-
Notifications
You must be signed in to change notification settings - Fork 42
/
Copy pathdata.py
975 lines (961 loc) · 213 KB
/
data.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
from app import db
import models
from config import CONSOLE_VERSION
from config import CONSOLE_PATH
s = db.session()
def insert_tech():
objects = [
models.Technique_DB(IDTech = '1',URL_Mitre = 'https://attack.mitre.org/techniques/T1156',Name = '.bash_profile and .bashrc', IDMitre = 'T1156'),
models.Technique_DB(IDTech = '2',URL_Mitre = 'https://attack.mitre.org/techniques/T1134',Name = 'Access Token Manipulation', IDMitre = 'T1134'),
models.Technique_DB(IDTech = '3',URL_Mitre = 'https://attack.mitre.org/techniques/T1015',Name = 'Accessibility Features', IDMitre = 'T1015'),
models.Technique_DB(IDTech = '4',URL_Mitre = 'https://attack.mitre.org/techniques/T1087',Name = 'Account Discovery', IDMitre = 'T1087'),
models.Technique_DB(IDTech = '5',URL_Mitre = 'https://attack.mitre.org/techniques/T1098',Name = 'Account Manipulation', IDMitre = 'T1098'),
models.Technique_DB(IDTech = '6',URL_Mitre = 'https://attack.mitre.org/techniques/T1182',Name = 'AppCert DLLs', IDMitre = 'T1182'),
models.Technique_DB(IDTech = '7',URL_Mitre = 'https://attack.mitre.org/techniques/T1103',Name = 'AppInit DLLs', IDMitre = 'T1103'),
models.Technique_DB(IDTech = '8',URL_Mitre = 'https://attack.mitre.org/techniques/T1155',Name = 'AppleScript', IDMitre = 'T1155'),
models.Technique_DB(IDTech = '9',URL_Mitre = 'https://attack.mitre.org/techniques/T1017',Name = 'Application Deployment Software', IDMitre = 'T1017'),
models.Technique_DB(IDTech = '10',URL_Mitre = 'https://attack.mitre.org/techniques/T1138',Name = 'Application Shimming', IDMitre = 'T1138'),
models.Technique_DB(IDTech = '11',URL_Mitre = 'https://attack.mitre.org/techniques/T1010',Name = 'Application Window Discovery', IDMitre = 'T1010'),
models.Technique_DB(IDTech = '12',URL_Mitre = 'https://attack.mitre.org/techniques/T1123',Name = 'Audio Capture', IDMitre = 'T1123'),
models.Technique_DB(IDTech = '13',URL_Mitre = 'https://attack.mitre.org/techniques/T1131',Name = 'Authentication Package', IDMitre = 'T1131'),
models.Technique_DB(IDTech = '14',URL_Mitre = 'https://attack.mitre.org/techniques/T1119',Name = 'Automated Collection', IDMitre = 'T1119'),
models.Technique_DB(IDTech = '15',URL_Mitre = 'https://attack.mitre.org/techniques/T1020',Name = 'Automated Exfiltration', IDMitre = 'T1020'),
models.Technique_DB(IDTech = '16',URL_Mitre = 'https://attack.mitre.org/techniques/T1197',Name = 'BITS Jobs', IDMitre = 'T1197'),
models.Technique_DB(IDTech = '17',URL_Mitre = 'https://attack.mitre.org/techniques/T1139',Name = 'Bash History', IDMitre = 'T1139'),
models.Technique_DB(IDTech = '18',URL_Mitre = 'https://attack.mitre.org/techniques/T1009',Name = 'Binary Padding', IDMitre = 'T1009'),
models.Technique_DB(IDTech = '19',URL_Mitre = 'https://attack.mitre.org/techniques/T1067',Name = 'Bootkit', IDMitre = 'T1067'),
models.Technique_DB(IDTech = '20',URL_Mitre = 'https://attack.mitre.org/techniques/T1217',Name = 'Browser Bookmark Discovery', IDMitre = 'T1217'),
models.Technique_DB(IDTech = '21',URL_Mitre = 'https://attack.mitre.org/techniques/T1176',Name = 'Browser Extensions', IDMitre = 'T1176'),
models.Technique_DB(IDTech = '22',URL_Mitre = 'https://attack.mitre.org/techniques/T1110',Name = 'Brute Force', IDMitre = 'T1110'),
models.Technique_DB(IDTech = '23',URL_Mitre = 'https://attack.mitre.org/techniques/T1088',Name = 'Bypass User Account Control', IDMitre = 'T1088'),
models.Technique_DB(IDTech = '24',URL_Mitre = 'https://attack.mitre.org/techniques/T1191',Name = 'CMSTP', IDMitre = 'T1191'),
models.Technique_DB(IDTech = '25',URL_Mitre = 'https://attack.mitre.org/techniques/T1042',Name = 'Change Default File Association', IDMitre = 'T1042'),
models.Technique_DB(IDTech = '26',URL_Mitre = 'https://attack.mitre.org/techniques/T1146',Name = 'Clear Command History', IDMitre = 'T1146'),
models.Technique_DB(IDTech = '27',URL_Mitre = 'https://attack.mitre.org/techniques/T1115',Name = 'Clipboard Data', IDMitre = 'T1115'),
models.Technique_DB(IDTech = '28',URL_Mitre = 'https://attack.mitre.org/techniques/T1116',Name = 'Code Signing', IDMitre = 'T1116'),
models.Technique_DB(IDTech = '29',URL_Mitre = 'https://attack.mitre.org/techniques/T1059',Name = 'Command-Line Interface', IDMitre = 'T1059'),
models.Technique_DB(IDTech = '30',URL_Mitre = 'https://attack.mitre.org/techniques/T1043',Name = 'Commonly Used Port', IDMitre = 'T1043'),
models.Technique_DB(IDTech = '31',URL_Mitre = 'https://attack.mitre.org/techniques/T1092',Name = 'Communication Through Removable Media', IDMitre = 'T1092'),
models.Technique_DB(IDTech = '32',URL_Mitre = 'https://attack.mitre.org/techniques/T1500',Name = 'Compile After Delivery', IDMitre = 'T1500'),
models.Technique_DB(IDTech = '33',URL_Mitre = 'https://attack.mitre.org/techniques/T1223',Name = 'Compiled HTML File', IDMitre = 'T1223'),
models.Technique_DB(IDTech = '34',URL_Mitre = 'https://attack.mitre.org/techniques/T1109',Name = 'Component Firmware', IDMitre = 'T1109'),
models.Technique_DB(IDTech = '35',URL_Mitre = 'https://attack.mitre.org/techniques/T1122',Name = 'Component Object Model Hijacking', IDMitre = 'T1122'),
models.Technique_DB(IDTech = '36',URL_Mitre = 'https://attack.mitre.org/techniques/T1090',Name = 'Connection Proxy', IDMitre = 'T1090'),
models.Technique_DB(IDTech = '37',URL_Mitre = 'https://attack.mitre.org/techniques/T1196',Name = 'Control Panel Items', IDMitre = 'T1196'),
models.Technique_DB(IDTech = '38',URL_Mitre = 'https://attack.mitre.org/techniques/T1136',Name = 'Create Account', IDMitre = 'T1136'),
models.Technique_DB(IDTech = '39',URL_Mitre = 'https://attack.mitre.org/techniques/T1003',Name = 'Credential Dumping', IDMitre = 'T1003'),
models.Technique_DB(IDTech = '40',URL_Mitre = 'https://attack.mitre.org/techniques/T1081',Name = 'Credentials in Files', IDMitre = 'T1081'),
models.Technique_DB(IDTech = '41',URL_Mitre = 'https://attack.mitre.org/techniques/T1214',Name = 'Credentials in Registry', IDMitre = 'T1214'),
models.Technique_DB(IDTech = '42',URL_Mitre = 'https://attack.mitre.org/techniques/T1094',Name = 'Custom Command and Control Protocol', IDMitre = 'T1094'),
models.Technique_DB(IDTech = '43',URL_Mitre = 'https://attack.mitre.org/techniques/T1024',Name = 'Custom Cryptographic Protocol', IDMitre = 'T1024'),
models.Technique_DB(IDTech = '44',URL_Mitre = 'https://attack.mitre.org/techniques/T1207',Name = 'DCShadow', IDMitre = 'T1207'),
models.Technique_DB(IDTech = '45',URL_Mitre = 'https://attack.mitre.org/techniques/T1038',Name = 'DLL Search Order Hijacking', IDMitre = 'T1038'),
models.Technique_DB(IDTech = '46',URL_Mitre = 'https://attack.mitre.org/techniques/T1073',Name = 'DLL Side-Loading', IDMitre = 'T1073'),
models.Technique_DB(IDTech = '47',URL_Mitre = 'https://attack.mitre.org/techniques/T1002',Name = 'Data Compressed', IDMitre = 'T1002'),
models.Technique_DB(IDTech = '48',URL_Mitre = 'https://attack.mitre.org/techniques/T1485',Name = 'Data Destruction', IDMitre = 'T1485'),
models.Technique_DB(IDTech = '49',URL_Mitre = 'https://attack.mitre.org/techniques/T1132',Name = 'Data Encoding', IDMitre = 'T1132'),
models.Technique_DB(IDTech = '50',URL_Mitre = 'https://attack.mitre.org/techniques/T1022',Name = 'Data Encrypted', IDMitre = 'T1022'),
models.Technique_DB(IDTech = '51',URL_Mitre = 'https://attack.mitre.org/techniques/T1486',Name = 'Data Encrypted for Impact', IDMitre = 'T1486'),
models.Technique_DB(IDTech = '52',URL_Mitre = 'https://attack.mitre.org/techniques/T1001',Name = 'Data Obfuscation', IDMitre = 'T1001'),
models.Technique_DB(IDTech = '53',URL_Mitre = 'https://attack.mitre.org/techniques/T1074',Name = 'Data Staged', IDMitre = 'T1074'),
models.Technique_DB(IDTech = '54',URL_Mitre = 'https://attack.mitre.org/techniques/T1030',Name = 'Data Transfer Size Limits', IDMitre = 'T1030'),
models.Technique_DB(IDTech = '55',URL_Mitre = 'https://attack.mitre.org/techniques/T1213',Name = 'Data from Information Repositories', IDMitre = 'T1213'),
models.Technique_DB(IDTech = '56',URL_Mitre = 'https://attack.mitre.org/techniques/T1005',Name = 'Data from Local System', IDMitre = 'T1005'),
models.Technique_DB(IDTech = '57',URL_Mitre = 'https://attack.mitre.org/techniques/T1039',Name = 'Data from Network Shared Drive', IDMitre = 'T1039'),
models.Technique_DB(IDTech = '58',URL_Mitre = 'https://attack.mitre.org/techniques/T1025',Name = 'Data from Removable Media', IDMitre = 'T1025'),
models.Technique_DB(IDTech = '59',URL_Mitre = 'https://attack.mitre.org/techniques/T1491',Name = 'Defacement', IDMitre = 'T1491'),
models.Technique_DB(IDTech = '60',URL_Mitre = 'https://attack.mitre.org/techniques/T1140',Name = 'Deobfuscate/Decode Files or Information', IDMitre = 'T1140'),
models.Technique_DB(IDTech = '61',URL_Mitre = 'https://attack.mitre.org/techniques/T1089',Name = 'Disabling Security Tools', IDMitre = 'T1089'),
models.Technique_DB(IDTech = '62',URL_Mitre = 'https://attack.mitre.org/techniques/T1488',Name = 'Disk Content Wipe', IDMitre = 'T1488'),
models.Technique_DB(IDTech = '63',URL_Mitre = 'https://attack.mitre.org/techniques/T1487',Name = 'Disk Structure Wipe', IDMitre = 'T1487'),
models.Technique_DB(IDTech = '64',URL_Mitre = 'https://attack.mitre.org/techniques/T1175',Name = 'Distributed Component Object Model', IDMitre = 'T1175'),
models.Technique_DB(IDTech = '65',URL_Mitre = 'https://attack.mitre.org/techniques/T1172',Name = 'Domain Fronting', IDMitre = 'T1172'),
models.Technique_DB(IDTech = '66',URL_Mitre = 'https://attack.mitre.org/techniques/T1483',Name = 'Domain Generation Algorithms', IDMitre = 'T1483'),
