-
Notifications
You must be signed in to change notification settings - Fork 26
Expand file tree
/
Copy pathDockerfile
More file actions
176 lines (158 loc) · 9.78 KB
/
Dockerfile
File metadata and controls
176 lines (158 loc) · 9.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
# https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/
# kics-scan ignore
FROM node:lts-alpine@sha256:c921b97d4b74f51744057454b306b418cf693865e73b8100559189605f6955b8 AS build
ARG TARGETARCH
ENV XMRIG_VERSION="6.22.2"
SHELL ["/bin/ash", "-euxo", "pipefail", "-c"]
# Compile own version of xmrig cryptominer
# hadolint ignore=DL3003
RUN set -eux && \
apk add --no-cache automake autoconf cmake g++ gcc git libstdc++ libtool linux-headers make && \
git clone --branch "v${XMRIG_VERSION}" https://github.com/xmrig/xmrig && \
sed -i \
-e "s/\(APP_ID [^\"]*\).*/\1\"myxmrig\"/" \
-e "s/\(APP_NAME [^\"]*\).*/\1\"My XMRig\"/" \
-e "s/\(APP_DESC [^\"]*\).*/\1\"My XMRig miner\"/" \
-e "s/\(APP_VERSION.*\)\"/\1-my-${TARGETARCH}\"/" \
xmrig/src/version.h && \
mkdir xmrig/build && \
cd xmrig/scripts && \
./build_deps.sh && \
cd ../build && \
cmake .. -DXMRIG_DEPS=scripts/deps -DBUILD_STATIC=ON && \
make -j"$(nproc)" && \
mkdir -v /mnt/xmrig && \
mv ../build/xmrig /mnt/xmrig/my-xmrig
WORKDIR /mnt
# xmrig - ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), static-pie linked, stripped
RUN set -eux && \
wget -q "https://github.com/xmrig/xmrig/releases/download/v${XMRIG_VERSION}/xmrig-${XMRIG_VERSION}-linux-static-x64.tar.gz" -O xmrig/xmrig-linux-static-x64.tar.gz && \
tar xvzf xmrig/xmrig-linux-static-x64.tar.gz -C xmrig --strip-components=1 "xmrig-${XMRIG_VERSION}/xmrig"
# EICAR virus test files
RUN set -eux && \
mkdir -p eicar && \
wget -q -P eicar https://secure.eicar.org/eicar.com https://secure.eicar.org/eicar.com.txt https://secure.eicar.org/eicar_com.zip
# windows/macos malware + ransomware for different architectures
RUN --mount=type=secret,id=github_token \
GITHUB_TOKEN="$(cat /run/secrets/github_token)" && \
export GITHUB_TOKEN && \
set -eux && \
mkdir -p malware && \
# ILOVEYOU worm (VBScript)
wget -q "https://github.com/Da2dalus/The-MALWARE-Repo/raw/e8ddc517b4ecd80728e0acef1c558fad9a1c888a/Email-Worm/ILOVEYOU.vbs" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/ILOVEYOU.vbs && \
# PowerShell reverse shell
wget -q "https://github.com/antonioCoco/ConPtyShell/raw/f5c00d4d37b656092d20447b127eb0774efca96a/Invoke-ConPtyShell.ps1" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/Invoke-ConPtyShell.ps1 && \
# DOS batch file
wget -q "https://github.com/Da2dalus/The-MALWARE-Repo/raw/e8ddc517b4ecd80728e0acef1c558fad9a1c888a/Trojan/L0Lz.bat" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/L0Lz.bat && \
# MS-DOS executable
wget -q "https://github.com/Da2dalus/The-MALWARE-Repo/raw/e8ddc517b4ecd80728e0acef1c558fad9a1c888a/Virus/MadMan.exe" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/MadMan.exe && \
# Melissa macro virus (Word document)
wget -q "https://github.com/Da2dalus/The-MALWARE-Repo/raw/e8ddc517b4ecd80728e0acef1c558fad9a1c888a/Virus/Melissa.doc" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/Melissa.doc && \
# XCSSET Mac malware (Mach-O binary)
wget -q "https://github.com/Da2dalus/The-MALWARE-Repo/raw/e8ddc517b4ecd80728e0acef1c558fad9a1c888a/Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6614978ab256f922d7b6dbd7cc15c6136819f4bcfb5a0fead480561f0df54ca6" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/TrojanSpy.MacOS.XCSSET.A.bin && \
# DOS executable (COM)
wget -q "https://github.com/Da2dalus/The-MALWARE-Repo/raw/e8ddc517b4ecd80728e0acef1c558fad9a1c888a/Virus/Walker.com" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/Walker.com && \
# WannaCry ransomware (Windows PE)
wget -q "https://github.com/Da2dalus/The-MALWARE-Repo/raw/e8ddc517b4ecd80728e0acef1c558fad9a1c888a/Ransomware/WannaCry.exe" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/WannaCry.exe && \
# Zloader banking malware (Excel macro)
wget -q "https://github.com/Da2dalus/The-MALWARE-Repo/raw/e8ddc517b4ecd80728e0acef1c558fad9a1c888a/Banking-Malware/Zloader.xlsm" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/Zloader.xlsm
# linux malware + ransomware for different architectures
# Source: https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://github.com/timb-machine/linux-malware
# (original GitHub repo timb-machine/linux-malware was deleted)
RUN set -eux && \
# ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, with debug_info, not stripped
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:75b86678f1003978cbb3a67a81e6bea02e6ec892/raw/" \
-O malware/Linux.Trojan.Multiverze.elf.x86 && \
# ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, stripped
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:8609980b7e6bc4cffc0aad9de157bf952f775da2/raw/" \
-O malware/Unix.Trojan.Mirai.elf.x86_64 && \
# ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=9fdmXJhReUX31Gj9ZEYg/ufudXOOpAambiyMItr13/otwZTTTdWsnO_OuvAAn-/qn6mMLxbKwGft_Ecoum6, stripped
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:331eab207649e8be186dc0bb0c618cb5cce91174/raw/" \
-O malware/Unix.Malware.Kaiji.elf.arm && \
# ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, for GNU/Linux 2.6.16, with debug_info, not stripped
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:9aeb7ec7845b68d5d61750b0c39d737fffcb19d6/raw/" \
-O malware/Unix.Trojan.Spike.elf.arm && \
# ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:e3c6d5adec8e9997ef4a37cb558ac6289fd12fa5/raw/" \
-O malware/Unix.Trojan.Mirai.elf.mips && \
# ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:10cea6f50ad8e8d19bbc4ddeeb74c893ce4bef28/raw/" \
-O malware/Unix.Trojan.Mirai.elf.m68k && \
# ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, not stripped
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:3820d6c1b6dbc68b9acbf9ea161388cfff63f505/raw/" \
-O malware/Unix.Trojan.Mirai.elf.ppc && \
# ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, not stripped
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:7ad125819f6f4f2ab4b4a7678a9496615385a0e5/raw/" \
-O malware/Unix.Trojan.Mirai.elf.sparc && \
# POSIX shell script, ASCII text executable
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:8c22d0fbf45f8ebd0993baa2f6c1bf58234afa08/raw/" \
-O malware/Unix.Downloader.Rocke.sh && \
# Bourne-Again shell script, ASCII text executable
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:b7f88a8e5cfeef85270448a62afee533ee2f5e6d/raw/" \
-O malware/Txt.Malware.Sustes.sh && \
# Perl script text executable
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:ad26ca5b748cecc18a686c5eba47b6a533be9f26/raw/" \
-O malware/Win.Trojan.Perl.perl && \
# Python script, ASCII text executable, with very long lines (4330), with CRLF line terminators
wget -q "https://archive.softwareheritage.org/api/1/content/sha1_git:d161dca43bbda88be030adc91943be3ade0ae35e/raw/" \
-O malware/Py.Trojan.NecroBot.py
# Java archive data (JAR)
RUN --mount=type=secret,id=github_token \
GITHUB_TOKEN="$(cat /run/secrets/github_token)" && \
export GITHUB_TOKEN && \
set -eux && \
wget -q "https://github.com/HonbraDev/fractureiser-samples/raw/221bcc4bf45d5896f8908b21d5a8f3e7fcbc2875/stage-0-infected-DisplayEntityEditor-1.0.4.jar" \
--header="Authorization: token ${GITHUB_TOKEN}" \
-O malware/Trojan.Java.Fractureiser.MTB.jar
RUN set -eux && \
apk add --no-cache clamav file python3 && \
freshclam --quiet && \
# renovate: currentValue=master
wget -qO /tmp/genindex.py https://raw.githubusercontent.com/glowinthedark/index-html-generator/915fc3bfeb735bbeba5b730280a491e2b0c08125/genindex.py && \
chmod a+x /tmp/genindex.py && \
for DIR in eicar xmrig malware; do \
file "${DIR}"/* | sed "s@${DIR}/@@" | tee "${DIR}/files.txt" && \
( clamscan --infected --no-summary "${DIR}" | sed "s@/mnt/${DIR}/@@" | tee "${DIR}/clamscan.txt" || true ) && \
/tmp/genindex.py --output-file index.html . ; \
done
COPY README.md .
RUN set -eux && \
# renovate: datasource=npm depName=github-readme-to-html
GITHUB_README_TO_HTML_VERSION="1.0.11" && \
yarn add "github-readme-to-html@${GITHUB_README_TO_HTML_VERSION}" && \
npx github-readme-to-html --dir . --style dark --title "Container image with malware and crypto miner for testing purposes"
################################################################################
FROM nginxinc/nginx-unprivileged:1.29.5-alpine-slim@sha256:fffab8a3a427aca0248572e53da56d98812984ceda02c44113aa4897c401e0b7
# renovate: datasource=docker depName=nginxinc/nginx-unprivileged versioning=docker
LABEL org.opencontainers.image.base.name="nginxinc/nginx-unprivileged:1.29.5-alpine-slim"
COPY --from=build /mnt/ /usr/share/nginx/html/
RUN printf '%s\n' > /etc/nginx/conf.d/health.conf \
'server {' \
' listen 8081;' \
' location / {' \
' access_log off;' \
' add_header Content-Type text/plain;' \
' return 200 "healthy\n";' \
' }' \
'}'
USER nginx
# Healthcheck to make sure container is ready
HEALTHCHECK --interval=5m --timeout=3s CMD curl --fail http://localhost:8081 || exit 1