c83a55add676923059b4f9c61d785ac6dc71ff1d9de2aac4aed4a517" "sha256:0af78b825c4b0e43c79bb038e8d85c86540f85eddf295da5a7e17142ef6c7ee9"
], ],
"version": "==0.3.0" "version": "==0.4.3"
}, },
"zc.lockfile": { "zc.lockfile": {
"hashes": [ "hashes": [
@ -993,11 +1004,11 @@
}, },
"zipp": { "zipp": {
"hashes": [ "hashes": [
"sha256:3607921face881ba3e026887d8150cca609d517579abe052ac81fc5aeffdbd76", "sha256:957cfda87797e389580cb8b9e3870841ca991e2125350677b2ca83a0e99390a3",
"sha256:51cb66cc54621609dd593d1787f286ee42a5c0adbb4b29abea5a63edc3e03098" "sha256:f5812b1e007e48cff63449a5e9f4e7ebea716b4111f9c4f9a645f91d579bf0c4"
], ],
"markers": "python_version >= '3.6'", "markers": "python_version >= '3.6'",
"version": "==3.4.1" "version": "==3.5.0"
}, },
"zope.event": { "zope.event": {
"hashes": [ "hashes": [
@ -1123,7 +1134,7 @@
"sha256:7d73d2a99753107a36ac6b455ee49046802e59d9d076ef8e47b61499fa29afff", "sha256:7d73d2a99753107a36ac6b455ee49046802e59d9d076ef8e47b61499fa29afff",
"sha256:e96da0d330793e2cb9485e9ddfd918d456036c7149416295932478192f4436a1" "sha256:e96da0d330793e2cb9485e9ddfd918d456036c7149416295932478192f4436a1"
], ],
"markers": "python_version != '3.4' and sys_platform == 'win32' and platform_system == 'Windows'", "markers": "python_version != '3.4' and platform_system == 'Windows' and sys_platform == 'win32' and platform_system == 'Windows'",
"version": "==0.4.3" "version": "==0.4.3"
}, },
"coverage": { "coverage": {
@ -1223,11 +1234,11 @@
}, },
"importlib-metadata": { "importlib-metadata": {
"hashes": [ "hashes": [
"sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", "sha256:079ada16b7fc30dfbb5d13399a5113110dab1aa7c2bc62f66af75f0b717c8cac",
"sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" "sha256:9f55f560e116f8643ecf2922d9cd3e1c7e8d52e683178fecd9d08f6aa357e11e"
], ],
"markers": "python_version < '3.8'", "markers": "python_version < '3.8'",
"version": "==4.5.0" "version": "==4.6.1"
}, },
"iniconfig": { "iniconfig": {
"hashes": [ "hashes": [
@ -1253,11 +1264,11 @@
}, },
"mongomock": { "mongomock": {
"hashes": [ "hashes": [
"sha256:36aad3c6127eee9cdb52ac0186c6a60007f2412c9db715645eeccffc1258ce48", "sha256:01ce0c4eb02b2eced0a30882412444eaf6de27a90f2502bee64e04e3b8ecdc90",
"sha256:8faaffd875732bf55e38e1420a1b7212dde8d446c5852afb4c0884c1369b328b" "sha256:d9945e7c87c221aed47c6c10708376351a5f5ee48060943c56ba195be425b0dd"
], ],
"index": "pypi", "index": "pypi",
"version": "==3.19.0" "version": "==3.23.0"
}, },
"mypy-extensions": { "mypy-extensions": {
"hashes": [ "hashes": [
@ -1268,11 +1279,11 @@
}, },
"packaging": { "packaging": {
"hashes": [ "hashes": [
"sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5", "sha256:7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7",
"sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a" "sha256:c86254f9220d55e31cc94d69bade760f0847da8000def4dfe1c6b872fd14ff14"