models.Technique_DB(IDTech = '67',URL_Mitre = 'https://attack.mitre.org/techniques/T1482',Name = 'Domain Trust Discovery', IDMitre = 'T1482'),
models.Technique_DB(IDTech = '68',URL_Mitre = 'https://attack.mitre.org/techniques/T1189',Name = 'Drive-by Compromise', IDMitre = 'T1189'),
models.Technique_DB(IDTech = '69',URL_Mitre = 'https://attack.mitre.org/techniques/T1157',Name = 'Dylib Hijacking', IDMitre = 'T1157'),
models.Technique_DB(IDTech = '70',URL_Mitre = 'https://attack.mitre.org/techniques/T1173',Name = 'Dynamic Data Exchange', IDMitre = 'T1173'),
models.Technique_DB(IDTech = '71',URL_Mitre = 'https://attack.mitre.org/techniques/T1114',Name = 'Email Collection', IDMitre = 'T1114'),
models.Technique_DB(IDTech = '72',URL_Mitre = 'https://attack.mitre.org/techniques/T1499',Name = 'Endpoint Denial of Service', IDMitre = 'T1499'),
models.Technique_DB(IDTech = '73',URL_Mitre = 'https://attack.mitre.org/techniques/T1480',Name = 'Execution Guardrails', IDMitre = 'T1480'),
models.Technique_DB(IDTech = '74',URL_Mitre = 'https://attack.mitre.org/techniques/T1106',Name = 'Execution through API', IDMitre = 'T1106'),
models.Technique_DB(IDTech = '75',URL_Mitre = 'https://attack.mitre.org/techniques/T1129',Name = 'Execution through Module Load', IDMitre = 'T1129'),
models.Technique_DB(IDTech = '76',URL_Mitre = 'https://attack.mitre.org/techniques/T1048',Name = 'Exfiltration Over Alternative Protocol', IDMitre = 'T1048'),
models.Technique_DB(IDTech = '77',URL_Mitre = 'https://attack.mitre.org/techniques/T1041',Name = 'Exfiltration Over Command and Control Channel', IDMitre = 'T1041'),
models.Technique_DB(IDTech = '78',URL_Mitre = 'https://attack.mitre.org/techniques/T1011',Name = 'Exfiltration Over Other Network Medium', IDMitre = 'T1011'),
models.Technique_DB(IDTech = '79',URL_Mitre = 'https://attack.mitre.org/techniques/T1052',Name = 'Exfiltration Over Physical Medium', IDMitre = 'T1052'),
models.Technique_DB(IDTech = '80',URL_Mitre = 'https://attack.mitre.org/techniques/T1190',Name = 'Exploit Public-Facing Application', IDMitre = 'T1190'),
models.Technique_DB(IDTech = '81',URL_Mitre = 'https://attack.mitre.org/techniques/T1203',Name = 'Exploitation for Client Execution', IDMitre = 'T1203'),
models.Technique_DB(IDTech = '82',URL_Mitre = 'https://attack.mitre.org/techniques/T1212',Name = 'Exploitation for Credential Access', IDMitre = 'T1212'),
models.Technique_DB(IDTech = '83',URL_Mitre = 'https://attack.mitre.org/techniques/T1211',Name = 'Exploitation for Defense Evasion', IDMitre = 'T1211'),
models.Technique_DB(IDTech = '84',URL_Mitre = 'https://attack.mitre.org/techniques/T1068',Name = 'Exploitation for Privilege Escalation', IDMitre = 'T1068'),
models.Technique_DB(IDTech = '85',URL_Mitre = 'https://attack.mitre.org/techniques/T1210',Name = 'Exploitation of Remote Services', IDMitre = 'T1210'),
models.Technique_DB(IDTech = '86',URL_Mitre = 'https://attack.mitre.org/techniques/T1133',Name = 'External Remote Services', IDMitre = 'T1133'),
models.Technique_DB(IDTech = '87',URL_Mitre = 'https://attack.mitre.org/techniques/T1181',Name = 'Extra Window Memory Injection', IDMitre = 'T1181'),
models.Technique_DB(IDTech = '88',URL_Mitre = 'https://attack.mitre.org/techniques/T1008',Name = 'Fallback Channels', IDMitre = 'T1008'),
models.Technique_DB(IDTech = '89',URL_Mitre = 'https://attack.mitre.org/techniques/T1107',Name = 'File Deletion', IDMitre = 'T1107'),
models.Technique_DB(IDTech = '90',URL_Mitre = 'https://attack.mitre.org/techniques/T1222',Name = 'File Permissions Modification', IDMitre = 'T1222'),
models.Technique_DB(IDTech = '91',URL_Mitre = 'https://attack.mitre.org/techniques/T1006',Name = 'File System Logical Offsets', IDMitre = 'T1006'),
models.Technique_DB(IDTech = '92',URL_Mitre = 'https://attack.mitre.org/techniques/T1044',Name = 'File System Permissions Weakness', IDMitre = 'T1044'),
models.Technique_DB(IDTech = '93',URL_Mitre = 'https://attack.mitre.org/techniques/T1083',Name = 'File and Directory Discovery', IDMitre = 'T1083'),
models.Technique_DB(IDTech = '94',URL_Mitre = 'https://attack.mitre.org/techniques/T1495',Name = 'Firmware Corruption', IDMitre = 'T1495'),
models.Technique_DB(IDTech = '95',URL_Mitre = 'https://attack.mitre.org/techniques/T1187',Name = 'Forced Authentication', IDMitre = 'T1187'),
models.Technique_DB(IDTech = '96',URL_Mitre = 'https://attack.mitre.org/techniques/T1144',Name = 'Gatekeeper Bypass', IDMitre = 'T1144'),
models.Technique_DB(IDTech = '97',URL_Mitre = 'https://attack.mitre.org/techniques/T1061',Name = 'Graphical User Interface', IDMitre = 'T1061'),
models.Technique_DB(IDTech = '98',URL_Mitre = 'https://attack.mitre.org/techniques/T1484',Name = 'Group Policy Modification', IDMitre = 'T1484'),
models.Technique_DB(IDTech = '99',URL_Mitre = 'https://attack.mitre.org/techniques/T1148',Name = 'HISTCONTROL', IDMitre = 'T1148'),
models.Technique_DB(IDTech = '100',URL_Mitre = 'https://attack.mitre.org/techniques/T1200',Name = 'Hardware Additions', IDMitre = 'T1200'),
models.Technique_DB(IDTech = '101',URL_Mitre = 'https://attack.mitre.org/techniques/T1158',Name = 'Hidden Files and Directories', IDMitre = 'T1158'),
models.Technique_DB(IDTech = '102',URL_Mitre = 'https://attack.mitre.org/techniques/T1147',Name = 'Hidden Users', IDMitre = 'T1147'),
models.Technique_DB(IDTech = '103',URL_Mitre = 'https://attack.mitre.org/techniques/T1143',Name = 'Hidden Window', IDMitre = 'T1143'),
models.Technique_DB(IDTech = '104',URL_Mitre = 'https://attack.mitre.org/techniques/T1179',Name = 'Hooking', IDMitre = 'T1179'),
models.Technique_DB(IDTech = '105',URL_Mitre = 'https://attack.mitre.org/techniques/T1062',Name = 'Hypervisor', IDMitre = 'T1062'),
models.Technique_DB(IDTech = '106',URL_Mitre = 'https://attack.mitre.org/techniques/T1183',Name = 'Image File Execution Options Injection', IDMitre = 'T1183'),
models.Technique_DB(IDTech = '107',URL_Mitre = 'https://attack.mitre.org/techniques/T1054',Name = 'Indicator Blocking', IDMitre = 'T1054'),
models.Technique_DB(IDTech = '108',URL_Mitre = 'https://attack.mitre.org/techniques/T1066',Name = 'Indicator Removal from Tools', IDMitre = 'T1066'),
models.Technique_DB(IDTech = '109',URL_Mitre = 'https://attack.mitre.org/techniques/T1070',Name = 'Indicator Removal on Host', IDMitre = 'T1070'),
models.Technique_DB(IDTech = '110',URL_Mitre = 'https://attack.mitre.org/techniques/T1202',Name = 'Indirect Command Execution', IDMitre = 'T1202'),
models.Technique_DB(IDTech = '111',URL_Mitre = 'https://attack.mitre.org/techniques/T1490',Name = 'Inhibit System Recovery', IDMitre = 'T1490'),
models.Technique_DB(IDTech = '112',URL_Mitre = 'https://attack.mitre.org/techniques/T1056',Name = 'Input Capture', IDMitre = 'T1056'),
models.Technique_DB(IDTech = '113',URL_Mitre = 'https://attack.mitre.org/techniques/T1141',Name = 'Input Prompt', IDMitre = 'T1141'),
models.Technique_DB(IDTech = '114',URL_Mitre = 'https://attack.mitre.org/techniques/T1130',Name = 'Install Root Certificate', IDMitre = 'T1130'),
models.Technique_DB(IDTech = '115',URL_Mitre = 'https://attack.mitre.org/techniques/T1118',Name = 'InstallUtil', IDMitre = 'T1118'),
models.Technique_DB(IDTech = '116',URL_Mitre = 'https://attack.mitre.org/techniques/T1208',Name = 'Kerberoasting', IDMitre = 'T1208'),
models.Technique_DB(IDTech = '117',URL_Mitre = 'https://attack.mitre.org/techniques/T1215',Name = 'Kernel Modules and Extensions', IDMitre = 'T1215'),
models.Technique_DB(IDTech = '118',URL_Mitre = 'https://attack.mitre.org/techniques/T1142',Name = 'Keychain', IDMitre = 'T1142'),
models.Technique_DB(IDTech = '119',URL_Mitre = 'https://attack.mitre.org/techniques/T1161',Name = 'LC_LOAD_DYLIB Addition', IDMitre = 'T1161'),
models.Technique_DB(IDTech = '120',URL_Mitre = 'https://attack.mitre.org/techniques/T1149',Name = 'LC_MAIN Hijacking', IDMitre = 'T1149'),
models.Technique_DB(IDTech = '121',URL_Mitre = 'https://attack.mitre.org/techniques/T1171',Name = 'LLMNR/NBT-NS Poisoning and Relay', IDMitre = 'T1171'),
models.Technique_DB(IDTech = '122',URL_Mitre = 'https://attack.mitre.org/techniques/T1177',Name = 'LSASS Driver', IDMitre = 'T1177'),
models.Technique_DB(IDTech = '123',URL_Mitre = 'https://attack.mitre.org/techniques/T1159',Name = 'Launch Agent', IDMitre = 'T1159'),
models.Technique_DB(IDTech = '124',URL_Mitre = 'https://attack.mitre.org/techniques/T1160',Name = 'Launch Daemon', IDMitre = 'T1160'),
models.Technique_DB(IDTech = '125',URL_Mitre = 'https://attack.mitre.org/techniques/T1152',Name = 'Launchctl', IDMitre = 'T1152'),
models.Technique_DB(IDTech = '126',URL_Mitre = 'https://attack.mitre.org/techniques/T1168',Name = 'Local Job Scheduling', IDMitre = 'T1168'),
models.Technique_DB(IDTech = '127',URL_Mitre = 'https://attack.mitre.org/techniques/T1162',Name = 'Login Item', IDMitre = 'T1162'),
models.Technique_DB(IDTech = '128',URL_Mitre = 'https://attack.mitre.org/techniques/T1037',Name = 'Logon Scripts', IDMitre = 'T1037'),
models.Technique_DB(IDTech = '129',URL_Mitre = 'https://attack.mitre.org/techniques/T1185',Name = 'Man in the Browser', IDMitre = 'T1185'),
models.Technique_DB(IDTech = '130',URL_Mitre = 'https://attack.mitre.org/techniques/T1036',Name = 'Masquerading', IDMitre = 'T1036'),
models.Technique_DB(IDTech = '131',URL_Mitre = 'https://attack.mitre.org/techniques/T1031',Name = 'Modify Existing Service', IDMitre = 'T1031'),
models.Technique_DB(IDTech = '132',URL_Mitre = 'https://attack.mitre.org/techniques/T1112',Name = 'Modify Registry', IDMitre = 'T1112'),
models.Technique_DB(IDTech = '133',URL_Mitre = 'https://attack.mitre.org/techniques/T1170',Name = 'Mshta', IDMitre = 'T1170'),
