forked from p15670423/monkey
island: Add abstract property `relevant_systems` to AttackTechnique and declare it for all techniques left
This commit is contained in:
parent
8e733a8440
commit
b0b0f515d0
|
@ -6,6 +6,7 @@ from monkey_island.cc.services.reporting.report import ReportService
|
|||
|
||||
class T1003(AttackTechnique):
|
||||
tech_id = "T1003"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = (
|
||||
"Monkey tried to obtain credentials from systems in the network but didn't "
|
||||
"find any or failed."
|
||||
|
|
|
@ -4,6 +4,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1005(AttackTechnique):
|
||||
tech_id = "T1005"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't gather any sensitive data from local system."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey successfully gathered sensitive data from local system."
|
||||
|
|
|
@ -5,6 +5,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1016(AttackTechnique):
|
||||
tech_id = "T1016"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't gather network configurations."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey gathered network configurations on systems in the network."
|
||||
|
|
|
@ -5,6 +5,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1018(AttackTechnique):
|
||||
tech_id = "T1018"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't find any machines on the network."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey found machines on the network."
|
||||
|
|
|
@ -6,6 +6,7 @@ from monkey_island.cc.services.attack.technique_reports.technique_report_tools i
|
|||
|
||||
class T1021(AttackTechnique):
|
||||
tech_id = "T1021"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't try to login to any remote services."
|
||||
scanned_msg = "Monkey tried to login to remote services with valid credentials, but failed."
|
||||
used_msg = "Monkey successfully logged into remote services on the network."
|
||||
|
|
|
@ -3,10 +3,8 @@ from monkey_island.cc.services.attack.technique_reports.usage_technique import U
|
|||
|
||||
class T1035(UsageTechnique):
|
||||
tech_id = "T1035"
|
||||
unscanned_msg = (
|
||||
"Monkey didn't try to interact with Windows services since it didn't run on "
|
||||
"any Windows machines."
|
||||
)
|
||||
relevant_systems = ["Windows"]
|
||||
unscanned_msg = "Monkey didn't try to interact with Windows services."
|
||||
scanned_msg = "Monkey tried to interact with Windows services, but failed."
|
||||
used_msg = "Monkey successfully interacted with Windows services."
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1041(AttackTechnique):
|
||||
tech_id = "T1041"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't exfiltrate any info through command and control channel."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey exfiltrated info through command and control channel."
|
||||
|
|
|
@ -5,7 +5,8 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1059(AttackTechnique):
|
||||
tech_id = "T1059"
|
||||
unscanned_msg = "Monkey didn't exploit any machines to run commands at."
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't exploit any machines to run commands on."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey successfully ran commands on exploited machines in the network."
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ from monkey_island.cc.services.attack.technique_reports.usage_technique import U
|
|||
|
||||
class T1064(UsageTechnique):
|
||||
tech_id = "T1064"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't run scripts or tried to run and failed."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey ran scripts on machines in the network."
|
||||
|
|
|
@ -6,6 +6,7 @@ from monkey_island.cc.services.config import ConfigService
|
|||
|
||||
class T1065(AttackTechnique):
|
||||
tech_id = "T1065"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = ""
|
||||
scanned_msg = ""
|
||||
used_msg = ""
|
||||
|
|
|
@ -5,6 +5,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1082(AttackTechnique):
|
||||
tech_id = "T1082"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't gather any system info on the network."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey gathered system info from machines in the network."
|
||||
|
|
|
@ -4,6 +4,7 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
|
|||
|
||||
class T1087(PostBreachTechnique):
|
||||
tech_id = "T1087"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't try to get a listing of user accounts."
|
||||
scanned_msg = "Monkey tried to get a listing of user accounts but failed to do so."
|
||||
used_msg = "Monkey got a listing of user accounts successfully."
|
||||
|
|
|
@ -5,6 +5,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1090(AttackTechnique):
|
||||
tech_id = "T1090"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't use connection proxy."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey used connection proxy to communicate with machines on the network."
|
||||
|
|
|
@ -4,6 +4,7 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
|
|||
|
||||
class T1099(PostBreachTechnique):
|
||||
tech_id = "T1099"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't try changing any file's time attributes."
