Upload files to "TTPs"
This commit is contained in:
@ -1,24 +1,10 @@
|
|||||||
from Modules.Imports.ttp_imports import *
|
from Modules.Imports.ttp_imports import *
|
||||||
|
from Modules.submenu import build_submenu
|
||||||
|
|
||||||
|
|
||||||
def lin_ioc_submenu():
|
def lin_ioc_submenu():
|
||||||
"""
|
"""Linux Indicators of Compromise"""
|
||||||
Submenu for Linux Host Indicators.
|
build_submenu("Linux Indicators of Compromise (IOCs)", module=globals())
|
||||||
"""
|
|
||||||
actions = {
|
|
||||||
"1": {"description": "Basics", "function": linux_basics},
|
|
||||||
"2": {"description": "Common Malware Names", "function": linux_common_malware_names},
|
|
||||||
"3": {"description": "Common Malware Locations", "function": linux_common_malware_locations},
|
|
||||||
"4": {"description": "Interesting Search Terms", "function": linux_interesting_search_terms},
|
|
||||||
"5": {"description": "Locations of Persistence", "function": linux_locations_of_persistence},
|
|
||||||
"6": {"description": "Types of Persistence", "function": linux_types_of_persistence},
|
|
||||||
"7": {"description": "Advanced Persistence", "function": linux_advanced_persistence},
|
|
||||||
"8": {"description": "Event IDs to Watch", "function": linux_event_ids_to_watch},
|
|
||||||
"9": {"description": "Memory Acquisition", "function": linux_memory_acquisition},
|
|
||||||
"10": {"description": "File System Artifacts", "function": linux_filesystem_artifacts},
|
|
||||||
"11": {"description": "Analysis Resources", "function": linux_analysis_resources},
|
|
||||||
"12": {"description": "All", "function": all_linux_iocs},
|
|
||||||
}
|
|
||||||
build_submenu("Linux Indicators of Compromise (IOCs)", actions)
|
|
||||||
|
|
||||||
### Functions for each submenu option
|
### Functions for each submenu option
|
||||||
|
|
||||||
@ -169,20 +155,4 @@ def linux_analysis_resources():
|
|||||||
- Malware Analysis: Analyze suspicious files with tools like Cuckoo Sandbox.
|
- Malware Analysis: Analyze suspicious files with tools like Cuckoo Sandbox.
|
||||||
- Log Analysis: Parse logs using tools like Logstash or Elastic.
|
- Log Analysis: Parse logs using tools like Logstash or Elastic.
|
||||||
"""
|
"""
|
||||||
print_info(title, content)
|
print_info(title, content)
|
||||||
|
|
||||||
def all_linux_iocs():
|
|
||||||
"""
|
|
||||||
Displays all Linux IOC content sequentially.
|
|
||||||
"""
|
|
||||||
linux_basics()
|
|
||||||
linux_common_malware_names()
|
|
||||||
linux_common_malware_locations()
|
|
||||||
linux_interesting_search_terms()
|
|
||||||
linux_locations_of_persistence()
|
|
||||||
linux_types_of_persistence()
|
|
||||||
linux_advanced_persistence()
|
|
||||||
linux_event_ids_to_watch()
|
|
||||||
linux_memory_acquisition()
|
|
||||||
linux_filesystem_artifacts()
|
|
||||||
linux_analysis_resources()
|
|
||||||
@ -1,8 +1,8 @@
|
|||||||
from Modules.Imports.all_imports import *
|
from Modules.Imports.all_imports import *
|
||||||
|
|
||||||
MENU_OPTIONS = {
|
MENU_OPTIONS = {
|
||||||
"1": {"name": "Windows Indicators", "submenu": win_ioc_submenu},
|
"1": {"name": "🪟 Windows IOCs", "submenu": win_ioc_submenu},
|
||||||
"2": {"name": "Linux Indicators", "submenu": lin_ioc_submenu},
|
"2": {"name": "🐧 Linux IOCs", "submenu": lin_ioc_submenu},
|
||||||
"3": {"name": "Persistence Detection", "submenu": persistence_submenu},
|
"3": {"name": "🕷️ Persistence Detection", "submenu": persistence_submenu},
|
||||||
"4": {"name": "Analysis", "submenu": analysis_submenu},
|
"4": {"name": "🔭 Analysis", "submenu": analysis_submenu},
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,17 +3,17 @@ from Modules.Imports.all_imports import *