models.Technique_DB(IDTech = '134',URL_Mitre = 'https://attack.mitre.org/techniques/T1104',Name = 'Multi-Stage Channels', IDMitre = 'T1104'),
models.Technique_DB(IDTech = '135',URL_Mitre = 'https://attack.mitre.org/techniques/T1188',Name = 'Multi-hop Proxy', IDMitre = 'T1188'),
models.Technique_DB(IDTech = '136',URL_Mitre = 'https://attack.mitre.org/techniques/T1026',Name = 'Multiband Communication', IDMitre = 'T1026'),
models.Technique_DB(IDTech = '137',URL_Mitre = 'https://attack.mitre.org/techniques/T1079',Name = 'Multilayer Encryption', IDMitre = 'T1079'),
models.Technique_DB(IDTech = '138',URL_Mitre = 'https://attack.mitre.org/techniques/T1096',Name = 'NTFS File Attributes', IDMitre = 'T1096'),
models.Technique_DB(IDTech = '139',URL_Mitre = 'https://attack.mitre.org/techniques/T1128',Name = 'Netsh Helper DLL', IDMitre = 'T1128'),
models.Technique_DB(IDTech = '140',URL_Mitre = 'https://attack.mitre.org/techniques/T1498',Name = 'Network Denial of Service', IDMitre = 'T1498'),
models.Technique_DB(IDTech = '141',URL_Mitre = 'https://attack.mitre.org/techniques/T1046',Name = 'Network Service Scanning', IDMitre = 'T1046'),
models.Technique_DB(IDTech = '142',URL_Mitre = 'https://attack.mitre.org/techniques/T1126',Name = 'Network Share Connection Removal', IDMitre = 'T1126'),
models.Technique_DB(IDTech = '143',URL_Mitre = 'https://attack.mitre.org/techniques/T1135',Name = 'Network Share Discovery', IDMitre = 'T1135'),
models.Technique_DB(IDTech = '144',URL_Mitre = 'https://attack.mitre.org/techniques/T1040',Name = 'Network Sniffing', IDMitre = 'T1040'),
models.Technique_DB(IDTech = '145',URL_Mitre = 'https://attack.mitre.org/techniques/T1050',Name = 'New Service', IDMitre = 'T1050'),
models.Technique_DB(IDTech = '146',URL_Mitre = 'https://attack.mitre.org/techniques/T1027',Name = 'Obfuscated Files or Information', IDMitre = 'T1027'),
models.Technique_DB(IDTech = '147',URL_Mitre = 'https://attack.mitre.org/techniques/T1137',Name = 'Office Application Startup', IDMitre = 'T1137'),
models.Technique_DB(IDTech = '148',URL_Mitre = 'https://attack.mitre.org/techniques/T1075',Name = 'Pass the Hash', IDMitre = 'T1075'),
models.Technique_DB(IDTech = '149',URL_Mitre = 'https://attack.mitre.org/techniques/T1097',Name = 'Pass the Ticket', IDMitre = 'T1097'),
models.Technique_DB(IDTech = '150',URL_Mitre = 'https://attack.mitre.org/techniques/T1174',Name = 'Password Filter DLL', IDMitre = 'T1174'),
models.Technique_DB(IDTech = '151',URL_Mitre = 'https://attack.mitre.org/techniques/T1201',Name = 'Password Policy Discovery', IDMitre = 'T1201'),
models.Technique_DB(IDTech = '152',URL_Mitre = 'https://attack.mitre.org/techniques/T1034',Name = 'Path Interception', IDMitre = 'T1034'),
models.Technique_DB(IDTech = '153',URL_Mitre = 'https://attack.mitre.org/techniques/T1120',Name = 'Peripheral Device Discovery', IDMitre = 'T1120'),
models.Technique_DB(IDTech = '154',URL_Mitre = 'https://attack.mitre.org/techniques/T1069',Name = 'Permission Groups Discovery', IDMitre = 'T1069'),
models.Technique_DB(IDTech = '155',URL_Mitre = 'https://attack.mitre.org/techniques/T1150',Name = 'Plist Modification', IDMitre = 'T1150'),
models.Technique_DB(IDTech = '156',URL_Mitre = 'https://attack.mitre.org/techniques/T1205',Name = 'Port Knocking', IDMitre = 'T1205'),
models.Technique_DB(IDTech = '157',URL_Mitre = 'https://attack.mitre.org/techniques/T1013',Name = 'Port Monitors', IDMitre = 'T1013'),
models.Technique_DB(IDTech = '158',URL_Mitre = 'https://attack.mitre.org/techniques/T1086',Name = 'PowerShell', IDMitre = 'T1086'),
models.Technique_DB(IDTech = '159',URL_Mitre = 'https://attack.mitre.org/techniques/T1145',Name = 'Private Keys', IDMitre = 'T1145'),
models.Technique_DB(IDTech = '160',URL_Mitre = 'https://attack.mitre.org/techniques/T1057',Name = 'Process Discovery', IDMitre = 'T1057'),
models.Technique_DB(IDTech = '161',URL_Mitre = 'https://attack.mitre.org/techniques/T1186',Name = 'Process Doppelgänging', IDMitre = 'T1186'),
models.Technique_DB(IDTech = '162',URL_Mitre = 'https://attack.mitre.org/techniques/T1093',Name = 'Process Hollowing', IDMitre = 'T1093'),
models.Technique_DB(IDTech = '163',URL_Mitre = 'https://attack.mitre.org/techniques/T1055',Name = 'Process Injection', IDMitre = 'T1055'),
models.Technique_DB(IDTech = '164',URL_Mitre = 'https://attack.mitre.org/techniques/T1012',Name = 'Query Registry', IDMitre = 'T1012'),
models.Technique_DB(IDTech = '165',URL_Mitre = 'https://attack.mitre.org/techniques/T1163',Name = 'Rc.common', IDMitre = 'T1163'),
models.Technique_DB(IDTech = '166',URL_Mitre = 'https://attack.mitre.org/techniques/T1164',Name = 'Re-opened Applications', IDMitre = 'T1164'),
models.Technique_DB(IDTech = '167',URL_Mitre = 'https://attack.mitre.org/techniques/T1108',Name = 'Redundant Access', IDMitre = 'T1108'),
models.Technique_DB(IDTech = '168',URL_Mitre = 'https://attack.mitre.org/techniques/T1060',Name = 'Registry Run Keys / Startup Folder', IDMitre = 'T1060'),
models.Technique_DB(IDTech = '169',URL_Mitre = 'https://attack.mitre.org/techniques/T1121',Name = 'Regsvcs/Regasm', IDMitre = 'T1121'),
models.Technique_DB(IDTech = '170',URL_Mitre = 'https://attack.mitre.org/techniques/T1117',Name = 'Regsvr32', IDMitre = 'T1117'),
models.Technique_DB(IDTech = '171',URL_Mitre = 'https://attack.mitre.org/techniques/T1219',Name = 'Remote Access Tools', IDMitre = 'T1219'),
models.Technique_DB(IDTech = '172',URL_Mitre = 'https://attack.mitre.org/techniques/T1076',Name = 'Remote Desktop Protocol', IDMitre = 'T1076'),
models.Technique_DB(IDTech = '173',URL_Mitre = 'https://attack.mitre.org/techniques/T1105',Name = 'Remote File Copy', IDMitre = 'T1105'),
models.Technique_DB(IDTech = '174',URL_Mitre = 'https://attack.mitre.org/techniques/T1021',Name = 'Remote Services', IDMitre = 'T1021'),
models.Technique_DB(IDTech = '175',URL_Mitre = 'https://attack.mitre.org/techniques/T1018',Name = 'Remote System Discovery', IDMitre = 'T1018'),
models.Technique_DB(IDTech = '176',URL_Mitre = 'https://attack.mitre.org/techniques/T1091',Name = 'Replication Through Removable Media', IDMitre = 'T1091'),
models.Technique_DB(IDTech = '177',URL_Mitre = 'https://attack.mitre.org/techniques/T1496',Name = 'Resource Hijacking', IDMitre = 'T1496'),
models.Technique_DB(IDTech = '178',URL_Mitre = 'https://attack.mitre.org/techniques/T1014',Name = 'Rootkit', IDMitre = 'T1014'),
models.Technique_DB(IDTech = '179',URL_Mitre = 'https://attack.mitre.org/techniques/T1085',Name = 'Rundll32', IDMitre = 'T1085'),
models.Technique_DB(IDTech = '180',URL_Mitre = 'https://attack.mitre.org/techniques/T1494',Name = 'Runtime Data Manipulation', IDMitre = 'T1494'),
models.Technique_DB(IDTech = '181',URL_Mitre = 'https://attack.mitre.org/techniques/T1178',Name = 'SID-History Injection', IDMitre = 'T1178'),
models.Technique_DB(IDTech = '182',URL_Mitre = 'https://attack.mitre.org/techniques/T1198',Name = 'SIP and Trust Provider Hijacking', IDMitre = 'T1198'),
models.Technique_DB(IDTech = '183',URL_Mitre = 'https://attack.mitre.org/techniques/T1184',Name = 'SSH Hijacking', IDMitre = 'T1184'),
models.Technique_DB(IDTech = '184',URL_Mitre = 'https://attack.mitre.org/techniques/T1053',Name = 'Scheduled Task', IDMitre = 'T1053'),
models.Technique_DB(IDTech = '185',URL_Mitre = 'https://attack.mitre.org/techniques/T1029',Name = 'Scheduled Transfer', IDMitre = 'T1029'),
models.Technique_DB(IDTech = '186',URL_Mitre = 'https://attack.mitre.org/techniques/T1113',Name = 'Screen Capture', IDMitre = 'T1113'),
models.Technique_DB(IDTech = '187',URL_Mitre = 'https://attack.mitre.org/techniques/T1180',Name = 'Screensaver', IDMitre = 'T1180'),
models.Technique_DB(IDTech = '188',URL_Mitre = 'https://attack.mitre.org/techniques/T1064',Name = 'Scripting', IDMitre = 'T1064'),
models.Technique_DB(IDTech = '189',URL_Mitre = 'https://attack.mitre.org/techniques/T1063',Name = 'Security Software Discovery', IDMitre = 'T1063'),
models.Technique_DB(IDTech = '190',URL_Mitre = 'https://attack.mitre.org/techniques/T1101',Name = 'Security Support Provider', IDMitre = 'T1101'),
models.Technique_DB(IDTech = '191',URL_Mitre = 'https://attack.mitre.org/techniques/T1167',Name = 'Securityd Memory', IDMitre = 'T1167'),
models.Technique_DB(IDTech = '192',URL_Mitre = 'https://attack.mitre.org/techniques/T1035',Name = 'Service Execution', IDMitre = 'T1035'),
models.Technique_DB(IDTech = '193',URL_Mitre = 'https://attack.mitre.org/techniques/T1058',Name = 'Service Registry Permissions Weakness', IDMitre = 'T1058'),
models.Technique_DB(IDTech = '194',URL_Mitre = 'https://attack.mitre.org/techniques/T1489',Name = 'Service Stop', IDMitre = 'T1489'),
models.Technique_DB(IDTech = '195',URL_Mitre = 'https://attack.mitre.org/techniques/T1166',Name = 'Setuid and Setgid', IDMitre = 'T1166'),
models.Technique_DB(IDTech = '196',URL_Mitre = 'https://attack.mitre.org/techniques/T1051',Name = 'Shared Webroot', IDMitre = 'T1051'),
models.Technique_DB(IDTech = '197',URL_Mitre = 'https://attack.mitre.org/techniques/T1023',Name = 'Shortcut Modification', IDMitre = 'T1023'),
models.Technique_DB(IDTech = '198',URL_Mitre = 'https://attack.mitre.org/techniques/T1218',Name = 'Signed Binary Proxy Execution', IDMitre = 'T1218'),
models.Technique_DB(IDTech = '199',URL_Mitre = 'https://attack.mitre.org/techniques/T1216',Name = 'Signed Script Proxy Execution', IDMitre = 'T1216'),
models.Technique_DB(IDTech = '200',URL_Mitre = 'https://attack.mitre.org/techniques/T1045',Name = 'Software Packing', IDMitre = 'T1045'),
models.Technique_DB(IDTech = '201',URL_Mitre = 'https://attack.mitre.org/techniques/T1153',Name = 'Source', IDMitre = 'T1153'),
models.Technique_DB(IDTech = '202',URL_Mitre = 'https://attack.mitre.org/techniques/T1151',Name = 'Space after Filename', IDMitre = 'T1151'),