], ],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "markers": "python_version >= '3.6'",
"version": "==20.9" "version": "==21.0"
}, },
"pathspec": { "pathspec": {
"hashes": [ "hashes": [
@ -1339,49 +1350,49 @@
}, },
"regex": { "regex": {
"hashes": [ "hashes": [
"sha256:01afaf2ec48e196ba91b37451aa353cb7eda77efe518e481707e0515025f0cd5", "sha256:0eb2c6e0fcec5e0f1d3bcc1133556563222a2ffd2211945d7b1480c1b1a42a6f",
"sha256:11d773d75fa650cd36f68d7ca936e3c7afaae41b863b8c387a22aaa78d3c5c79", "sha256:15dddb19823f5147e7517bb12635b3c82e6f2a3a6b696cc3e321522e8b9308ad",
"sha256:18c071c3eb09c30a264879f0d310d37fe5d3a3111662438889ae2eb6fc570c31", "sha256:173bc44ff95bc1e96398c38f3629d86fa72e539c79900283afa895694229fe6a",
"sha256:1e1c20e29358165242928c2de1482fb2cf4ea54a6a6dea2bd7a0e0d8ee321500", "sha256:1c78780bf46d620ff4fff40728f98b8afd8b8e35c3efd638c7df67be2d5cddbf",
"sha256:281d2fd05555079448537fe108d79eb031b403dac622621c78944c235f3fcf11", "sha256:2366fe0479ca0e9afa534174faa2beae87847d208d457d200183f28c74eaea59",
"sha256:314d66636c494ed9c148a42731b3834496cc9a2c4251b1661e40936814542b14", "sha256:2bceeb491b38225b1fee4517107b8491ba54fba77cf22a12e996d96a3c55613d",
"sha256:32e65442138b7b76dd8173ffa2cf67356b7bc1768851dded39a7a13bf9223da3", "sha256:2ddeabc7652024803666ea09f32dd1ed40a0579b6fbb2a213eba590683025895",
"sha256:339456e7d8c06dd36a22e451d58ef72cef293112b559010db3d054d5560ef439", "sha256:2fe5e71e11a54e3355fa272137d521a40aace5d937d08b494bed4529964c19c4",
"sha256:3916d08be28a1149fb97f7728fca1f7c15d309a9f9682d89d79db75d5e52091c", "sha256:319eb2a8d0888fa6f1d9177705f341bc9455a2c8aca130016e52c7fe8d6c37a3",
"sha256:3a9cd17e6e5c7eb328517969e0cb0c3d31fd329298dd0c04af99ebf42e904f82", "sha256:3f5716923d3d0bfb27048242a6e0f14eecdb2e2a7fac47eda1d055288595f222",
"sha256:47bf5bf60cf04d72bf6055ae5927a0bd9016096bf3d742fa50d9bf9f45aa0711", "sha256:422dec1e7cbb2efbbe50e3f1de36b82906def93ed48da12d1714cabcd993d7f0",
"sha256:4c46e22a0933dd783467cf32b3516299fb98cfebd895817d685130cc50cd1093", "sha256:4c9c3155fe74269f61e27617529b7f09552fbb12e44b1189cebbdb24294e6e1c",
"sha256:4c557a7b470908b1712fe27fb1ef20772b78079808c87d20a90d051660b1d69a", "sha256:4f64fc59fd5b10557f6cd0937e1597af022ad9b27d454e182485f1db3008f417",
"sha256:52ba3d3f9b942c49d7e4bc105bb28551c44065f139a65062ab7912bef10c9afb", "sha256:564a4c8a29435d1f2256ba247a0315325ea63335508ad8ed938a4f14c4116a5d",
"sha256:563085e55b0d4fb8f746f6a335893bda5c2cef43b2f0258fe1020ab1dd874df8", "sha256:59506c6e8bd9306cd8a41511e32d16d5d1194110b8cfe5a11d102d8b63cf945d",
"sha256:598585c9f0af8374c28edd609eb291b5726d7cbce16be6a8b95aa074d252ee17", "sha256:598c0a79b4b851b922f504f9f39a863d83ebdfff787261a5ed061c21e67dd761",
"sha256:619d71c59a78b84d7f18891fe914446d07edd48dc8328c8e149cbe0929b4e000", "sha256:59c00bb8dd8775473cbfb967925ad2c3ecc8886b3b2d0c90a8e2707e06c743f0",
