https://github.com/mitre/emu

This CALDERA Plugin converts Adversary Emulation Plans from the Center for Threat Informed Defense
https://github.com/mitre/emu

adversary-emulation caldera caldera-plugin

Last synced: 5 days ago
JSON representation

This CALDERA Plugin converts Adversary Emulation Plans from the Center for Threat Informed Defense

• Host: GitHub
• URL: https://github.com/mitre/emu
• Owner: mitre
• License: apache-2.0
• Created: 2020-09-25T17:10:19.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2025-03-11T18:42:05.000Z (about 2 months ago)
• Last Synced: 2025-04-01T14:38:05.652Z (25 days ago)
• Topics: adversary-emulation, caldera, caldera-plugin
• Language: Python
• Homepage: https://caldera.mitre.org/
• Size: 79.1 KB
• Stars: 30
• Watchers: 17
• Forks: 13
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# MITRE Caldera Plugin: Emu

A plugin supplying Caldera with TTPs from the Center for Threat Informed Defense (CTID) Adversary Emulation Plans.

# Installation

Using the Emu plugin with Caldera will enable users to access the adversary profiles contained in the [CTID Adversary Emulation Library](https://github.com/center-for-threat-informed-defense/adversary_emulation_library). 

To run Caldera along with the Emu plugin:

1. Download Caldera as detailed in the [Installation Guide](https://github.com/mitre/Caldera)

2. Enable the Emu plugin by adding `- emu` to the list of enabled plugins in `conf/local.yml` or `conf/default.yml` (if running Caldera in insecure mode)

3. Start Caldera to automatically download the Adversary Emulation Library to the `data` folder of the Emu plugin. 

4. Stop Caldera. 

5. Some adversaries may require additional payloads and executables to be downloaded. Run the `download_payloads.sh` script to download these binaries to the `payloads` directory.

6. Start Caldera again. You will see the Emu plugin shown on the left sidebar of the Caldera server, and you will be able to access the Adversary Emulation Library adversary profiles from the Adversary tab of the Caldera server.

# Additional setup

Each emulation plan will have an adversary and a set of facts. Please ensure to select the related facts to the 

adversary when starting an operation. 

Because some payloads within the Adversary Emulation Library are encrypted, a Python script is used to automate

the decryption which requires installation of some dependencies. Depending on the host OS, `pyminizip`

can be installed using the following:

- Ubuntu: `apt-get install zlib1g`

- MacOS: `brew install zlib`

- All OS's: `pip3 install -r requirements.txt`

See URL for more information regarding `pyminizip`: https://github.com/smihica/pyminizip

## Acknowledgements

- [Adversary Emulation Library](https://github.com/center-for-threat-informed-defense/adversary_emulation_library)