From f660bfc6df74065845eff9cf7f668dbed711f614 Mon Sep 17 00:00:00 2001
From: Matthew Iverson <matthew@noreply.localhost>
Date: Tue, 26 Nov 2024 18:00:55 -0500
Subject: [PATCH] Upload files to "TTPs"

---
 TTPs/lin_ioc.py     | 40 +++++-----------------------------------
 TTPs/menu.py        |  8 ++++----
 TTPs/persistence.py | 26 +++++++++++++-------------
 TTPs/win_ioc.py     | 19 +------------------
 4 files changed, 23 insertions(+), 70 deletions(-)

diff --git a/TTPs/lin_ioc.py b/TTPs/lin_ioc.py
index 2989cb0..64b6480 100644
--- a/TTPs/lin_ioc.py
+++ b/TTPs/lin_ioc.py
@@ -1,24 +1,10 @@
 from Modules.Imports.ttp_imports import *
+from Modules.submenu import build_submenu
+
 
 def lin_ioc_submenu():
-    """
-    Submenu for Linux Host Indicators.
-    """
-    actions = {
-        "1": {"description": "Basics", "function": linux_basics},
-        "2": {"description": "Common Malware Names", "function": linux_common_malware_names},
-        "3": {"description": "Common Malware Locations", "function": linux_common_malware_locations},
-        "4": {"description": "Interesting Search Terms", "function": linux_interesting_search_terms},
-        "5": {"description": "Locations of Persistence", "function": linux_locations_of_persistence},
-        "6": {"description": "Types of Persistence", "function": linux_types_of_persistence},
-        "7": {"description": "Advanced Persistence", "function": linux_advanced_persistence},
-        "8": {"description": "Event IDs to Watch", "function": linux_event_ids_to_watch},
-        "9": {"description": "Memory Acquisition", "function": linux_memory_acquisition},
-        "10": {"description": "File System Artifacts", "function": linux_filesystem_artifacts},
-        "11": {"description": "Analysis Resources", "function": linux_analysis_resources},
-        "12": {"description": "All", "function": all_linux_iocs},
-    }
-    build_submenu("Linux Indicators of Compromise (IOCs)", actions)
+    """Linux Indicators of Compromise"""
+    build_submenu("Linux Indicators of Compromise (IOCs)", module=globals())
 
 ### Functions for each submenu option
 
@@ -169,20 +155,4 @@ def linux_analysis_resources():
 - Malware Analysis: Analyze suspicious files with tools like Cuckoo Sandbox.
 - Log Analysis: Parse logs using tools like Logstash or Elastic.
 """
-    print_info(title, content)
-
-def all_linux_iocs():
-    """
-    Displays all Linux IOC content sequentially.
-    """
-    linux_basics()
-    linux_common_malware_names()
-    linux_common_malware_locations()
-    linux_interesting_search_terms()
-    linux_locations_of_persistence()
-    linux_types_of_persistence()
-    linux_advanced_persistence()
-    linux_event_ids_to_watch()
-    linux_memory_acquisition()
-    linux_filesystem_artifacts()
-    linux_analysis_resources()
+    print_info(title, content)
\ No newline at end of file
diff --git a/TTPs/menu.py b/TTPs/menu.py
index 37fbcab..443a5c5 100644
--- a/TTPs/menu.py
+++ b/TTPs/menu.py
@@ -1,8 +1,8 @@
 from Modules.Imports.all_imports import *
 