models.Technique_DB(IDTech = '203',URL_Mitre = 'https://attack.mitre.org/techniques/T1193',Name = 'Spearphishing Attachment', IDMitre = 'T1193'),
models.Technique_DB(IDTech = '204',URL_Mitre = 'https://attack.mitre.org/techniques/T1192',Name = 'Spearphishing Link', IDMitre = 'T1192'),
models.Technique_DB(IDTech = '205',URL_Mitre = 'https://attack.mitre.org/techniques/T1194',Name = 'Spearphishing via Service', IDMitre = 'T1194'),
models.Technique_DB(IDTech = '206',URL_Mitre = 'https://attack.mitre.org/techniques/T1071',Name = 'Standard Application Layer Protocol', IDMitre = 'T1071'),
models.Technique_DB(IDTech = '207',URL_Mitre = 'https://attack.mitre.org/techniques/T1032',Name = 'Standard Cryptographic Protocol', IDMitre = 'T1032'),
models.Technique_DB(IDTech = '208',URL_Mitre = 'https://attack.mitre.org/techniques/T1095',Name = 'Standard Non-Application Layer Protocol', IDMitre = 'T1095'),
models.Technique_DB(IDTech = '209',URL_Mitre = 'https://attack.mitre.org/techniques/T1165',Name = 'Startup Items', IDMitre = 'T1165'),
models.Technique_DB(IDTech = '210',URL_Mitre = 'https://attack.mitre.org/techniques/T1492',Name = 'Stored Data Manipulation', IDMitre = 'T1492'),
models.Technique_DB(IDTech = '211',URL_Mitre = 'https://attack.mitre.org/techniques/T1169',Name = 'Sudo', IDMitre = 'T1169'),
models.Technique_DB(IDTech = '212',URL_Mitre = 'https://attack.mitre.org/techniques/T1206',Name = 'Sudo Caching', IDMitre = 'T1206'),
models.Technique_DB(IDTech = '213',URL_Mitre = 'https://attack.mitre.org/techniques/T1195',Name = 'Supply Chain Compromise', IDMitre = 'T1195'),
models.Technique_DB(IDTech = '214',URL_Mitre = 'https://attack.mitre.org/techniques/T1019',Name = 'System Firmware', IDMitre = 'T1019'),
models.Technique_DB(IDTech = '215',URL_Mitre = 'https://attack.mitre.org/techniques/T1082',Name = 'System Information Discovery', IDMitre = 'T1082'),
models.Technique_DB(IDTech = '216',URL_Mitre = 'https://attack.mitre.org/techniques/T1016',Name = 'System Network Configuration Discovery', IDMitre = 'T1016'),
models.Technique_DB(IDTech = '217',URL_Mitre = 'https://attack.mitre.org/techniques/T1049',Name = 'System Network Connections Discovery', IDMitre = 'T1049'),
models.Technique_DB(IDTech = '218',URL_Mitre = 'https://attack.mitre.org/techniques/T1033',Name = 'System Owner/User Discovery', IDMitre = 'T1033'),
models.Technique_DB(IDTech = '219',URL_Mitre = 'https://attack.mitre.org/techniques/T1007',Name = 'System Service Discovery', IDMitre = 'T1007'),
models.Technique_DB(IDTech = '220',URL_Mitre = 'https://attack.mitre.org/techniques/T1124',Name = 'System Time Discovery', IDMitre = 'T1124'),
models.Technique_DB(IDTech = '221',URL_Mitre = 'https://attack.mitre.org/techniques/T1501',Name = 'Systemd Service', IDMitre = 'T1501'),
models.Technique_DB(IDTech = '222',URL_Mitre = 'https://attack.mitre.org/techniques/T1080',Name = 'Taint Shared Content', IDMitre = 'T1080'),
models.Technique_DB(IDTech = '223',URL_Mitre = 'https://attack.mitre.org/techniques/T1221',Name = 'Template Injection', IDMitre = 'T1221'),
models.Technique_DB(IDTech = '224',URL_Mitre = 'https://attack.mitre.org/techniques/T1072',Name = 'Third-party Software', IDMitre = 'T1072'),
models.Technique_DB(IDTech = '225',URL_Mitre = 'https://attack.mitre.org/techniques/T1209',Name = 'Time Providers', IDMitre = 'T1209'),
models.Technique_DB(IDTech = '226',URL_Mitre = 'https://attack.mitre.org/techniques/T1099',Name = 'Timestomp', IDMitre = 'T1099'),
models.Technique_DB(IDTech = '227',URL_Mitre = 'https://attack.mitre.org/techniques/T1493',Name = 'Transmitted Data Manipulation', IDMitre = 'T1493'),
models.Technique_DB(IDTech = '228',URL_Mitre = 'https://attack.mitre.org/techniques/T1154',Name = 'Trap', IDMitre = 'T1154'),
models.Technique_DB(IDTech = '229',URL_Mitre = 'https://attack.mitre.org/techniques/T1127',Name = 'Trusted Developer Utilities', IDMitre = 'T1127'),
models.Technique_DB(IDTech = '230',URL_Mitre = 'https://attack.mitre.org/techniques/T1199',Name = 'Trusted Relationship', IDMitre = 'T1199'),
models.Technique_DB(IDTech = '231',URL_Mitre = 'https://attack.mitre.org/techniques/T1111',Name = 'Two-Factor Authentication Interception', IDMitre = 'T1111'),
models.Technique_DB(IDTech = '232',URL_Mitre = 'https://attack.mitre.org/techniques/T1065',Name = 'Uncommonly Used Port', IDMitre = 'T1065'),
models.Technique_DB(IDTech = '233',URL_Mitre = 'https://attack.mitre.org/techniques/T1204',Name = 'User Execution', IDMitre = 'T1204'),
models.Technique_DB(IDTech = '234',URL_Mitre = 'https://attack.mitre.org/techniques/T1078',Name = 'Valid Accounts', IDMitre = 'T1078'),
models.Technique_DB(IDTech = '235',URL_Mitre = 'https://attack.mitre.org/techniques/T1125',Name = 'Video Capture', IDMitre = 'T1125'),
models.Technique_DB(IDTech = '236',URL_Mitre = 'https://attack.mitre.org/techniques/T1497',Name = 'Virtualization/Sandbox Evasion', IDMitre = 'T1497'),
models.Technique_DB(IDTech = '237',URL_Mitre = 'https://attack.mitre.org/techniques/T1102',Name = 'Web Service', IDMitre = 'T1102'),
models.Technique_DB(IDTech = '238',URL_Mitre = 'https://attack.mitre.org/techniques/T1100',Name = 'Web Shell', IDMitre = 'T1100'),
models.Technique_DB(IDTech = '239',URL_Mitre = 'https://attack.mitre.org/techniques/T1077',Name = 'Windows Admin Shares', IDMitre = 'T1077'),
models.Technique_DB(IDTech = '240',URL_Mitre = 'https://attack.mitre.org/techniques/T1047',Name = 'Windows Management Instrumentation', IDMitre = 'T1047'),
models.Technique_DB(IDTech = '241',URL_Mitre = 'https://attack.mitre.org/techniques/T1084',Name = 'Windows Management Instrumentation Event Subscription', IDMitre = 'T1084'),
models.Technique_DB(IDTech = '242',URL_Mitre = 'https://attack.mitre.org/techniques/T1028',Name = 'Windows Remote Management', IDMitre = 'T1028'),
models.Technique_DB(IDTech = '243',URL_Mitre = 'https://attack.mitre.org/techniques/T1004',Name = 'Winlogon Helper DLL', IDMitre = 'T1004'),
models.Technique_DB(IDTech = '244',URL_Mitre = 'https://attack.mitre.org/techniques/T1220',Name = 'XSL Script Processing', IDMitre = 'T1220'),
models.Technique_DB(IDTech = '245',URL_Mitre = 'https://attack.mitre.org/techniques/T1531/',Name = 'Account Access Removal ', IDMitre = 'T1531')
]
s.bulk_save_objects(objects)
s.commit()
def insert_tactic():
objects = [
models.Tactic_DB(IDTactic = '1', URL_Mitre = 'https://attack.mitre.org/tactics/TA0001/', Name = 'Initial Access', Description = 'The adversary is trying to get into your network.',IDMitre = 'TA0001'),
models.Tactic_DB(IDTactic = '2', URL_Mitre = 'https://attack.mitre.org/tactics/TA0002/', Name = 'Execution', Description = 'The adversary is trying to run malicious code.',IDMitre = 'TA0002'),
models.Tactic_DB(IDTactic = '3', URL_Mitre = 'https://attack.mitre.org/tactics/TA0003/', Name = 'Persistence', Description = 'The adversary is trying to maintain their foothold.',IDMitre = 'TA0003'),
models.Tactic_DB(IDTactic = '4', URL_Mitre = 'https://attack.mitre.org/tactics/TA0004/', Name = 'Privilege Escalation', Description = 'The adversary is trying to gain higher-level permissions.',IDMitre = 'TA0004'),
models.Tactic_DB(IDTactic = '5', URL_Mitre = 'https://attack.mitre.org/tactics/TA0005/', Name = 'Defense Evasion', Description = 'The adversary is trying to avoid being detected.',IDMitre = 'TA0005'),
models.Tactic_DB(IDTactic = '6', URL_Mitre = 'https://attack.mitre.org/tactics/TA0006/', Name = 'Credential Access', Description = 'The adversary is trying to steal account names and passwords.',IDMitre = 'TA0006'),
models.Tactic_DB(IDTactic = '7', URL_Mitre = 'https://attack.mitre.org/tactics/TA0007/', Name = 'Discovery', Description = 'The adversary is trying to figure out your environment.',IDMitre = 'TA0007'),
models.Tactic_DB(IDTactic = '8', URL_Mitre = 'https://attack.mitre.org/tactics/TA0008/', Name = 'Lateral Movement', Description = 'The adversary is trying to move through your environment.',IDMitre = 'TA0008'),
models.Tactic_DB(IDTactic = '9', URL_Mitre = 'https://attack.mitre.org/tactics/TA0009/', Name = 'Collection', Description = 'The adversary is trying to gather data of interest to their goal.',IDMitre = 'TA0009'),
models.Tactic_DB(IDTactic = '10', URL_Mitre = 'https://attack.mitre.org/tactics/TA0010/', Name = 'Exfiltration', Description = 'The adversary is trying to steal data.',IDMitre = 'TA0010'),
models.Tactic_DB(IDTactic = '11', URL_Mitre = 'https://attack.mitre.org/tactics/TA0011/', Name = 'Command and Control', Description = 'The adversary is trying to communicate with compromised systems to control them.',IDMitre = 'TA0011'),
models.Tactic_DB(IDTactic = '12', URL_Mitre = 'https://attack.mitre.org/tactics/TA0040/', Name = 'Impact', Description = 'The adversary is trying to manipulate, interrupt, or destroy your systems and data.',IDMitre = 'TA0040')
]
s.bulk_save_objects(objects)
s.commit()
def insert_inteligence():
objects = [