"sha256:67bdb9702427ceddc6ef3dc382455e90f785af4c13d495f9626861763ee13f9d", "sha256:6110bab7eab6566492618540c70edd4d2a18f40ca1d51d704f1d81c52d245026",
"sha256:6d1b01031dedf2503631d0903cb563743f397ccaf6607a5e3b19a3d76fc10480", "sha256:6afe6a627888c9a6cfbb603d1d017ce204cebd589d66e0703309b8048c3b0854",
"sha256:741a9647fcf2e45f3a1cf0e24f5e17febf3efe8d4ba1281dcc3aa0459ef424dc", "sha256:791aa1b300e5b6e5d597c37c346fb4d66422178566bbb426dd87eaae475053fb",
"sha256:7c2a1af393fcc09e898beba5dd59196edaa3116191cc7257f9224beaed3e1aa0", "sha256:8394e266005f2d8c6f0bc6780001f7afa3ef81a7a2111fa35058ded6fce79e4d",
"sha256:7d9884d86dd4dd489e981d94a65cd30d6f07203d90e98f6f657f05170f6324c9", "sha256:875c355360d0f8d3d827e462b29ea7682bf52327d500a4f837e934e9e4656068",
"sha256:90f11ff637fe8798933fb29f5ae1148c978cccb0452005bf4c69e13db951e765", "sha256:89e5528803566af4df368df2d6f503c84fbfb8249e6631c7b025fe23e6bd0cde",
"sha256:919859aa909429fb5aa9cf8807f6045592c85ef56fdd30a9a3747e513db2536e", "sha256:99d8ab206a5270c1002bfcf25c51bf329ca951e5a169f3b43214fdda1f0b5f0d",
"sha256:96fcd1888ab4d03adfc9303a7b3c0bd78c5412b2bfbe76db5b56d9eae004907a", "sha256:9a854b916806c7e3b40e6616ac9e85d3cdb7649d9e6590653deb5b341a736cec",
"sha256:97f29f57d5b84e73fbaf99ab3e26134e6687348e95ef6b48cfd2c06807005a07", "sha256:b85ac458354165405c8a84725de7bbd07b00d9f72c31a60ffbf96bb38d3e25fa",
"sha256:980d7be47c84979d9136328d882f67ec5e50008681d94ecc8afa8a65ed1f4a6f", "sha256:bc84fb254a875a9f66616ed4538542fb7965db6356f3df571d783f7c8d256edd",
"sha256:a91aa8619b23b79bcbeb37abe286f2f408d2f2d6f29a17237afda55bb54e7aac", "sha256:c92831dac113a6e0ab28bc98f33781383fe294df1a2c3dfd1e850114da35fd5b",
"sha256:ade17eb5d643b7fead300a1641e9f45401c98eee23763e9ed66a43f92f20b4a7", "sha256:cbe23b323988a04c3e5b0c387fe3f8f363bf06c0680daf775875d979e376bd26",
"sha256:b9c3db21af35e3b3c05764461b262d6f05bbca08a71a7849fd79d47ba7bc33ed", "sha256:ccb3d2190476d00414aab36cca453e4596e8f70a206e2aa8db3d495a109153d2",
"sha256:bd28bc2e3a772acbb07787c6308e00d9626ff89e3bfcdebe87fa5afbfdedf968", "sha256:d8bbce0c96462dbceaa7ac4a7dfbbee92745b801b24bce10a98d2f2b1ea9432f",
"sha256:bf5824bfac591ddb2c1f0a5f4ab72da28994548c708d2191e3b87dd207eb3ad7", "sha256:db2b7df831c3187a37f3bb80ec095f249fa276dbe09abd3d35297fc250385694",
"sha256:c0502c0fadef0d23b128605d69b58edb2c681c25d44574fc673b0e52dce71ee2", "sha256:e586f448df2bbc37dfadccdb7ccd125c62b4348cb90c10840d695592aa1b29e0",
"sha256:c38c71df845e2aabb7fb0b920d11a1b5ac8526005e533a8920aea97efb8ec6a4", "sha256:e5983c19d0beb6af88cb4d47afb92d96751fb3fa1784d8785b1cdf14c6519407",
"sha256:ce15b6d103daff8e9fee13cf7f0add05245a05d866e73926c358e871221eae87", "sha256:e6a1e5ca97d411a461041d057348e578dc344ecd2add3555aedba3b408c9f874",
"sha256:d3029c340cfbb3ac0a71798100ccc13b97dddf373a4ae56b6a72cf70dfd53bc8", "sha256:eaf58b9e30e0e546cdc3ac06cf9165a1ca5b3de8221e9df679416ca667972035",
