From ed269577b3eb129508cceefbd89e57663d5c10e7 Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Wed, 15 Jul 2020 00:32:52 +0530
Subject: [PATCH] Update after pulling from develop

---
 .../attack/technique_reports/T1053.py         | 26 +++----------------
 .../attack/technique_reports/T1136.py         |  1 -
 .../attack/technique_reports/T1166.py         |  2 +-
 .../attack/technique_reports/T1168.py         | 26 +++----------------
 .../attack/technique_reports/pba_technique.py |  7 ++---
 5 files changed, 13 insertions(+), 49 deletions(-)

diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py
index 7af3978d5..a7db16632 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1053.py
@@ -2,33 +2,15 @@ from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING
 from common.utils.attack_utils import ScanStatus
 from monkey_island.cc.database import mongo
 from monkey_island.cc.services.attack.technique_reports import AttackTechnique
+from monkey_island.cc.services.attack.technique_reports.pba_technique import \
+    PostBreachTechnique
 
 __author__ = "shreyamalviya"
 
 
-class T1053(AttackTechnique):
+class T1053(PostBreachTechnique):
     tech_id = "T1053"
     unscanned_msg = "Monkey did not try scheduling a job on Windows."
     scanned_msg = "Monkey tried scheduling a job on the Windows system but failed."
     used_msg = "Monkey scheduled a job on the Windows system."
-
-    query = [{'$match': {'telem_category': 'post_breach',
-                         'data.name': POST_BREACH_JOB_SCHEDULING,
-                         'data.command': {'$regex': 'schtasks'}}},
-             {'$project': {'_id': 0,
-                           'machine': {'hostname': '$data.hostname',
-                                       'ips': ['$data.ip']},
-                           'result': '$data.result'}}]
-
-    @staticmethod
-    def get_report_data():
-        data = {'title': T1053.technique_title()}
-
-        job_scheduling_info = list(mongo.db.telemetry.aggregate(T1053.query))
-
-        status = (ScanStatus.USED.value if job_scheduling_info[0]['result'][1]
-                  else ScanStatus.SCANNED.value) if job_scheduling_info else ScanStatus.UNSCANNED.value
-
-        data.update(T1053.get_base_data_by_status(status))
-        data.update({'info': job_scheduling_info})
-        return data
+    pba_names = [POST_BREACH_JOB_SCHEDULING]
diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py
index 2022aa3be..086a1c139 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py
@@ -3,7 +3,6 @@ from common.data.post_breach_consts import (
 from monkey_island.cc.services.attack.technique_reports.pba_technique import \
     PostBreachTechnique
 
-
 __author__ = "shreyamalviya"
 
 
diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py
index 075a74ba0..3d29ebed6 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py
@@ -8,7 +8,7 @@ from monkey_island.cc.services.attack.technique_reports.pba_technique import \
 __author__ = "shreyamalviya"
 
 
-class T1166(AttackTechnique):
+class T1166(PostBreachTechnique):
     tech_id = "T1166"
     unscanned_msg = "Monkey did not try creating hidden files or folders."
     scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py
index 48298a7fe..54709b507 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1168.py
@@ -2,33 +2,15 @@ from common.data.post_breach_consts import POST_BREACH_JOB_SCHEDULING
 from common.utils.attack_utils import ScanStatus
 from monkey_island.cc.database import mongo
 from monkey_island.cc.services.attack.technique_reports import AttackTechnique
+from monkey_island.cc.services.attack.technique_reports.pba_technique import \
+    PostBreachTechnique
 
 __author__ = "shreyamalviya"
 
 
-class T1168(AttackTechnique):
+class T1168(PostBreachTechnique):
     tech_id = "T1168"
     unscanned_msg = "Monkey did not try scheduling a job on Linux."
     scanned_msg = "Monkey tried scheduling a job on the Linux system but failed."
     used_msg = "Monkey scheduled a job on the Linux system."
-
-    query = [{'$match': {'telem_category': 'post_breach',
-                         'data.name': POST_BREACH_JOB_SCHEDULING,
-                         'data.command': {'$regex': 'crontab'}}},
-             {'$project': {'_id': 0,
-                           'machine': {'hostname': '$data.hostname',
-                                       'ips': ['$data.ip']},
-                           'result': '$data.result'}}]
-
-    @staticmethod
-    def get_report_data():
-        data = {'title': T1168.technique_title()}
-
-        job_scheduling_info = list(mongo.db.telemetry.aggregate(T1168.query))
-
-        status = (ScanStatus.USED.value if job_scheduling_info[0]['result'][1]
-                  else ScanStatus.SCANNED.value) if job_scheduling_info else ScanStatus.UNSCANNED.value
-
-        data.update(T1168.get_base_data_by_status(status))
-        data.update({'info': job_scheduling_info})
-        return data
+    pba_names = [POST_BREACH_JOB_SCHEDULING]
diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py b/monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py
index f603b757e..a7ef96803 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py
@@ -1,8 +1,8 @@
 import abc
 
-from monkey_island.cc.services.attack.attack_config import AttackConfig
-from monkey_island.cc.database import mongo
 from common.utils.attack_utils import ScanStatus
+from monkey_island.cc.database import mongo
+from monkey_island.cc.services.attack.attack_config import AttackConfig
 from monkey_island.cc.services.attack.technique_reports import AttackTechnique
 
 
@@ -41,9 +41,10 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
 
         info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_names)))
 
+        status = ScanStatus.UNSCANNED.value
         if info:
             successful_PBAs = mongo.db.telemetry.count({
-                '$or': [{'data.name': pba_name} for pba_name in post_breach_action_names],
+                '$or': [{'data.name': pba_name} for pba_name in cls.pba_names],
                 'data.result.1': True
             })
             status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value