models.Inteligence_DB(IDIntel = '1', IDTactic= 'TA0011', IDTech = 'T1001', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '2', IDTactic= 'TA0010', IDTech = 'T1002', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '3', IDTactic= 'TA0006', IDTech = 'T1003', Function = 'invoke-powerdump', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '4', IDTactic= 'TA0003', IDTech = 'T1004', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '5', IDTactic= 'TA0009', IDTech = 'T1005', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '6', IDTactic= 'TA0005', IDTech = 'T1006', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '7', IDTactic= 'TA0007', IDTech = 'T1007', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '8', IDTactic= 'TA0011', IDTech = 'T1008', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '9', IDTactic= 'TA0005', IDTech = 'T1009', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '10', IDTactic= 'TA0007', IDTech = 'T1010', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '11', IDTactic= 'TA0010', IDTech = 'T1011', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '12', IDTactic= 'TA0007', IDTech = 'T1012', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '13', IDTactic= 'TA0003', IDTech = 'T1013', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '14', IDTactic= 'TA0004', IDTech = 'T1013', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '15', IDTactic= 'TA0005', IDTech = 'T1014', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '16', IDTactic= 'TA0003', IDTech = 'T1015', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '17', IDTactic= 'TA0004', IDTech = 'T1015', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '18', IDTactic= 'TA0007', IDTech = 'T1016', Function = 'invoke-checkports', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '19', IDTactic= 'TA0008', IDTech = 'T1017', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '20', IDTactic= 'TA0007', IDTech = 'T1018', Function = 'invoke-remote_system_discovery', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '21', IDTactic= 'TA0003', IDTech = 'T1019', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '22', IDTactic= 'TA0010', IDTech = 'T1020', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '23', IDTactic= 'TA0008', IDTech = 'T1021', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '24', IDTactic= 'TA0010', IDTech = 'T1022', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '25', IDTactic= 'TA0003', IDTech = 'T1023', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '26', IDTactic= 'TA0011', IDTech = 'T1024', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '27', IDTactic= 'TA0009', IDTech = 'T1025', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '28', IDTactic= 'TA0011', IDTech = 'T1026', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '29', IDTactic= 'TA0005', IDTech = 'T1027', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '30', IDTactic= 'TA0002', IDTech = 'T1028', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '31', IDTactic= 'TA0008', IDTech = 'T1028', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '32', IDTactic= 'TA0010', IDTech = 'T1029', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '33', IDTactic= 'TA0010', IDTech = 'T1030', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '34', IDTactic= 'TA0003', IDTech = 'T1031', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '35', IDTactic= 'TA0011', IDTech = 'T1032', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '36', IDTactic= 'TA0007', IDTech = 'T1033', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '37', IDTactic= 'TA0003', IDTech = 'T1034', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '38', IDTactic= 'TA0004', IDTech = 'T1034', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '39', IDTactic= 'TA0002', IDTech = 'T1035', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '40', IDTactic= 'TA0005', IDTech = 'T1036', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '41', IDTactic= 'TA0008', IDTech = 'T1037', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '42', IDTactic= 'TA0003', IDTech = 'T1037', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '43', IDTactic= 'TA0003', IDTech = 'T1038', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '44', IDTactic= 'TA0004', IDTech = 'T1038', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '45', IDTactic= 'TA0005', IDTech = 'T1038', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '46', IDTactic= 'TA0009', IDTech = 'T1039', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '47', IDTactic= 'TA0006', IDTech = 'T1040', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '48', IDTactic= 'TA0007', IDTech = 'T1040', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '49', IDTactic= 'TA0010', IDTech = 'T1041', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '50', IDTactic= 'TA0003', IDTech = 'T1042', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '51', IDTactic= 'TA0011', IDTech = 'T1043', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '52', IDTactic= 'TA0003', IDTech = 'T1044', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '53', IDTactic= 'TA0004', IDTech = 'T1044', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '54', IDTactic= 'TA0005', IDTech = 'T1045', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '55', IDTactic= 'TA0007', IDTech = 'T1046', Function = 'invoke-portscan', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '56', IDTactic= 'TA0002', IDTech = 'T1047', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '57', IDTactic= 'TA0010', IDTech = 'T1048', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '58', IDTactic= 'TA0007', IDTech = 'T1049', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '59', IDTactic= 'TA0003', IDTech = 'T1050', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '60', IDTactic= 'TA0004', IDTech = 'T1050', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '61', IDTactic= 'TA0008', IDTech = 'T1051', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '62', IDTactic= 'TA0010', IDTech = 'T1052', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '63', IDTactic= 'TA0002', IDTech = 'T1053', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '64', IDTactic= 'TA0003', IDTech = 'T1053', Function = 'invoke-scheduleTask', Terminated = 'True'),
models.Inteligence_DB(IDIntel = '65', IDTactic= 'TA0004', IDTech = 'T1053', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '66', IDTactic= 'TA0005', IDTech = 'T1054', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '67', IDTactic= 'TA0005', IDTech = 'T1055', Function = 'invoke-dllinjectionattpwn', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '68', IDTactic= 'TA0004', IDTech = 'T1055', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '69', IDTactic= 'TA0009', IDTech = 'T1056', Function = "invoke-inputkeyboard", Terminated = 'False'),
models.Inteligence_DB(IDIntel = '70', IDTactic= 'TA0006', IDTech = 'T1056', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '71', IDTactic= 'TA0007', IDTech = 'T1057', Function = 'invoke-getProcess', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '72', IDTactic= 'TA0003', IDTech = 'T1058', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '73', IDTactic= 'TA0004', IDTech = 'T1058', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '74', IDTactic= 'TA0002', IDTech = 'T1059', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '75', IDTactic= 'TA0003', IDTech = 'T1060', Function = 'invoke-registryrun', Terminated = 'True'),
models.Inteligence_DB(IDIntel = '76', IDTactic= 'TA0002', IDTech = 'T1061', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '77', IDTactic= 'TA0003', IDTech = 'T1062', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '78', IDTactic= 'TA0007', IDTech = 'T1063', Function = 'invoke-AV_Services', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '79', IDTactic= 'TA0005', IDTech = 'T1064', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '80', IDTactic= 'TA0002', IDTech = 'T1064', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '81', IDTactic= 'TA0011', IDTech = 'T1065', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '82', IDTactic= 'TA0005', IDTech = 'T1066', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '83', IDTactic= 'TA0003', IDTech = 'T1067', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '84', IDTactic= 'TA0004', IDTech = 'T1068', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '85', IDTactic= 'TA0007', IDTech = 'T1069', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '86', IDTactic= 'TA0005', IDTech = 'T1070', Function = 'invoke-clearLogs', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '87', IDTactic= 'TA0011', IDTech = 'T1071', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '88', IDTactic= 'TA0002', IDTech = 'T1072', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '89', IDTactic= 'TA0008', IDTech = 'T1072', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '90', IDTactic= 'TA0005', IDTech = 'T1073', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '91', IDTactic= 'TA0009', IDTech = 'T1074', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '92', IDTactic= 'TA0008', IDTech = 'T1075', Function = 'invoke-smbexec', Terminated = 'True'),
models.Inteligence_DB(IDIntel = '93', IDTactic= 'TA0008', IDTech = 'T1076', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '94', IDTactic= 'TA0008', IDTech = 'T1077', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '95', IDTactic= 'TA0005', IDTech = 'T1078', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '96', IDTactic= 'TA0003', IDTech = 'T1078', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '97', IDTactic= 'TA0004', IDTech = 'T1078', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '98', IDTactic= 'TA0001', IDTech = 'T1078', Function = 'invoke-getcredentials', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '99', IDTactic= 'TA0011', IDTech = 'T1079', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '100',IDTactic= 'TA0008', IDTech = 'T1080', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '101',IDTactic= 'TA0006', IDTech = 'T1081', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '102',IDTactic= 'TA0007', IDTech = 'T1082', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '103',IDTactic= 'TA0007', IDTech = 'T1083', Function = 'invoke-getDirInfo', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '104',IDTactic= 'TA0003', IDTech = 'T1084', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '105',IDTactic= 'TA0005', IDTech = 'T1085', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '106',IDTactic= 'TA0002', IDTech = 'T1085', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '107',IDTactic= 'TA0002', IDTech = 'T1086', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '108',IDTactic= 'TA0007', IDTech = 'T1087', Function = 'invoke-getUsers', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '109',IDTactic= 'TA0005', IDTech = 'T1088', Function = 'invoke-eventvwr', Terminated = 'True'),