|
||||
scanned_msg = "Monkey tried changing a file's time attributes but failed."
|
||||
used_msg = "Monkey successfully changed a file's time attributes."
|
||||
|
|
|
@ -4,6 +4,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1105(AttackTechnique):
|
||||
tech_id = "T1105"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't try to copy files to any systems."
|
||||
scanned_msg = "Monkey tried to copy files, but failed."
|
||||
used_msg = "Monkey successfully copied files to systems on the network."
|
||||
|
|
|
@ -3,6 +3,7 @@ from monkey_island.cc.services.attack.technique_reports.usage_technique import U
|
|||
|
||||
class T1106(UsageTechnique):
|
||||
tech_id = "T1106"
|
||||
relevant_systems = ["Windows"]
|
||||
unscanned_msg = "Monkey didn't try to directly use WinAPI."
|
||||
scanned_msg = "Monkey tried to use WinAPI, but failed."
|
||||
used_msg = "Monkey successfully used WinAPI."
|
||||
|
|
|
@ -4,6 +4,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1107(AttackTechnique):
|
||||
tech_id = "T1107"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = ""
|
||||
scanned_msg = "Monkey tried to delete files on systems in the network, but failed."
|
||||
used_msg = "Monkey successfully deleted files on systems in the network."
|
||||
|
|
|
@ -6,6 +6,7 @@ from monkey_island.cc.services.attack.technique_reports.technique_report_tools i
|
|||
|
||||
class T1110(AttackTechnique):
|
||||
tech_id = "T1110"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't try to brute force any services."
|
||||
scanned_msg = "Monkey tried to brute force some services, but failed."
|
||||
used_msg = "Monkey successfully used brute force in the network."
|
||||
|
|
|
@ -4,6 +4,7 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
|
|||
|
||||
class T1136(PostBreachTechnique):
|
||||
tech_id = "T1136"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't try creating a new user on the network's systems."
|
||||
scanned_msg = "Monkey tried creating a new user on the network's systems, but failed."
|
||||
used_msg = "Monkey created a new user on the network's systems."
|
||||
|
|
|
@ -5,9 +5,10 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1145(AttackTechnique):
|
||||
tech_id = "T1145"
|
||||
unscanned_msg = "Monkey didn't find any shh keys."
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't find any SSH keys."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey found ssh keys on machines in the network."
|
||||
used_msg = "Monkey found SSH keys on machines in the network."
|
||||
|
||||
# Gets data about ssh keys found
|
||||
query = [
|
||||
|
|
|
@ -5,9 +5,12 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
|
|||
class T1146(PostBreachTechnique):
|
||||
tech_id = "T1146"
|
||||
relevant_systems = ["Linux"]
|
||||
unscanned_msg = "Monkey didn't try clearing the command history."
|
||||
scanned_msg = "Monkey tried clearing the command history but failed."
|
||||
used_msg = "Monkey successfully cleared the command history (and then restored it back)."
|
||||
unscanned_msg = "Monkey didn't try clearing the command history on a Linux system."
|
||||
scanned_msg = "Monkey tried clearing the command history on a Linux system but failed."
|
||||
used_msg = (
|
||||
"Monkey successfully cleared the command history on a Linux system (and then "
|
||||
"restored it back)."
|
||||
)
|
||||
pba_names = [POST_BREACH_CLEAR_CMD_HISTORY]
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -4,6 +4,7 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
|
|||
|
||||
class T1158(PostBreachTechnique):
|
||||
tech_id = "T1158"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't try creating hidden files or folders."
|
||||
scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
|
||||
used_msg = "Monkey created hidden files and folders on the system."
|
||||
|
|
|
@ -4,10 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
|
|||
|
||||
class T1166(PostBreachTechnique):
|
||||
tech_id = "T1166"
|
||||
unscanned_msg = (
|
||||
"Monkey didn't try setting the setuid or setgid bits since it didn't run on "
|
||||
"any Linux machines."
|
||||
)
|
||||
relevant_systems = ["Linux"]
|
||||
unscanned_msg = "Monkey didn't try setting the setuid or setgid bits."
