From 8e733a84409303e75649433ff310944a5fc9cfa5 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 22 Sep 2021 18:30:35 +0530 Subject: [PATCH] island: Add `relevant_systems` property to attack techniques that run on specific systems And remove hardcoded "since it didn't run on any ... systems" from the unscanned message for those techniques --- .../cc/services/attack/technique_reports/T1053.py | 9 ++++----- .../cc/services/attack/technique_reports/T1075.py | 5 ++--- .../cc/services/attack/technique_reports/T1086.py | 5 +++-- .../cc/services/attack/technique_reports/T1146.py | 5 ++--- .../cc/services/attack/technique_reports/T1154.py | 3 ++- .../cc/services/attack/technique_reports/T1156.py | 5 ++--- .../cc/services/attack/technique_reports/T1168.py | 5 ++--- .../cc/services/attack/technique_reports/T1197.py | 5 ++--- .../cc/services/attack/technique_reports/T1216.py | 3 ++- 9 files changed, 21 insertions(+), 24 deletions(-) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py index 3a10e92f7..c6420be0d 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py @@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos class T1053(PostBreachTechnique): tech_id = "T1053" - unscanned_msg = ( - "Monkey didn't try scheduling a job on Windows since it didn't run on any Windows machines." - ) - scanned_msg = "Monkey tried scheduling a job on the Windows system but failed." - used_msg = "Monkey scheduled a job on the Windows system." + relevant_systems = ["Windows"] + unscanned_msg = "Monkey didn't try scheduling a job on any Windows system." + scanned_msg = "Monkey tried scheduling a job on a Windows system but failed." + used_msg = "Monkey scheduled a job on a Windows system." pba_names = [POST_BREACH_JOB_SCHEDULING] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py index 372ec35b0..4dddb9e9c 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1075.py @@ -5,9 +5,8 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique class T1075(AttackTechnique): tech_id = "T1075" - unscanned_msg = ( - "Monkey didn't try to use pass the hash attack since it didn't run on any Windows machines." - ) + relevant_systems = ["Windows"] + unscanned_msg = "Monkey didn't try to use pass the hash attack." scanned_msg = "Monkey tried to use hashes while logging in but didn't succeed." used_msg = "Monkey successfully used hashed credentials." diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py index eaaa7a155..253dc3d8d 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py @@ -5,9 +5,10 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique class T1086(AttackTechnique): tech_id = "T1086" - unscanned_msg = "Monkey didn't run powershell since it didn't run on any Windows machines." + relevant_systems = ["Windows"] + unscanned_msg = "Monkey didn't run PowerShell." scanned_msg = "" - used_msg = "Monkey successfully ran powershell commands on exploited machines in the network." + used_msg = "Monkey successfully ran PowerShell commands on exploited machines in the network." query = [ { diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1146.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1146.py index 951233418..d0b8cb4b5 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1146.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1146.py @@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos class T1146(PostBreachTechnique): tech_id = "T1146" - unscanned_msg = ( - "Monkey didn't try clearing the command history since it didn't run on any Linux machines." - ) + relevant_systems = ["Linux"] + unscanned_msg = "Monkey didn't try clearing the command history." scanned_msg = "Monkey tried clearing the command history but failed." used_msg = "Monkey successfully cleared the command history (and then restored it back)." pba_names = [POST_BREACH_CLEAR_CMD_HISTORY] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py index 3e7cb677b..7a1375208 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py @@ -4,7 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos class T1154(PostBreachTechnique): tech_id = "T1154" - unscanned_msg = "Monkey didn't use the trap command since it didn't run on any Linux machines." + relevant_systems = ["Linux"] + unscanned_msg = "Monkey didn't use the trap command." scanned_msg = "Monkey tried using the trap command but failed." used_msg = "Monkey used the trap command successfully." pba_names = [POST_BREACH_TRAP_COMMAND] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1156.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1156.py index 2dd6e03af..f9c5c5020 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1156.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1156.py @@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos class T1156(PostBreachTechnique): tech_id = "T1156" - unscanned_msg = ( - "Monkey didn't try modifying bash startup files since it didn't run on any Linux machines." - ) + relevant_systems = ["Linux"] + unscanned_msg = "Monkey didn't try modifying bash startup files." scanned_msg = "Monkey tried modifying bash startup files but failed." used_msg = "Monkey successfully modified bash startup files." pba_names = [POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py index a0cc0ee78..9a2b7547f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py @@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos class T1168(PostBreachTechnique): tech_id = "T1168" - unscanned_msg = ( - "Monkey didn't try scheduling a job on Linux since it didn't run on any Linux machines." - ) + relevant_systems = ["Linux"] + unscanned_msg = "Monkey didn't try scheduling a job on Linux." scanned_msg = "Monkey tried scheduling a job on the Linux system but failed." used_msg = "Monkey scheduled a job on the Linux system." pba_names = [POST_BREACH_JOB_SCHEDULING] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py index 1de5f3080..1d16a08ef 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py @@ -4,9 +4,8 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique class T1197(AttackTechnique): tech_id = "T1197" - unscanned_msg = ( - "Monkey didn't try to use any bits jobs since it didn't run on any Windows machines." - ) + relevant_systems = ["Windows"] + unscanned_msg = "Monkey didn't try to use any bits jobs." scanned_msg = "Monkey tried to use bits jobs but failed." used_msg = "Monkey successfully used bits jobs at least once in the network." diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1216.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1216.py index fd69417df..24cab65d8 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1216.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1216.py @@ -4,9 +4,10 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import Pos class T1216(PostBreachTechnique): tech_id = "T1216" + relevant_sytems = ["Windows"] unscanned_msg = ( "Monkey didn't attempt to execute an arbitrary program with the help of a " - "pre-existing signed script since it didn't run on any Windows machines. " + "pre-existing signed script. " ) scanned_msg = ( "Monkey attempted to execute an arbitrary program with the help of a "