models.Inteligence_DB(IDIntel = '110',IDTactic= 'TA0004', IDTech = 'T1088', Function = 'invoke-eventvwr', Terminated = 'True'),
models.Inteligence_DB(IDIntel = '111',IDTactic= 'TA0005', IDTech = 'T1089', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '112',IDTactic= 'TA0011', IDTech = 'T1090', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '113',IDTactic= 'TA0008', IDTech = 'T1091', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '114',IDTactic= 'TA0001', IDTech = 'T1091', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '115',IDTactic= 'TA0011', IDTech = 'T1092', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '116',IDTactic= 'TA0005', IDTech = 'T1093', Function = 'invoke-processHollowingFuzzySec', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '117',IDTactic= 'TA0011', IDTech = 'T1094', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '118',IDTactic= 'TA0011', IDTech = 'T1095', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '119',IDTactic= 'TA0005', IDTech = 'T1096', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '120',IDTactic= 'TA0008', IDTech = 'T1097', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '121',IDTactic= 'TA0006', IDTech = 'T1098', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '122',IDTactic= 'TA0003', IDTech = 'T1098', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '123',IDTactic= 'TA0005', IDTech = 'T1099', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '124',IDTactic= 'TA0003', IDTech = 'T1100', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '125',IDTactic= 'TA0004', IDTech = 'T1100', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '126',IDTactic= 'TA0003', IDTech = 'T1101', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '127',IDTactic= 'TA0011', IDTech = 'T1102', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '128',IDTactic= 'TA0005', IDTech = 'T1102', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '129',IDTactic= 'TA0003', IDTech = 'T1103', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '130',IDTactic= 'TA0004', IDTech = 'T1103', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '131',IDTactic= 'TA0011', IDTech = 'T1104', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '132',IDTactic= 'TA0011', IDTech = 'T1105', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '133',IDTactic= 'TA0008', IDTech = 'T1105', Function = 'invoke-copy_svchost', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '134',IDTactic= 'TA0002', IDTech = 'T1106', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '135',IDTactic= 'TA0005', IDTech = 'T1107', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '136',IDTactic= 'TA0005', IDTech = 'T1108', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '137',IDTactic= 'TA0003', IDTech = 'T1108', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '138',IDTactic= 'TA0005', IDTech = 'T1109', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '139',IDTactic= 'TA0003', IDTech = 'T1109', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '140',IDTactic= 'TA0006', IDTech = 'T1110', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '141',IDTactic= 'TA0006', IDTech = 'T1111', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '142',IDTactic= 'TA0005', IDTech = 'T1112', Function = 'invoke-registryrunClean', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '143',IDTactic= 'TA0009', IDTech = 'T1113', Function = "invoke-screenshot", Terminated = 'False'),
models.Inteligence_DB(IDIntel = '144',IDTactic= 'TA0009', IDTech = 'T1114', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '145',IDTactic= 'TA0009', IDTech = 'T1115', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '146',IDTactic= 'TA0005', IDTech = 'T1116', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '147',IDTactic= 'TA0005', IDTech = 'T1117', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '148',IDTactic= 'TA0002', IDTech = 'T1117', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '149',IDTactic= 'TA0005', IDTech = 'T1118', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '150',IDTactic= 'TA0002', IDTech = 'T1118', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '151',IDTactic= 'TA0009', IDTech = 'T1119', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '152',IDTactic= 'TA0007', IDTech = 'T1120', Function = 'invoke-peripherals', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '153',IDTactic= 'TA0005', IDTech = 'T1121', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '154',IDTactic= 'TA0002', IDTech = 'T1121', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '155',IDTactic= 'TA0005', IDTech = 'T1122', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '156',IDTactic= 'TA0003', IDTech = 'T1122', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '157',IDTactic= 'TA0009', IDTech = 'T1123', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '158',IDTactic= 'TA0007', IDTech = 'T1124', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '159',IDTactic= 'TA0009', IDTech = 'T1125', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '160',IDTactic= 'TA0005', IDTech = 'T1126', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '161',IDTactic= 'TA0005', IDTech = 'T1127', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '162',IDTactic= 'TA0002', IDTech = 'T1127', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '163',IDTactic= 'TA0003', IDTech = 'T1128', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '164',IDTactic= 'TA0002', IDTech = 'T1129', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '165',IDTactic= 'TA0005', IDTech = 'T1130', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '166',IDTactic= 'TA0003', IDTech = 'T1131', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '167',IDTactic= 'TA0011', IDTech = 'T1132', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '168',IDTactic= 'TA0003', IDTech = 'T1133', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '169',IDTactic= 'TA0001', IDTech = 'T1133', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '170',IDTactic= 'TA0005', IDTech = 'T1134', Function = "invoke-ATMattpwn", Terminated = 'False'),
models.Inteligence_DB(IDIntel = '171',IDTactic= 'TA0004', IDTech = 'T1134', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '172',IDTactic= 'TA0007', IDTech = 'T1135', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '173',IDTactic= 'TA0003', IDTech = 'T1136', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '174',IDTactic= 'TA0003', IDTech = 'T1137', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '175',IDTactic= 'TA0003', IDTech = 'T1138', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '176',IDTactic= 'TA0004', IDTech = 'T1138', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '177',IDTactic= 'TA0006', IDTech = 'T1139', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '178',IDTactic= 'TA0005', IDTech = 'T1140', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '179',IDTactic= 'TA0006', IDTech = 'T1141', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '180',IDTactic= 'TA0006', IDTech = 'T1142', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '181',IDTactic= 'TA0005', IDTech = 'T1143', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '182',IDTactic= 'TA0005', IDTech = 'T1144', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '183',IDTactic= 'TA0006', IDTech = 'T1145', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '184',IDTactic= 'TA0005', IDTech = 'T1146', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '185',IDTactic= 'TA0005', IDTech = 'T1147', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '186',IDTactic= 'TA0005', IDTech = 'T1148', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '187',IDTactic= 'TA0005', IDTech = 'T1149', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '188',IDTactic= 'TA0005', IDTech = 'T1150', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '189',IDTactic= 'TA0003', IDTech = 'T1150', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '190',IDTactic= 'TA0004', IDTech = 'T1150', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '191',IDTactic= 'TA0005', IDTech = 'T1151', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '192',IDTactic= 'TA0002', IDTech = 'T1151', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '193',IDTactic= 'TA0005', IDTech = 'T1152', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '194',IDTactic= 'TA0002', IDTech = 'T1152', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '195',IDTactic= 'TA0003', IDTech = 'T1152', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '196',IDTactic= 'TA0002', IDTech = 'T1153', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '197',IDTactic= 'TA0002', IDTech = 'T1154', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '198',IDTactic= 'TA0003', IDTech = 'T1154', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '199',IDTactic= 'TA0002', IDTech = 'T1155', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '200',IDTactic= 'TA0008', IDTech = 