p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove T1129 attack technique from the codebase

This commit is contained in:
VakarisZ 2021-09-17 12:24:05 +03:00
parent a93d6361a3
commit b69916428b
8 changed files with 2 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/content/reference/mitre_techniques.md
View File

@ -18,7 +18,6 @@ In the following table, we list all the MITRE ATT&CK techniques the Infection Mo
| TACTIC | TECHNIQUES | | TACTIC | TECHNIQUES |
|--- |--- | |--- |--- |
| [Execution](https://attack.mitre.org/tactics/TA0002/) | [Command-line Interface](https://attack.mitre.org/techniques/T1059/) | | [Execution](https://attack.mitre.org/tactics/TA0002/) | [Command-line Interface](https://attack.mitre.org/techniques/T1059/) |
| | [Execution Through Module Load](https://attack.mitre.org/techniques/T1129/) |
| | [Execution Through API](https://attack.mitre.org/techniques/T1106/) | | | [Execution Through API](https://attack.mitre.org/techniques/T1106/) |
| | [Powershell](https://attack.mitre.org/techniques/T1086/) | | | [Powershell](https://attack.mitre.org/techniques/T1086/) |
| | [Scripting](https://attack.mitre.org/techniques/T1064/) | | | [Scripting](https://attack.mitre.org/techniques/T1064/) |

4
envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py
View File

@ -7,8 +7,8 @@ import requests
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
ISLAND_USERNAME = "m0nk3y" ISLAND_USERNAME = "test"
ISLAND_PASSWORD = "Passw0rd!" ISLAND_PASSWORD = "test"
LOGGER = logging.getLogger(__name__) LOGGER = logging.getLogger(__name__)

11
monkey/infection_monkey/telemetry/attack/t1129_telem.py
View File

@ -1,11 +0,0 @@
from infection_monkey.telemetry.attack.usage_telem import UsageTelem
class T1129Telem(UsageTelem):
def __init__(self, status, usage):
"""
T1129 telemetry.
:param status: ScanStatus of technique
:param usage: Enum of UsageEnum type
"""
super(T1129Telem, self).__init__("T1129", status, usage)

2
monkey/monkey_island/cc/services/attack/attack_report.py
View File

@ -25,7 +25,6 @@ from monkey_island.cc.services.attack.technique_reports import (
T1106, T1106,
T1107, T1107,
T1110, T1110,
T1129,
T1136, T1136,
T1145, T1145,
T1146, T1146,
@ -60,7 +59,6 @@ TECHNIQUES = {
"T1065": T1065.T1065, "T1065": T1065.T1065,
"T1105": T1105.T1105, "T1105": T1105.T1105,
"T1035": T1035.T1035, "T1035": T1035.T1035,
"T1129": T1129.T1129,
"T1106": T1106.T1106, "T1106": T1106.T1106,
"T1107": T1107.T1107, "T1107": T1107.T1107,
"T1188": T1188.T1188, "T1188": T1188.T1188,

12
monkey/monkey_island/cc/services/attack/attack_schema.py
View File

@ -17,18 +17,6 @@ SCHEMA = {
"systems " "systems "
"and execute other software during the course of an operation.", "and execute other software during the course of an operation.",
}, },
"T1129": {
"title": "Execution through module load",
"type": "bool",
"value": True,
"necessary": False,
"link": "https://attack.mitre.org/techniques/T1129",
"description": "The Windows module loader can be instructed to load DLLs from "
"arbitrary "
"local paths and arbitrary Universal Naming Convention (UNC) "
"network paths.",
"depends_on": ["T1078", "T1003"],
},
"T1106": { "T1106": {
"title": "Execution through API", "title": "Execution through API",
"type": "bool", "type": "bool",

16
monkey/monkey_island/cc/services/attack/technique_reports/T1129.py
View File

@ -1,16 +0,0 @@
from monkey_island.cc.services.attack.technique_reports.usage_technique import UsageTechnique
class T1129(UsageTechnique):
tech_id = "T1129"
unscanned_msg = (
"Monkey didn't try to load any DLLs since it didn't run on any Windows machines."
)
scanned_msg = "Monkey tried to load DLLs, but failed."
used_msg = "Monkey successfully loaded DLLs using Windows module loader."
@staticmethod
def get_report_data():
data = T1129.get_tech_base_data()
data.update({"dlls": T1129.get_usage_data()})
return data

30
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1129.js
View File

@ -1,30 +0,0 @@
import React from 'react';
import ReactTable from 'react-table';
import {getUsageColumns} from './Helpers';
import MitigationsComponent from './MitigationsComponent';
class T1129 extends React.Component {
constructor(props) {
super(props);
}
render() {
return (
<div>
<div>{this.props.data.message_html}</div>
<br/>
{this.props.data.dlls.length !== 0 ?
<ReactTable
columns={getUsageColumns()}
data={this.props.data.dlls}
showPagination={false}
defaultPageSize={this.props.data.dlls.length}
/> : ''}
<MitigationsComponent mitigations={this.props.data.mitigations}/>
</div>
);
}
}
export default T1129;

22
monkey/tests/unit_tests/infection_monkey/telemetry/attack/test_t1129_telem.py
View File

@ -1,22 +0,0 @@
import json
import pytest
from common.utils.attack_utils import ScanStatus, UsageEnum
from infection_monkey.telemetry.attack.t1129_telem import T1129Telem
STATUS = ScanStatus.USED
USAGE = UsageEnum.SMB
@pytest.fixture
def T1129_telem_test_instance():
return T1129Telem(STATUS, USAGE)
def test_T1129_send(T1129_telem_test_instance, spy_send_telemetry):
T1129_telem_test_instance.send()
expected_data = {"status": STATUS.value, "technique": "T1129", "usage": USAGE.name}
expected_data = json.dumps(expected_data, cls=T1129_telem_test_instance.json_encoder)
assert spy_send_telemetry.data == expected_data
assert spy_send_telemetry.telem_category == "attack"