 MENU_OPTIONS = {
-    "1": {"name": "Windows Indicators", "submenu": win_ioc_submenu},
-    "2": {"name": "Linux Indicators", "submenu": lin_ioc_submenu},
-    "3": {"name": "Persistence Detection", "submenu": persistence_submenu},
-    "4": {"name": "Analysis", "submenu": analysis_submenu},
+    "1": {"name": "🪟 Windows IOCs", "submenu": win_ioc_submenu},
+    "2": {"name": "🐧 Linux IOCs", "submenu": lin_ioc_submenu},
+    "3": {"name": "🕷️  Persistence Detection", "submenu": persistence_submenu},
+    "4": {"name": "🔭 Analysis", "submenu": analysis_submenu},
 }
diff --git a/TTPs/persistence.py b/TTPs/persistence.py
index 91c3e50..6cb921a 100644
--- a/TTPs/persistence.py
+++ b/TTPs/persistence.py
@@ -3,17 +3,17 @@ from Modules.Imports.all_imports import *
 
 def persistence_submenu():
     actions = {
-        "1": {"description": "RDP", "submenu": rdp_submenu},
-        "2": {"description": "Scheduled Tasks", "submenu": schedule_tasks_submenu},
-        "3": {"description": "Services", "submenu": service_submenu},
-        "4": {"description": "WMI", "submenu": wmi_submenu},
-        "5": {"description": "Autostart", "submenu": autostart_submenu},
-        "6": {"description": "DLL Hijacking", "submenu": dll_hijacking_submenu},
-        "7": {"description": "Map Share", "submenu": map_share_submenu},
-        "8": {"description": "PowerShell Remoting", "submenu": powershell_remoting_submenu},
-        "9": {"description": "PsExec", "submenu": psexec_submenu},
-        "10": {"description": "DCOM", "submenu": dcom_submenu},
-        "11": {"description": "Advanced", "submenu": advanced_submenu},
-        "12": {"description": "Basic Persistence", "submenu": basic_persistence_submenu},
+        "1": {"description": "Autostart", "submenu": autostart_submenu},
+        "2": {"description": "Basic Persistence", "submenu": basic_persistence_submenu},
+        "3": {"description": "DCOM", "submenu": dcom_submenu},
+        "4": {"description": "DLL Hijacking", "submenu": dll_hijacking_submenu},
+        "5": {"description": "Map Share", "submenu": map_share_submenu},
+        "6": {"description": "PowerShell Remoting", "submenu": powershell_remoting_submenu},
+        "7": {"description": "PsExec", "submenu": psexec_submenu},
+        "8": {"description": "RDP", "submenu": rdp_submenu},
+        "9": {"description": "Scheduled Tasks", "submenu": schedule_tasks_submenu},
+        "10": {"description": "Services", "submenu": service_submenu},
+        "11": {"description": "WMI", "submenu": wmi_submenu},
+        "12": {"description": "Advanced", "submenu": advanced_submenu},  # Always last
     }
-    build_submenu("Persistence Detection", actions)
+    build_submenu("Persistence Detection", actions)
\ No newline at end of file
diff --git a/TTPs/win_ioc.py b/TTPs/win_ioc.py
index 77131b0..fceeacf 100644
--- a/TTPs/win_ioc.py
+++ b/TTPs/win_ioc.py
@@ -1,24 +1,7 @@
 from Modules.Imports.ttp_imports import *
 
 def win_ioc_submenu():
-    """
-    Submenu for Windows Host Indicators.
-    """
-    actions = {
-        "1": {"description": "Basics", "function": basics},
-        "2": {"description": "Common Malware Names", "function": common_malware_names},
-        "3": {"description": "Common Malware Locations", "function": common_malware_locations},
-        "4": {"description": "Interesting Search Terms", "function": interesting_search_terms},
-        "5": {"description": "Locations of Persistence", "function": locations_of_persistence},
-        "6": {"description": "Types of Persistence", "function": types_of_persistence},
-        "7": {"description": "Advanced Persistence", "function": advanced_persistence},
-        "8": {"description": "Event IDs to Watch", "function": event_ids_to_watch},
-        "9": {"description": "Common False Positives", "function": common_false_positives},
-        "10": {"description": "Windows Directories", "function": windows_directories},
-        "11": {"description": "Analysis Resources", "function": analysis_resources},
-        "12": {"description": "All", "function": all_windows_iocs},
-    }
-    build_submenu("Windows Indicators of Compromise (IOCs)", actions)
+    build_submenu("Windows Indicators of Compromise (IOCs)", module=globals())
 
 def basics():
     title = "Basics"