'T1155', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '201',IDTactic= 'TA0003', IDTech = 'T1156', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '202',IDTactic= 'TA0003', IDTech = 'T1157', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '203',IDTactic= 'TA0004', IDTech = 'T1157', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '204',IDTactic= 'TA0005', IDTech = 'T1158', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '205',IDTactic= 'TA0003', IDTech = 'T1158', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '206',IDTactic= 'TA0003', IDTech = 'T1159', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '207',IDTactic= 'TA0003', IDTech = 'T1160', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '208',IDTactic= 'TA0004', IDTech = 'T1160', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '209',IDTactic= 'TA0003', IDTech = 'T1161', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '210',IDTactic= 'TA0003', IDTech = 'T1162', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '211',IDTactic= 'TA0003', IDTech = 'T1163', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '212',IDTactic= 'TA0003', IDTech = 'T1164', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '213',IDTactic= 'TA0003', IDTech = 'T1165', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '214',IDTactic= 'TA0004', IDTech = 'T1165', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '215',IDTactic= 'TA0004', IDTech = 'T1166', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '216',IDTactic= 'TA0003', IDTech = 'T1166', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '217',IDTactic= 'TA0006', IDTech = 'T1167', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '218',IDTactic= 'TA0003', IDTech = 'T1168', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '219',IDTactic= 'TA0002', IDTech = 'T1168', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '220',IDTactic= 'TA0004', IDTech = 'T1169', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '221',IDTactic= 'TA0005', IDTech = 'T1170', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '222',IDTactic= 'TA0002', IDTech = 'T1170', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '223',IDTactic= 'TA0006', IDTech = 'T1171', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '224',IDTactic= 'TA0011', IDTech = 'T1172', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '225',IDTactic= 'TA0002', IDTech = 'T1173', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '226',IDTactic= 'TA0006', IDTech = 'T1174', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '227',IDTactic= 'TA0008', IDTech = 'T1175', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '228',IDTactic= 'TA0003', IDTech = 'T1176', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '229',IDTactic= 'TA0002', IDTech = 'T1177', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '230',IDTactic= 'TA0003', IDTech = 'T1177', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '231',IDTactic= 'TA0004', IDTech = 'T1178', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '232',IDTactic= 'TA0003', IDTech = 'T1179', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '233',IDTactic= 'TA0004', IDTech = 'T1179', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '234',IDTactic= 'TA0006', IDTech = 'T1179', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '235',IDTactic= 'TA0003', IDTech = 'T1180', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '236',IDTactic= 'TA0005', IDTech = 'T1181', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '237',IDTactic= 'TA0004', IDTech = 'T1181', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '238',IDTactic= 'TA0003', IDTech = 'T1182', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '239',IDTactic= 'TA0004', IDTech = 'T1182', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '240',IDTactic= 'TA0004', IDTech = 'T1183', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '241',IDTactic= 'TA0003', IDTech = 'T1183', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '242',IDTactic= 'TA0005', IDTech = 'T1183', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '243',IDTactic= 'TA0008', IDTech = 'T1184', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '244',IDTactic= 'TA0009', IDTech = 'T1185', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '245',IDTactic= 'TA0005', IDTech = 'T1186', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '246',IDTactic= 'TA0006', IDTech = 'T1187', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '247',IDTactic= 'TA0011', IDTech = 'T1188', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '248',IDTactic= 'TA0001', IDTech = 'T1189', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '249',IDTactic= 'TA0001', IDTech = 'T1190', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '250',IDTactic= 'TA0005', IDTech = 'T1191', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '251',IDTactic= 'TA0002', IDTech = 'T1191', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '252',IDTactic= 'TA0001', IDTech = 'T1192', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '253',IDTactic= 'TA0001', IDTech = 'T1193', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '254',IDTactic= 'TA0001', IDTech = 'T1194', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '255',IDTactic= 'TA0001', IDTech = 'T1195', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '256',IDTactic= 'TA0005', IDTech = 'T1196', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '257',IDTactic= 'TA0002', IDTech = 'T1196', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '258',IDTactic= 'TA0005', IDTech = 'T1197', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '259',IDTactic= 'TA0003', IDTech = 'T1197', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '260',IDTactic= 'TA0005', IDTech = 'T1198', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '261',IDTactic= 'TA0003', IDTech = 'T1198', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '262',IDTactic= 'TA0001', IDTech = 'T1199', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '263',IDTactic= 'TA0001', IDTech = 'T1200', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '264',IDTactic= 'TA0007', IDTech = 'T1201', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '265',IDTactic= 'TA0005', IDTech = 'T1202', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '266',IDTactic= 'TA0002', IDTech = 'T1203', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '267',IDTactic= 'TA0002', IDTech = 'T1204', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '268',IDTactic= 'TA0005', IDTech = 'T1205', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '269',IDTactic= 'TA0003', IDTech = 'T1205', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '270',IDTactic= 'TA0011', IDTech = 'T1205', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '271',IDTactic= 'TA0004', IDTech = 'T1206', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '272',IDTactic= 'TA0005', IDTech = 'T1207', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '273',IDTactic= 'TA0006', IDTech = 'T1208', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '274',IDTactic= 'TA0003', IDTech = 'T1209', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '275',IDTactic= 'TA0008', IDTech = 'T1210', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '276',IDTactic= 'TA0005', IDTech = 'T1211', Function = "invoke-bypass_scanbuffer", Terminated = 'False'),
models.Inteligence_DB(IDIntel = '277',IDTactic= 'TA0006', IDTech = 'T1212', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '278',IDTactic= 'TA0009', IDTech = 'T1213', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '279',IDTactic= 'TA0006', IDTech = 'T1214', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '280',IDTactic= 'TA0003', IDTech = 'T1215', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '281',IDTactic= 'TA0005', IDTech = 'T1216', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '282',IDTactic= 'TA0002', IDTech = 'T1216', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '283',IDTactic= 'TA0007', IDTech = 'T1217', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '284',IDTactic= 'TA0005', IDTech = 'T1218', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '285',IDTactic= 'TA0002', IDTech = 'T1218', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '286',IDTactic= 'TA0011', IDTech = 'T1219', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '287',IDTactic= 'TA0005', IDTech = 'T1220', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '288',IDTactic= 'TA0002', IDTech = 'T1220', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '289',IDTactic= 'TA0005', IDTech = 'T1221', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '290',IDTactic= 'TA0005', IDTech = 'T1222', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '291',IDTactic= 'TA0005', IDTech = 'T1223', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '292',IDTactic= 'TA0002', IDTech = 'T1223', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '293',IDTactic= 'TA0005', IDTech = 'T1480', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '294',IDTactic= 'TA0007', IDTech = 'T1482', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '295',IDTactic= 'TA0011', IDTech = 'T1483', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '296',IDTactic= 'TA0005', IDTech = 'T1484', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '297',IDTactic= 'TA0040', IDTech = 'T1485', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '298',IDTactic= 'TA0040', IDTech = 'T1486', Function = 'invoke-encryptfiles', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '299',IDTactic= 'TA0040', IDTech = 'T1487', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '300',IDTactic= 