feat(dockerfile): add powershell example

ruzickap · Jan 1, 2023 · 950dad0 · 950dad0
1 parent 52a125f
commit 950dad0
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml
@@ -53,5 +53,3 @@ jobs:
     secrets:
       container_registry_user: ${{ secrets.CONTAINER_REGISTRY_USER }}
       container_registry_password: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
-      cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }}
-      cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}
diff --git a/Dockerfile b/Dockerfile
@@ -48,6 +48,11 @@ RUN set -eux && \
     # Python script, ASCII text executable, with very long lines (4330), with CRLF line terminators
     wget -q https://github.com/timb-machine/linux-malware/raw/main/malware/binaries/Py.Trojan.NecroBot/0e600095a3c955310d27c08f98a012720caff698fe24303d7e0dcb4c5e766322.py           -O /mnt/Py.Trojan.NecroBot.py
 
+# powershell sample
+RUN set -eux && \
+    # ASCII text, with very long lines (361)
+    wget -q https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -O /mnt/Invoke-ConPtyShell.ps1
+
 COPY img /mnt/img
 COPY README.md /mnt/
 

diff --git a/README.md b/README.md
@@ -120,7 +120,7 @@ List of malware/ransomware/crypto miner files located in the container:
 ## Container details
 
 - Container Image:
-  - quay.io/petr_ruzicka/malware-cryptominer-container:1.2.3
+  - quay.io/petr_ruzicka/malware-cryptominer-container:1.2.5
 - Container Registry:
   - <https://quay.io/repository/petr_ruzicka/malware-cryptominer-container?tab=tags>
 - Container build pipeline:
@@ -170,7 +170,7 @@ Output results will change in the future...
 ❯ docker pull quay.io/petr_ruzicka/malware-cryptominer-container:1.2.1
 ❯ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock registry.aquasec.com/scanner:2022.4 \
   -H https://xxxxxxxxx.cloud.aquasec.com -U 'ruzickap-scanner-test' -P 'xxxxxxx' \
-  scan --local --scan-malware --collect-sensitive quay.io/petr_ruzicka/malware-cryptominer-container:1.2.0
+  scan --local --scan-malware --collect-sensitive quay.io/petr_ruzicka/malware-cryptominer-container:1.2.1
 
 2022-11-28 09:57:00.385 INFO  Logger started with level INFO
 2022-11-28 09:57:02.351 INFO  Registering with server {"os": "linux", "os_version": "", "registries": []}
@@ -286,7 +286,7 @@ Output results will change in the future...
 
 ### Trivy Scanner
 
-Live web scan: <https://trivy.dev/results/?image=quay.io/petr_ruzicka/malware-cryptominer-container:1.2.0>
+Live web scan: <https://trivy.dev/results/?image=quay.io/petr_ruzicka/malware-cryptominer-container:1.2.1>
 
 ```bash
 ❯ trivy image quay.io/petr_ruzicka/malware-cryptominer-container:1.2.1
@@ -424,5 +424,5 @@ docker run -it --rm --entrypoint=/bin/sh --user root -p 8080:8080 malware-crypto
 Run in Kubernetes:
 
 ```bash
-kubectl run malware-cryptominer --image=quay.io/petr_ruzicka/malware-cryptominer-container:1.2.3
+kubectl run malware-cryptominer --image=quay.io/petr_ruzicka/malware-cryptominer-container:1.2.5
 ```