"sha256:e512d8ef5ad7b898cdb2d8ee1cb09a8339e4f8be706d27eaa180c2f177248a10", "sha256:ed693137a9187052fc46eedfafdcb74e09917166362af4cc4fddc3b31560e93d",
"sha256:e8e5b509d5c2ff12f8418006d5a90e9436766133b564db0abaec92fd27fcee29", "sha256:edd1a68f79b89b0c57339bce297ad5d5ffcc6ae7e1afdb10f1947706ed066c9c",
"sha256:ee54ff27bf0afaf4c3b3a62bcd016c12c3fdb4ec4f413391a90bd38bc3624605", "sha256:f080248b3e029d052bf74a897b9d74cfb7643537fbde97fe8225a6467fb559b5",
"sha256:fa4537fb4a98fe8fde99626e4681cc644bdcf2a795038533f9f711513a862ae6", "sha256:f9392a4555f3e4cb45310a65b403d86b589adc773898c25a39184b1ba4db8985",
"sha256:fd45ff9293d9274c5008a2054ecef86a9bfe819a67c7be1afb65e69b405b3042" "sha256:f98dc35ab9a749276f1a4a38ab3e0e2ba1662ce710f6530f5b0a6656f1c32b58"
], ],
"version": "==2021.4.4" "version": "==2021.7.6"
}, },
"requests": { "requests": {
"hashes": [ "hashes": [
@ -1491,11 +1502,11 @@
}, },
"zipp": { "zipp": {
"hashes": [ "hashes": [
"sha256:3607921face881ba3e026887d8150cca609d517579abe052ac81fc5aeffdbd76", "sha256:957cfda87797e389580cb8b9e3870841ca991e2125350677b2ca83a0e99390a3",
"sha256:51cb66cc54621609dd593d1787f286ee42a5c0adbb4b29abea5a63edc3e03098" "sha256:f5812b1e007e48cff63449a5e9f4e7ebea716b4111f9c4f9a645f91d579bf0c4"
], ],
"markers": "python_version >= '3.6'", "markers": "python_version >= '3.6'",
"version": "==3.4.1" "version": "==3.5.0"
} }
} }
} }

View File

@ -8,6 +8,10 @@ from monkey_island.cc.services.ransomware import ransomware_report
class RansomwareReport(flask_restful.Resource): class RansomwareReport(flask_restful.Resource):
@jwt_required @jwt_required
def get(self): def get(self):
encrypted_files_table = ransomware_report.get_encrypted_files_table()
return jsonify( return jsonify(
{"report": None, "propagation_stats": ransomware_report.get_propagation_stats()} {
"encrypted_files_table": encrypted_files_table,
"propagation_stats": ransomware_report.get_propagation_stats(),
}
) )

View File

@ -1,8 +1,85 @@
from typing import Dict, List from typing import Dict, List
from monkey_island.cc.database import mongo
from monkey_island.cc.services.reporting.report import ReportService from monkey_island.cc.services.reporting.report import ReportService
def get_encrypted_files_table():
query = [
{"$match": {"telem_category": "file_encryption"}},
{"$addFields": {"total_attempts": {"$size": "$data.files"}}},
{
"$addFields": {
"successful_encryptions": {
"$filter": {
"input": "$data.files",
"as": "files",
"cond": {"$eq": ["$$files.success", True]},
}
}
}
},
{"$addFields": {"successful_encryptions": {"$size": "$successful_encryptions"}}},
{
"$group": {
"_id": {
"monkey_guid": "$monkey_guid",
"successful_encryptions": "$successful_encryptions",
"total_attempts": "$total_attempts",
}
}
},
{"$replaceRoot": {"newRoot": "$_id"}},
{"$sort": {"successful_encryptions": -1}},
{
"$group": {
