diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 56b78bc3b..418cec03f 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -71,7 +71,16 @@ class Monkey(Document): @staticmethod def get_tunneled_monkeys(): return Monkey.objects(tunnel__exists=True) - + + @staticmethod + def get_network_info(monkey): + """ + Formats network info from monkey's model + :param monkey: monkey model + :return: dictionary with an array of IP's and a hostname + """ + return {'ips': monkey.ip_addresses, 'hostname': monkey.hostname} + class MonkeyNotFoundError(Exception): pass diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index 2321a37c5..719463ba5 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -2,6 +2,7 @@ import logging from monkey_island.cc.models import Monkey from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082 from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188 +from monkey_island.cc.services.attack.technique_reports import T1090 from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.database import mongo @@ -25,7 +26,8 @@ TECHNIQUES = {'T1210': T1210.T1210, 'T1129': T1129.T1129, 'T1106': T1106.T1106, 'T1107': T1107.T1107, - 'T1188': T1188.T1188} + 'T1188': T1188.T1188, + 'T1090': T1090.T1090} REPORT_NAME = 'new_report' diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py index fc9969d9b..0e48d2198 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py @@ -1,6 +1,6 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus -from monkey_island.cc.database import mongo +from monkey_island.cc.models import Monkey __author__ = "VakarisZ" @@ -12,23 +12,16 @@ class T1090(AttackTechnique): scanned_msg = "" used_msg = "Monkey used connection proxy." - query = [{'$match': {'telem_category': 'exploit', - 'data.info.executed_cmds': {'$exists': True, '$ne': []}}}, - {'$unwind': '$data.info.executed_cmds'}, - {'$sort': {'data.info.executed_cmds.powershell': 1}}, - {'$project': {'_id': 0, - 'machine': '$data.machine', - 'info': '$data.info'}}, - {'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}, - {'$project': {'_id': 0, 'data': {'$arrayElemAt': ['$data', 0]}}}] - @staticmethod def get_report_data(): - cmd_data = list(mongo.db.telemetry.aggregate(T1090.query)) - data = {'title': T1090.technique_title(), 'cmds': cmd_data} - if cmd_data: + monkeys = Monkey.get_tunneled_monkeys() + monkeys = [Monkey.get_network_info(monkey) for monkey in monkeys] + if monkeys: status = ScanStatus.USED.value else: status = ScanStatus.UNSCANNED.value - data.update(T1090.get_message_and_status(status)) + data = T1090.get_base_data_by_status(status) + data.update({'proxies': monkeys}) return data + + diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py index 30e621065..6e35f7c7f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -23,8 +23,8 @@ class T1188(AttackTechnique): proxy_count += 1 proxy = proxy.tunnel if proxy_count > 1: - hops.append({'from': T1188.get_network_info(initial), - 'to': T1188.get_network_info(proxy), + hops.append({'from': Monkey.get_network_info(initial), + 'to': Monkey.get_network_info(proxy), 'count': proxy_count}) if hops: status = ScanStatus.USED.value @@ -33,7 +33,3 @@ class T1188(AttackTechnique): data = T1188.get_base_data_by_status(status) data.update({'hops': hops}) return data - - @staticmethod - def get_network_info(monkey): - return {'ips': monkey.ip_addresses, 'hostname': monkey.hostname} diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js new file mode 100644 index 000000000..99660cf65 --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js @@ -0,0 +1,40 @@ +import React from 'react'; +import '../../../styles/Collapse.scss' +import ReactTable from "react-table"; +import { renderMachineFromSystemData, scanStatus } from "./Helpers" + + +class T1090 extends React.Component { + + constructor(props) { + super(props); + } + + static getProxyColumns() { + return ([{ + Header: "Proxies were used to communicate with:", + columns: [ + {Header: 'Machines', + id: 'machine', + accessor: x => renderMachineFromSystemData(x), + style: { 'whiteSpace': 'unset', textAlign: 'center' }}]}]) + }; + + render() { + return ( +
+
{this.props.data.message}
+
+ {this.props.data.status === scanStatus.USED ? + : ""} +
+ ); + } +} + +export default T1090; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js index b5217a56a..0b622248b 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js @@ -22,6 +22,7 @@ import T1035 from "../attack/techniques/T1035"; import T1129 from "../attack/techniques/T1129"; import T1106 from "../attack/techniques/T1106"; import T1188 from "../attack/techniques/T1188"; +import T1090 from "../attack/techniques/T1090"; const tech_components = { 'T1210': T1210, @@ -39,7 +40,8 @@ const tech_components = { 'T1129': T1129, 'T1106': T1106, 'T1107': T1107, - 'T1188': T1188 + 'T1188': T1188, + 'T1090': T1090 }; const classNames = require('classnames');