Merge branch '3411-cryptominer-skeleton' into develop

Issue #3411
PR #3555

Author: mssalvatore

monkey/agent_plugins/payloads/cryptojacker/Pipfile

@@ -0,0 +1,12 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+psutil = "*"
+
+[dev-packages]
+
+[requires]
+python_version = "3.11"

monkey/agent_plugins/payloads/cryptojacker/Pipfile.lock

@@ -0,0 +1,33 @@
+{
+    "properties": {
+        "duration": {
+            "title": "Duration",
+            "type": "number",
+            "description": "The duration (in seconds) for which the cryptojacking simulation should run on each machine",
+            "default": 300,
+            "minimum": 0
+        },
+        "cpu_utilization": {
+            "title": "CPU utilization",
+            "type": "integer",
+            "description": "The percentage of CPU to use on a machine",
+            "default": 80,
+            "minimum": 0,
+            "maximum": 100
+        },
+        "memory_utilization": {
+            "title": "Memory utilization",
+            "type": "integer",
+            "description": "The percentage of memory to use on a machine",
+            "default": 20,
+            "minimum": 0,
+            "maximum": 100
+        },
+        "simulate_bitcoin_mining_network_traffic": {
+            "title": "Simulate Bitcoin mining network traffic",
+            "type": "boolean",
+            "description": "If enabled, the Agent will periodically send requests used in Bitcoin mining over the network.",
+            "default": false
+        }
+    }
+}

monkey/agent_plugins/payloads/cryptojacker/config-schema.json

@@ -0,0 +1,19 @@
+name: Cryptojacker
+plugin_type: Payload
+supported_operating_systems:
+  - linux
+  - windows
+target_operating_systems:
+  - linux
+  - windows
+title: Cryptojacker
+version: 1.0.0
+description: >-
+  Simulates a cryptojacker running on your network using a set of configurable behaviors.
+
+  To simulate cryptojacking, you'll need to configure a time limit for the simulation,
+  and how much CPU and memory to utilize on each infected machine. You can also instruct
+  the Agent to send a request over the network with data that is commonly identified by
+  security solutions as cryptomining activity.
+safe: true
+link_to_documentation: https://techdocs.akamai.com/infection-monkey/docs/cryptojacker

monkey/agent_plugins/payloads/cryptojacker/manifest.yaml

@@ -0,0 +1,29 @@
+from pydantic import Field, conint
+
+from common.base_models import InfectionMonkeyBaseModel
+
+
+class CryptojackerOptions(InfectionMonkeyBaseModel):
+    duration: float = Field(
+        title="Duration",
+        description="The duration (in seconds) for which the cryptojacking simulation should run"
+        " on each machine",
+        default=300,  # 5 minutes
+        ge=0,
+    )
+    cpu_utilization: conint(ge=0, le=100) = Field(  # type: ignore[valid-type]
+        title="CPU utilization",
+        description="The percentage of CPU to use on a machine",
+        default=80,
+    )
+    memory_utilization: conint(ge=0, le=100) = Field(  # type: ignore[valid-type]
+        title="Memory utilization",
+        description="The percentage of memory to use on a machine",
+        default=20,
+    )
+    simulate_bitcoin_mining_network_traffic: bool = Field(
+        title="Simulate Bitcoin mining network traffic",
+        default=False,
+        description="If enabled, the Agent will periodically send requests used in Bitcoin mining"
+        " over the network.",
+    )

monkey/agent_plugins/payloads/cryptojacker/src/cryptojacker_options.py

@@ -0,0 +1,57 @@
+import pytest
+from agent_plugins.payloads.cryptojacker.src.cryptojacker_options import CryptojackerOptions
+
+CRYPTOJACKER_OPTIONS_DICT = {
+    "duration": 100,
+    "cpu_utilization": 50,
+    "memory_utilization": 30,
+    "simulate_bitcoin_mining_network_traffic": True,
+}
+
+CRYPTOJACKER_OPTIONS_OBJECT = CryptojackerOptions(
+    duration=100,
+    cpu_utilization=50,
+    memory_utilization=30,
+    simulate_bitcoin_mining_network_traffic=True,
+)
+
+
+def test_cryptojacker_options__serialization():
+    assert CRYPTOJACKER_OPTIONS_OBJECT.dict(simplify=True) == CRYPTOJACKER_OPTIONS_DICT
+
+
+def test_cryptojacker_options__full_serialization():
+    assert (
+        CryptojackerOptions(**CRYPTOJACKER_OPTIONS_OBJECT.dict(simplify=True))
+        == CRYPTOJACKER_OPTIONS_OBJECT
+    )
+
+
+def test_cryptojacker_options__deserialization():
+    assert CryptojackerOptions(**CRYPTOJACKER_OPTIONS_DICT) == CRYPTOJACKER_OPTIONS_OBJECT
+
+
+def test_cryptojacker_options__default():
+    cryptojacker_options = CryptojackerOptions()
+
+    assert cryptojacker_options.duration == 300
+    assert cryptojacker_options.cpu_utilization == 80
+    assert cryptojacker_options.memory_utilization == 20
+    assert cryptojacker_options.simulate_bitcoin_mining_network_traffic is False
+
+
+def test_cryptojacker_options__invalid_duration():
+    with pytest.raises(ValueError):
+        CryptojackerOptions(duration=-123)
+
+
+@pytest.mark.parametrize("cpu_utilization", ["-1", "101"])
+def test_cryptojacker_options__invalid_cpu_utilization(cpu_utilization: int):
+    with pytest.raises(ValueError):
+        CryptojackerOptions(cpu_utilization=cpu_utilization)
+
+
+@pytest.mark.parametrize("memory_utilization", ["-1", "101"])
+def test_cryptojacker_options__invalid_memory_utilization(memory_utilization: int):
+    with pytest.raises(ValueError):
+        CryptojackerOptions(memory_utilization=memory_utilization)