"_id": {"monkey_guid": "$monkey_guid"},
"monkey_guid": {"$first": "$monkey_guid"},
"total_attempts": {"$first": "$total_attempts"},
"successful_encryptions": {"$first": "$successful_encryptions"},
}
},
{
"$lookup": {
"from": "monkey",
"localField": "_id.monkey_guid",
"foreignField": "guid",
"as": "monkey",
}
},
{
"$project": {
"monkey": {"$arrayElemAt": ["$monkey", 0]},
"total_attempts": "$total_attempts",
"successful_encryptions": "$successful_encryptions",
}
},
]
monkeys = list(mongo.db.telemetry.aggregate(query))
exploited_nodes = ReportService.get_exploited()
for monkey in monkeys:
monkey["exploits"] = _get_monkey_origin_exploits(
monkey["monkey"]["hostname"], exploited_nodes
)
monkey["hostname"] = monkey["monkey"]["hostname"]
del monkey["monkey"]
del monkey["_id"]
return monkeys
def _get_monkey_origin_exploits(monkey_hostname, exploited_nodes):
origin_exploits = [
exploited_node["exploits"]
for exploited_node in exploited_nodes
if exploited_node["label"] == monkey_hostname
]
if origin_exploits:
return origin_exploits[0]
else:
return ["Manual execution"]
def get_propagation_stats() -> Dict: def get_propagation_stats() -> Dict:
scanned = ReportService.get_scanned() scanned = ReportService.get_scanned()
exploited = ReportService.get_exploited() exploited = ReportService.get_exploited()

View File

@ -58,15 +58,13 @@ class ReportPageComponent extends AuthComponent {
this.getZeroTrustReportFromServer().then((ztReport) => { this.getZeroTrustReportFromServer().then((ztReport) => {
this.setState({zeroTrustReport: ztReport}) this.setState({zeroTrustReport: ztReport})
}); });
this.setState({ this.authFetch('/api/report/ransomware')
ransomwareReport: {'report': ''}}) .then(res => res.json())
// this.authFetch('/api/report/ransomware') .then(res => {
// .then(res => res.json()) this.setState({
// .then(res => { ransomwareReport: res
// this.setState({ });
// ransomwareReport: res });
// });
// });
if (this.shouldShowRansomwareReport(this.state.ransomwareReport)) { if (this.shouldShowRansomwareReport(this.state.ransomwareReport)) {
this.state.sections.push({key: 'ransomware', title: 'Ransomware report'}) this.state.sections.push({key: 'ransomware', title: 'Ransomware report'})
} }

View File

@ -0,0 +1,125 @@
from mongomock import ObjectId
EDGE_EXPLOITED = {
"_id": ObjectId("60e541c07a6cdf66484ba504"),
"_cls": "Edge.EdgeService",
"src_node_id": ObjectId("60e541aab6732b49f4c564ea"),
"dst_node_id": ObjectId("60e541c6b6732b49f4c56622"),
"scans": [
{
"timestamp": "2021-07-07T08:55:12.866Z",
"data": {
"os": {"type": "windows"},
"services": {"tcp-445": {"display_name": "SMB", "port": 445}},
"icmp": True,
"monkey_exe": None,
"default_tunnel": None,
"default_server": None,
},
}
],
"exploits": [
{
"result": True,
"exploiter": "SmbExploiter",
"info": {
"display_name": "SMB",
"started": "2021-07-07T08:55:12.944Z",