|
||||
scanned_msg = "Monkey tried setting the setuid or setgid bits but failed."
|
||||
used_msg = "Monkey successfully set the setuid or setgid bits."
|
||||
pba_names = [POST_BREACH_SETUID_SETGID]
|
||||
|
|
|
@ -5,6 +5,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1188(AttackTechnique):
|
||||
tech_id = "T1188"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't use multi-hop proxy."
|
||||
scanned_msg = ""
|
||||
used_msg = "Monkey used multi-hop proxy."
|
||||
|
|
|
@ -5,6 +5,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1210(AttackTechnique):
|
||||
tech_id = "T1210"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = (
|
||||
"Monkey didn't scan any remote services. Maybe it didn't find any machines on the network?"
|
||||
)
|
||||
|
|
|
@ -4,7 +4,7 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
|
|||
|
||||
class T1216(PostBreachTechnique):
|
||||
tech_id = "T1216"
|
||||
relevant_sytems = ["Windows"]
|
||||
relevant_systems = ["Windows"]
|
||||
unscanned_msg = (
|
||||
"Monkey didn't attempt to execute an arbitrary program with the help of a "
|
||||
"pre-existing signed script. "
|
||||
|
|
|
@ -5,6 +5,7 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
|||
|
||||
class T1222(AttackTechnique):
|
||||
tech_id = "T1222"
|
||||
relevant_systems = ["Linux", "Windows"]
|
||||
unscanned_msg = "Monkey didn't try to change any file permissions."
|
||||
scanned_msg = "Monkey tried to change file permissions, but failed."
|
||||
used_msg = "Monkey successfully changed file permissions in network systems."
|
||||
|
|
|
@ -4,12 +4,10 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos
|
|||
|
||||
class T1504(PostBreachTechnique):
|
||||
tech_id = "T1504"
|
||||
unscanned_msg = (
|
||||
"Monkey didn't try modifying powershell startup files since it didn't run on "
|
||||
"any Windows machines."
|
||||
)
|
||||
scanned_msg = "Monkey tried modifying powershell startup files but failed."
|
||||
used_msg = "Monkey successfully modified powershell startup files."
|
||||
relevant_systems = ["Windows"]
|
||||
unscanned_msg = "Monkey didn't try modifying PowerShell startup files."
|
||||
scanned_msg = "Monkey tried modifying PowerShell startup files but failed."
|
||||
used_msg = "Monkey successfully modified PowerShell startup files."
|
||||
pba_names = [POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION]
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import abc
|
||||
import logging
|
||||
from typing import List
|
||||
|
||||
from common.utils.attack_utils import ScanStatus
|
||||
from common.utils.code_utils import abstractstatic
|
||||
|
@ -50,6 +51,16 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
|||
"""
|
||||
pass
|
||||
|
||||
@property
|
||||
@abc.abstractmethod
|
||||
def relevant_systems(self) -> List[str]:
|
||||
"""
|
||||
:return: systems on which the technique is relevant
|
||||
(examples: 1. "Trap Command" PBA (technique T1154) is Linux only.
|
||||
2. "Job Scheduling" PBA has different techniques for Windows and Linux.
|
||||
"""
|
||||
pass
|
||||
|
||||
@staticmethod
|
||||
@abstractstatic
|
||||
def get_report_data():
|
||||
|
@ -104,12 +115,17 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
|||
if status == ScanStatus.DISABLED.value:
|
||||
return disabled_msg
|
||||
if status == ScanStatus.UNSCANNED.value:
|
||||
return cls.unscanned_msg
|
||||
unscanned_msg = AttackTechnique._get_unscanned_msg_with_reasons(cls.unscanned_msg)
|
||||
return unscanned_msg
|
||||
elif status == ScanStatus.SCANNED.value:
|
||||
return cls.scanned_msg
|
||||
else:
|
||||
return cls.used_msg
|
||||
|
||||
@staticmethod
|
||||
def _get_unscanned_msg_with_reasons(unscanned_msg):
|
||||
pass
|
||||
|
||||
@classmethod
|
||||
def technique_title(cls):
|
||||
"""
|
||||
|
|
Loading…
Reference in New Issue