Update after pulling from develop

monkey/monkey_island/cc/services/attack/technique_reports/T1053.py

@@ -2,33 +2,15 @@ from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING
 from common.utils.attack_utils import ScanStatus
 from monkey_island.cc.database import mongo
 from monkey_island.cc.services.attack.technique_reports import AttackTechnique
+from monkey_island.cc.services.attack.technique_reports.pba_technique import \
+    PostBreachTechnique
 
 __author__ = "shreyamalviya"
 
 
-class T1053(AttackTechnique):
+class T1053(PostBreachTechnique):
     tech_id = "T1053"
     unscanned_msg = "Monkey did not try scheduling a job on Windows."
     scanned_msg = "Monkey tried scheduling a job on the Windows system but failed."
     used_msg = "Monkey scheduled a job on the Windows system."
-
+    pba_names = [POST_BREACH_JOB_SCHEDULING]
-    query = [{'$match': {'telem_category': 'post_breach',
-                         'data.name': POST_BREACH_JOB_SCHEDULING,
-                         'data.command': {'$regex': 'schtasks'}}},
-             {'$project': {'_id': 0,
-                           'machine': {'hostname': '$data.hostname',
-                                       'ips': ['$data.ip']},
-                           'result': '$data.result'}}]
-
-    @staticmethod
-    def get_report_data():
-        data = {'title': T1053.technique_title()}
-
-        job_scheduling_info = list(mongo.db.telemetry.aggregate(T1053.query))
-
-        status = (ScanStatus.USED.value if job_scheduling_info[0]['result'][1]
-                  else ScanStatus.SCANNED.value) if job_scheduling_info else ScanStatus.UNSCANNED.value
-
-        data.update(T1053.get_base_data_by_status(status))
-        data.update({'info': job_scheduling_info})
-        return data

monkey/monkey_island/cc/services/attack/technique_reports/T1136.py

@@ -3,7 +3,6 @@ from common.data.post_breach_consts import (
 from monkey_island.cc.services.attack.technique_reports.pba_technique import \
     PostBreachTechnique
 
-
 __author__ = "shreyamalviya"
 
 

monkey/monkey_island/cc/services/attack/technique_reports/T1166.py

@@ -8,7 +8,7 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import \
 __author__ = "shreyamalviya"
 
 
-class T1166(AttackTechnique):
+class T1166(PostBreachTechnique):
     tech_id = "T1166"
     unscanned_msg = "Monkey did not try creating hidden files or folders."
     scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."

monkey/monkey_island/cc/services/attack/technique_reports/T1168.py

@@ -2,33 +2,15 @@ from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING
 from common.utils.attack_utils import ScanStatus
 from monkey_island.cc.database import mongo
 from monkey_island.cc.services.attack.technique_reports import AttackTechnique
+from monkey_island.cc.services.attack.technique_reports.pba_technique import \
+    PostBreachTechnique
 
 __author__ = "shreyamalviya"
 
 
-class T1168(AttackTechnique):
+class T1168(PostBreachTechnique):
     tech_id = "T1168"
     unscanned_msg = "Monkey did not try scheduling a job on Linux."
     scanned_msg = "Monkey tried scheduling a job on the Linux system but failed."
     used_msg = "Monkey scheduled a job on the Linux system."
-
+    pba_names = [POST_BREACH_JOB_SCHEDULING]
-    query = [{'$match': {'telem_category': 'post_breach',
-                         'data.name': POST_BREACH_JOB_SCHEDULING,
-                         'data.command': {'$regex': 'crontab'}}},
-             {'$project': {'_id': 0,
-                           'machine': {'hostname': '$data.hostname',
-                                       'ips': ['$data.ip']},
-                           'result': '$data.result'}}]
-
-    @staticmethod
-    def get_report_data():
-        data = {'title': T1168.technique_title()}
-
-        job_scheduling_info = list(mongo.db.telemetry.aggregate(T1168.query))
-
-        status = (ScanStatus.USED.value if job_scheduling_info[0]['result'][1]
-                  else ScanStatus.SCANNED.value) if job_scheduling_info else ScanStatus.UNSCANNED.value
-
-        data.update(T1168.get_base_data_by_status(status))
-        data.update({'info': job_scheduling_info})
-        return data

monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py

@@ -1,8 +1,8 @@
 import abc
 
-from monkey_island.cc.services.attack.attack_config import AttackConfig
-from monkey_island.cc.database import mongo
 from common.utils.attack_utils import ScanStatus
+from monkey_island.cc.database import mongo
+from monkey_island.cc.services.attack.attack_config import AttackConfig
 from monkey_island.cc.services.attack.technique_reports import AttackTechnique
 
 
@@ -41,9 +41,10 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
 
         info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_names)))
 
+        status = ScanStatus.UNSCANNED.value
         if info:
             successful_PBAs = mongo.db.telemetry.count({
-                '$or': [{'data.name': pba_name} for pba_name in post_breach_action_names],
+                '$or': [{'data.name': pba_name} for pba_name in cls.pba_names],
                 'data.result.1': True
             })
             status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value