"finished": "2021-07-07T08:55:14.376Z",
"vulnerable_urls": [],
"vulnerable_ports": ["139 or 445", "139 or 445"],
"executed_cmds": [],
},
"attempts": [
{
"result": False,
"user": "Administrator",
"password": "LydBuBjDAe/igLGS2FyeKL1zLoTt0r+CkaPH1v5/Vr7HmzcbBPW562Io+MQlrMey",
"lm_hash": "",
"ntlm_hash": "",
"ssh_key": "",
},
{
"result": True,
"user": "user",
"password": "Evzzovf6QLOPUja78/nP6XgiNXH5bB1MrXqPBYmBgeQDOcBhJPUE32+8968zDlHy",
"lm_hash": "",
"ntlm_hash": "",
"ssh_key": "",
},
],
"timestamp": "2021-07-07T08:55:14.420Z",
},
{
"result": True,
"exploiter": "SmbExploiter",
"info": {
"display_name": "SMB",
"started": "2021-07-07T12:08:35.168Z",
"finished": "2021-07-07T12:08:36.612Z",
"vulnerable_urls": [],
"vulnerable_ports": ["139 or 445", "139 or 445"],
"executed_cmds": [],
},
"attempts": [
{
"result": False,
"user": "Administrator",
"password": "B4o8ujKpBfKyjCvb7c5bHr7a8CzwfOJi+i228WGv4/9OZZaEsKjps/5Zg1aHSEun",
"lm_hash": "",
"ntlm_hash": "",
"ssh_key": "",
},
{
"result": True,
"user": "user",
"password": "Evzzovf6QLOPUja78/nP6XgiNXH5bB1MrXqPBYmBgeQDOcBhJPUE32+8968zDlHy",
"lm_hash": "",
"ntlm_hash": "",
"ssh_key": "",
},
],
"timestamp": "2021-07-07T12:08:36.650Z",
},
],
"tunnel": False,
"exploited": True,
"src_label": "MonkeyIsland - test-pc-2 : 192.168.56.1",
"dst_label": "WinDev2010Eval : 172.25.33.145",
"domain_name": "",
"ip_address": "172.25.33.145",
}
EDGE_SCANNED = {
"_id": ObjectId("60e6b24dc10b80a409c048a3"),
"_cls": "Edge.EdgeService",
"src_node_id": ObjectId("60e541aab6732b49f4c564ea"),
"dst_node_id": ObjectId("60e6b24dc10b80a409c048a2"),
"scans": [
{
"timestamp": "2021-07-08T11:07:41.407Z",
"data": {
"os": {"type": "linux", "version": "Ubuntu-4ubuntu0.3"},
"services": {
"tcp-22": {
"display_name": "SSH",
"port": 22,
"banner": "SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3\r\n",
"name": "ssh",
}
},
"icmp": True,
"monkey_exe": None,
"default_tunnel": None,
"default_server": None,
},
}
],
"exploits": [],
"tunnel": False,
"exploited": False,
"src_label": "MonkeyIsland - test-pc-2 : 192.168.56.1",
"dst_label": "Ubuntu-4ubuntu0.3 : 172.24.125.179",
"domain_name": "",
"ip_address": "172.24.125.179",
}

View File

@ -0,0 +1,50 @@
from mongomock import ObjectId
MONKEY_AT_ISLAND = {
"_id": ObjectId("60e541aab6732b49f4c564ea"),
"guid": "211375648895908",
"config": {},
"creds": [],
"dead": True,
"description": "Windows test-pc-2 10",
"hostname": "test-pc-2",
"internet_access": True,
"ip_addresses": [
"192.168.56.1",
"172.17.192.1",
"172.25.32.1",
"192.168.43.1",
"192.168.10.1",
"192.168.0.102",
],
"keepalive": "2021-07-07T12:08:13.164Z",
"modifytime": "2021-07-07T12:10:13.340Z",
"parent": [
["211375648895908", None],
["211375648895908", None],
["211375648895908", None],
["211375648895908", None],
],
"ttl_ref": ObjectId("60e56f757a6cdf66484ba5cc"),