|
|||||||
|
|
||||||
def persistence_submenu():
|
def persistence_submenu():
|
||||||
actions = {
|
actions = {
|
||||||
"1": {"description": "RDP", "submenu": rdp_submenu},
|
"1": {"description": "Autostart", "submenu": autostart_submenu},
|
||||||
"2": {"description": "Scheduled Tasks", "submenu": schedule_tasks_submenu},
|
"2": {"description": "Basic Persistence", "submenu": basic_persistence_submenu},
|
||||||
"3": {"description": "Services", "submenu": service_submenu},
|
"3": {"description": "DCOM", "submenu": dcom_submenu},
|
||||||
"4": {"description": "WMI", "submenu": wmi_submenu},
|
"4": {"description": "DLL Hijacking", "submenu": dll_hijacking_submenu},
|
||||||
"5": {"description": "Autostart", "submenu": autostart_submenu},
|
"5": {"description": "Map Share", "submenu": map_share_submenu},
|
||||||
"6": {"description": "DLL Hijacking", "submenu": dll_hijacking_submenu},
|
"6": {"description": "PowerShell Remoting", "submenu": powershell_remoting_submenu},
|
||||||
"7": {"description": "Map Share", "submenu": map_share_submenu},
|
"7": {"description": "PsExec", "submenu": psexec_submenu},
|
||||||
"8": {"description": "PowerShell Remoting", "submenu": powershell_remoting_submenu},
|
"8": {"description": "RDP", "submenu": rdp_submenu},
|
||||||
"9": {"description": "PsExec", "submenu": psexec_submenu},
|
"9": {"description": "Scheduled Tasks", "submenu": schedule_tasks_submenu},
|
||||||
"10": {"description": "DCOM", "submenu": dcom_submenu},
|
"10": {"description": "Services", "submenu": service_submenu},
|
||||||
"11": {"description": "Advanced", "submenu": advanced_submenu},
|
"11": {"description": "WMI", "submenu": wmi_submenu},
|
||||||
"12": {"description": "Basic Persistence", "submenu": basic_persistence_submenu},
|
"12": {"description": "Advanced", "submenu": advanced_submenu}, # Always last
|
||||||
}
|
}
|
||||||
build_submenu("Persistence Detection", actions)
|
build_submenu("Persistence Detection", actions)
|
||||||
@ -1,24 +1,7 @@
|
|||||||
from Modules.Imports.ttp_imports import *
|
from Modules.Imports.ttp_imports import *
|
||||||
|
|
||||||
def win_ioc_submenu():
|
def win_ioc_submenu():
|
||||||
"""
|
build_submenu("Windows Indicators of Compromise (IOCs)", module=globals())
|
||||||
Submenu for Windows Host Indicators.
|
|
||||||
"""
|
|
||||||
actions = {
|
|
||||||
"1": {"description": "Basics", "function": basics},
|
|
||||||
"2": {"description": "Common Malware Names", "function": common_malware_names},
|
|
||||||
"3": {"description": "Common Malware Locations", "function": common_malware_locations},
|
|
||||||
"4": {"description": "Interesting Search Terms", "function": interesting_search_terms},
|
|
||||||
"5": {"description": "Locations of Persistence", "function": locations_of_persistence},
|
|
||||||
"6": {"description": "Types of Persistence", "function": types_of_persistence},
|
|
||||||
"7": {"description": "Advanced Persistence", "function": advanced_persistence},
|
|
||||||
"8": {"description": "Event IDs to Watch", "function": event_ids_to_watch},
|
|
||||||
"9": {"description": "Common False Positives", "function": common_false_positives},
|
|
||||||
"10": {"description": "Windows Directories", "function": windows_directories},
|
|
||||||
"11": {"description": "Analysis Resources", "function": analysis_resources},
|
|
||||||
"12": {"description": "All", "function": all_windows_iocs},
|
|
||||||
}
|
|
||||||
build_submenu("Windows Indicators of Compromise (IOCs)", actions)
|
|
||||||
|
|
||||||
def basics():
|
def basics():
|
||||||
title = "Basics"
|
title = "Basics"
|
||||||
|
|||||||
Reference in New Issue
Block a user