From 3671ba269659f5a331ee063ecd036eb7df55def8 Mon Sep 17 00:00:00 2001 From: Logan MacLaren Date: Thu, 19 Dec 2024 09:08:59 -0500 Subject: [PATCH] Address PR feedback - add ATT&CK mapping, change associated_pids to Vec, remove itertools --- Payload_Type/thanatos/thanatos/agent_code/Cargo.toml | 1 - Payload_Type/thanatos/thanatos/agent_code/src/netstat.rs | 7 +++---- .../thanatos/thanatos/mythic/agent_functions/netstat.py | 2 +- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/Payload_Type/thanatos/thanatos/agent_code/Cargo.toml b/Payload_Type/thanatos/thanatos/agent_code/Cargo.toml index f40dc80..39d4774 100644 --- a/Payload_Type/thanatos/thanatos/agent_code/Cargo.toml +++ b/Payload_Type/thanatos/thanatos/agent_code/Cargo.toml @@ -31,7 +31,6 @@ rand = "0.8" serde_json = "1.0" sha2 = "0.9.8" netstat2 = "0.9.1" -itertools = "0.13.0" [dependencies.minreq] version = "2.4.2" diff --git a/Payload_Type/thanatos/thanatos/agent_code/src/netstat.rs b/Payload_Type/thanatos/thanatos/agent_code/src/netstat.rs index 0d836eb..5792490 100644 --- a/Payload_Type/thanatos/thanatos/agent_code/src/netstat.rs +++ b/Payload_Type/thanatos/thanatos/agent_code/src/netstat.rs @@ -1,5 +1,4 @@ use serde::Serialize; -use itertools::Itertools; use crate::agent::AgentTask; use crate::mythic_success; use netstat2::{get_sockets_info, AddressFamilyFlags, ProtocolFlags, ProtocolSocketInfo}; @@ -23,7 +22,7 @@ pub struct NetworkListingEntry { pub remote_port: Option, /// Associated PIDs - pub associated_pids: String, + pub associated_pids: Vec, /// State pub state: Option, @@ -44,7 +43,7 @@ pub fn netstat(task: &AgentTask) -> Result<(serde_json::Value), Box conn.push(NetworkListingEntry { @@ -53,7 +52,7 @@ pub fn netstat(task: &AgentTask) -> Result<(serde_json::Value), Box