"command_control_channel": {"src": "192.168.56.1", "dst": "192.168.56.1:5000"},
"pba_results": [],
}
MONKEY_AT_VICTIM = {
"_id": ObjectId("60e541c6b6732b49f4c56622"),
"guid": "91758264576",
"config": {},
"creds": [],
"dead": False,
"description": "Windows WinDev2010Eval 10 10.0.19041 AMD64 Intel64 Family 6 Model 165 "
"Stepping 2, GenuineIntel",
"hostname": "WinDev2010Eval",
"internet_access": True,
"ip_addresses": ["172.25.33.145"],
"keepalive": "2021-07-07T12:08:41.200Z",
"modifytime": "2021-07-07T12:08:47.144Z",
"parent": [["211375648895908", "SmbExploiter"], ["211375648895908", None]],
"ttl_ref": ObjectId("60e56f1f7a6cdf66484ba5c5"),
"command_control_channel": {"src": "172.25.33.145", "dst": "172.25.32.1:5000"},
"pba_results": [],
}

View File

@ -0,0 +1,59 @@
from mongomock import ObjectId
ENCRYPTED = {
"_id": ObjectId("60e541c37a6cdf66484ba517"),
"monkey_guid": "211375648895908",
"telem_category": "file_encryption",
"data": {
"files": [
{"path": "infection_monkey.py", "success": True, "error": ""},
{"path": "monkey_island.py", "success": True, "error": ""},
{"path": "__init__.py", "success": True, "error": ""},
]
},
"timestamp": "2021-07-07T08:55:15.830Z",
"command_control_channel": {"src": "192.168.56.1", "dst": "192.168.56.1:5000"},
}
ENCRYPTED_2 = {
"_id": ObjectId("60e54fee7a6cdf66484ba559"),
"monkey_guid": "211375648895908",
"telem_category": "file_encryption",
"data": {
"files": [
{"path": "infection_monkey.py", "success": True, "error": ""},
{"path": "monkey_island.py", "success": True, "error": ""},
{"path": "__init__.py", "success": True, "error": ""},
]
},
"timestamp": "2021-07-07T09:55:42.311Z",
"command_control_channel": {"src": "192.168.56.1", "dst": "192.168.56.1:5000"},
}
ENCRYPTION_ERROR = {
"_id": ObjectId("60e56f167a6cdf66484ba5aa"),
"monkey_guid": "211375648895908",
"telem_category": "file_encryption",
"data": {
"files": [
{
"path": "C:\\w\\Dump\\README.txt",
"success": False,
"error": "[WinError 183] Cannot create a file when that "
"file already exists: 'C:\\\\w\\\\Dump\\\\README.txt'"
" -> 'C:\\\\w\\\\Dump\\\\README.txt.m0nk3y'",
}
]
},
"timestamp": "2021-07-07T12:08:38.058Z",
"command_control_channel": {"src": "192.168.56.1", "dst": "192.168.56.1:5000"},
}
ENCRYPTION_ONE_FILE = {
"_id": ObjectId("60e56f1b7a6cdf66484ba5c0"),
"monkey_guid": "91758264576",
"telem_category": "file_encryption",
"data": {"files": [{"path": "C:\\w\\Dump\\README.txt", "success": True, "error": ""}]},
"timestamp": "2021-07-07T12:08:43.421Z",
"command_control_channel": {"src": "172.25.33.145", "dst": "172.25.32.1:5000"},
}

View File

@ -1,9 +1,105 @@
import mongomock
import pytest import pytest
from tests.data_for_tests.mongo_documents.edges import EDGE_EXPLOITED, EDGE_SCANNED
from tests.data_for_tests.mongo_documents.monkeys import MONKEY_AT_ISLAND, MONKEY_AT_VICTIM
from tests.data_for_tests.mongo_documents.telemetries.file_encryption import (
