From 0ed167fb48ed68d7435900be166d433eca6535d1 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Wed, 5 Oct 2022 11:13:39 +0200 Subject: [PATCH] Agent: Import attack technique tags from common in Zerologon --- monkey/infection_monkey/exploit/zerologon.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/monkey/infection_monkey/exploit/zerologon.py b/monkey/infection_monkey/exploit/zerologon.py index bae4a4054..19445f6ab 100644 --- a/monkey/infection_monkey/exploit/zerologon.py +++ b/monkey/infection_monkey/exploit/zerologon.py @@ -18,6 +18,7 @@ from impacket.dcerpc.v5.dtypes import NULL from common.agent_events import CredentialsStolenEvent from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT from common.credentials import Credentials, LMHash, NTHash, Username +from common.tags import T1003_ATTACK_TECHNIQUE_TAG, T1098_ATTACK_TECHNIQUE_TAG from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.tools.wmi_tools import WmiTools from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets @@ -32,9 +33,6 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) ZEROLOGON_EXPLOITER_TAG = "zerologon-exploiter" -T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003" -T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098" - ZEROLOGON_EVENT_TAGS = frozenset( { @@ -315,7 +313,7 @@ class ZerologonExploiter(HostExploiter): tags=ZEROLOGON_EVENT_TAGS, stolen_credentials=extracted_credentials, ) - self.event_queue.publish(credentials_stolen_event) + self.agent_event_queue.publish(credentials_stolen_event) def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> Optional[str]: if not self.save_HKLM_keys_locally(username, user_pwd_hashes):