ENCRYPTED,
ENCRYPTED_2,
ENCRYPTION_ERROR,
ENCRYPTION_ONE_FILE,
)
from monkey_island.cc.services.ransomware import ransomware_report from monkey_island.cc.services.ransomware import ransomware_report
from monkey_island.cc.services.ransomware.ransomware_report import get_encrypted_files_table
from monkey_island.cc.services.reporting.report import ReportService from monkey_island.cc.services.reporting.report import ReportService
@pytest.fixture
def fake_mongo(monkeypatch):
mongo = mongomock.MongoClient()
monkeypatch.setattr("monkey_island.cc.services.ransomware.ransomware_report.mongo", mongo)
return mongo
@pytest.mark.usefixtures("uses_database")
def test_get_encrypted_files_table(fake_mongo, monkeypatch):
fake_mongo.db.monkey.insert(MONKEY_AT_ISLAND)
fake_mongo.db.monkey.insert(MONKEY_AT_VICTIM)
fake_mongo.db.edge.insert(EDGE_EXPLOITED)
fake_mongo.db.edge.insert(EDGE_SCANNED)
fake_mongo.db.telemetry.insert(ENCRYPTED)
fake_mongo.db.telemetry.insert(ENCRYPTED_2)
fake_mongo.db.telemetry.insert(ENCRYPTION_ERROR)
fake_mongo.db.telemetry.insert(ENCRYPTION_ONE_FILE)
monkeypatch.setattr(
ReportService,
"get_exploited",
lambda: [{"label": "WinDev2010Eval", "exploits": ["SMB Exploiter"]}],
)
results = get_encrypted_files_table()
assert results == [
{
"hostname": "test-pc-2",
"exploits": ["Manual execution"],
"successful_encryptions": 3,
"total_attempts": 3,
},
{
"hostname": "WinDev2010Eval",
"exploits": ["SMB Exploiter"],
"successful_encryptions": 1,
"total_attempts": 1,
},
]
@pytest.mark.usefixtures("uses_database")
def test_get_encrypted_files_table__only_errors(fake_mongo, monkeypatch):
fake_mongo.db.monkey.insert(MONKEY_AT_ISLAND)
fake_mongo.db.monkey.insert(MONKEY_AT_VICTIM)
fake_mongo.db.edge.insert(EDGE_EXPLOITED)
fake_mongo.db.edge.insert(EDGE_SCANNED)
fake_mongo.db.telemetry.insert(ENCRYPTION_ERROR)
monkeypatch.setattr(
ReportService,
"get_exploited",
lambda: [{"label": "WinDev2010Eval", "exploits": ["SMB Exploiter"]}],
)
results = get_encrypted_files_table()
assert results == [
{
"hostname": "test-pc-2",
"exploits": ["Manual execution"],
"successful_encryptions": 0,
"total_attempts": 1,
}
]
@pytest.mark.usefixtures("uses_database")
def test_get_encrypted_files_table__no_telemetries(fake_mongo, monkeypatch):
fake_mongo.db.monkey.insert(MONKEY_AT_ISLAND)
fake_mongo.db.monkey.insert(MONKEY_AT_VICTIM)
fake_mongo.db.edge.insert(EDGE_EXPLOITED)
fake_mongo.db.edge.insert(EDGE_SCANNED)
monkeypatch.setattr(
ReportService,
"get_exploited",
lambda: [{"label": "WinDev2010Eval", "exploits": ["SMB Exploiter"]}],
)
results = get_encrypted_files_table()
assert results == []
@pytest.fixture @pytest.fixture
def patch_report_service_for_stats(monkeypatch): def patch_report_service_for_stats(monkeypatch):
TEST_SCANNED_RESULTS = [{}, {}, {}, {}] TEST_SCANNED_RESULTS = [{}, {}, {}, {}]