'TA0040', IDTech = 'T1488', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '301',IDTactic= 'TA0040', IDTech = 'T1489', Function = 'invoke-servicestop', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '302',IDTactic= 'TA0040', IDTech = 'T1490', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '303',IDTactic= 'TA0040', IDTech = 'T1491', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '304',IDTactic= 'TA0040', IDTech = 'T1492', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '305',IDTactic= 'TA0040', IDTech = 'T1493', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '306',IDTactic= 'TA0040', IDTech = 'T1494', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '307',IDTactic= 'TA0040', IDTech = 'T1495', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '308',IDTactic= 'TA0040', IDTech = 'T1496', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '309',IDTactic= 'TA0005', IDTech = 'T1497', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '310',IDTactic= 'TA0007', IDTech = 'T1497', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '311',IDTactic= 'TA0040', IDTech = 'T1498', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '312',IDTactic= 'TA0040', IDTech = 'T1499', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '313',IDTactic= 'TA0005', IDTech = 'T1500', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '314',IDTactic= 'TA0003', IDTech = 'T1501', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '315',IDTactic= 'TA0006', IDTech = 'T1003', Function = 'invoke-mimikatz', Terminated = 'False'),
models.Inteligence_DB(IDIntel = '316',IDTactic= 'TA0040', IDTech = 'T1531', Function = None, Terminated = 'False'),
models.Inteligence_DB(IDIntel = '317',IDTactic= 'TA0004', IDTech = 'T1088', Function = 'invoke-wsreset', Terminated = 'True'),
models.Inteligence_DB(IDIntel = '318',IDTactic= 'TA0005', IDTech = 'T1088', Function = 'invoke-wsreset', Terminated = 'True'),
models.Inteligence_DB(IDIntel = '319',IDTactic= 'TA0004', IDTech = 'T1088', Function = 'invoke-environmentInjection', Terminated = 'True'),
models.Inteligence_DB(IDIntel = '320',IDTactic= 'TA0005', IDTech = 'T1088', Function = 'invoke-environmentInjection', Terminated = 'True'),
models.Inteligence_DB(IDIntel = '321',IDTactic= 'TA0005', IDTech = 'T1211', Function = "invoke-disableDefender", Terminated = 'False'),
models.Inteligence_DB(IDIntel = '322',IDTactic= 'TA0005', IDTech = 'T1211', Function = "invoke-bypassAmsiHijackingDLL", Terminated = 'False'),
models.Inteligence_DB(IDIntel = '323',IDTactic= 'TA0005', IDTech = 'T1211', Function = "invoke-disableDefender-bifurcated", Terminated = 'True')
]
s.bulk_save_objects(objects)
s.commit()
def insert_threat():
objects = [
models.Threat_DB(IDthreat = '1', Created = '2017-05-31T21:32:44.131Z', Modified = '2018-10-17T00:14:20.652Z', Name = '3PARA RAT', Description = '[3PARA RAT](https://attack.mitre.org/software/S0066) is a remote access tool (RAT) programmed in C++ that has been used by [Putter Panda](https://attack.mitre.org/groups/G0024). (Citation: CrowdStrike Putter Panda)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '2', Created = '2017-05-31T21:32:43.664Z', Modified = '2018-10-17T00:14:20.652Z', Name = '4H RAT', Description = '[4H RAT](https://attack.mitre.org/software/S0065) is malware that has been used by [Putter Panda](https://attack.mitre.org/groups/G0024) since at least 2007. (Citation: CrowdStrike Putter Panda)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '3', Created = '2017-05-31T21:32:34.648Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'ADVSTORESHELL', Description = '[ADVSTORESHELL](https://attack.mitre.org/software/S0045) is a spying backdoor that has been used by [APT28](https://attack.mitre.org/groups/G0007) from at least 2012 to 2016. It is generally used for long-term espionage and is deployed on targets deemed interesting after a reconnaissance phase. (Citation: Kaspersky Sofacy) (Citation: ESET Sednit Part 2)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '4', Created = '2017-05-31T21:32:47.879Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'ASPXSpy', Description = '[ASPXSpy](https://attack.mitre.org/software/S0073) is a Web shell. It has been modified by [Threat Group-3390](https://attack.mitre.org/groups/G0027) actors to create the ASPXTool version. (Citation: Dell TG-3390)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '5', Created = '2019-01-29T18:44:04.748Z', Modified = '2019-04-16T14:30:35.105Z', Name = 'Agent Tesla', Description = '[Agent Tesla](https://attack.mitre.org/software/S0331) is a spyware Trojan written in visual basic.(Citation: Fortinet Agent Tesla April 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '6', Created = '2017-05-31T21:32:59.153Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Agent.btz', Description = '[Agent.btz](https://attack.mitre.org/software/S0092) is a worm that primarily spreads itself via removable devices such as USB drives. It reportedly infected U.S. military networks in 2008. (Citation: Securelist Agent.btz)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '7', Created = '2019-04-17T13:46:38.565Z', Modified = '2019-04-23T16:21:50.503Z', Name = 'Astaroth', Description = '[Astaroth](https://attack.mitre.org/software/S0373) is a Trojan and information stealer known to affect companies in Europe and Brazil. It has been known publicly since at least late 2017. (Citation: Cybereason Astaroth Feb 2019) (Citation: Cofense Astaroth Sept 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '8', Created = '2019-01-30T15:47:41.018Z', Modified = '2019-01-30T15:47:41.018Z', Name = 'AuditCred', Description = '[AuditCred](https://attack.mitre.org/software/S0347) is a malicious DLL that has been used by [Lazarus Group](https://attack.mitre.org/groups/G0032) during their 2018 attacks.(Citation: TrendMicro Lazarus Nov 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '9', Created = '2017-05-31T21:33:14.551Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'AutoIt backdoor', Description = '[AutoIt backdoor](https://attack.mitre.org/software/S0129) is malware that has been used by the actors responsible for the MONSOON campaign. The actors frequently used it in weaponized .pps files exploiting CVE-2014-6352. (Citation: Forcepoint Monsoon) This malware makes use of the legitimate scripting language for Windows GUI automation with the same name.', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '10', Created = '2019-01-30T15:19:14.309Z', Modified = '2019-02-12T21:57:28.057Z', Name = 'Azorult', Description = '[Azorult](https://attack.mitre.org/software/S0344) is a commercial Trojan that is used to steal information from compromised hosts. [Azorult](https://attack.mitre.org/software/S0344) has been observed in the wild as early as 2016. In July 2018, [Azorult](https://attack.mitre.org/software/S0344) was seen used in a spearphishing campaign against targets in North America. [Azorult](https://attack.mitre.org/software/S0344) has been seen used for cryptocurrency theft. (Citation: Unit42 Azorult Nov 2018)(Citation: Proofpoint Azorult July 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '11', Created = '2017-05-31T21:32:24.428Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'BACKSPACE', Description = '[BACKSPACE](https://attack.mitre.org/software/S0031) is a backdoor used by [APT30](https://attack.mitre.org/groups/G0013) that dates back to at least 2005. (Citation: FireEye APT30)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '12', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'BADCALL', Description = '[BADCALL](https://attack.mitre.org/software/S0245) is a Trojan malware variant used by the group [Lazarus Group](https://attack.mitre.org/groups/G0032). (Citation: US-CERT BADCALL)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '13', Created = '2017-05-31T21:33:14.118Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'BADNEWS', Description = '[BADNEWS](https://attack.mitre.org/software/S0128) is malware that has been used by the actors responsible for the [Patchwork](https://attack.mitre.org/groups/G0040) campaign. Its name was given due to its use of RSS feeds, forums, and blogs for command and control. (Citation: Forcepoint Monsoon) (Citation: TrendMicro Patchwork Dec 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '14', Created = '2017-05-31T21:33:13.664Z', Modified = '2019-04-24T23:10:02.247Z', Name = 'BBSRAT', Description = '[BBSRAT](https://attack.mitre.org/software/S0127) is malware with remote access tool functionality that has been used in targeted compromises. (Citation: Palo Alto Networks BBSRAT)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '15', Created = '2017-05-31T21:32:17.147Z', Modified = '2019-01-30T15:38:20.677Z', Name = 'BISCUIT', Description = '[BISCUIT](https://attack.mitre.org/software/S0017) is a backdoor that has been used by [APT1](https://attack.mitre.org/groups/G0006) since as early as 2007. (Citation: Mandiant APT1)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '16', Created = '2017-05-31T21:32:45.892Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'BLACKCOFFEE', Description = '[BLACKCOFFEE](https://attack.mitre.org/software/S0069) is malware that has been used by several Chinese groups since at least 2013. (Citation: FireEye APT17) (Citation: FireEye Periscope March 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '17', Created = '2019-02-18T20:16:12.119Z', Modified = '2019-04-23T19:32:14.628Z', Name = 'BONDUPDATER', Description = '[BONDUPDATER](https://attack.mitre.org/software/S0360) is a PowerShell backdoor used by [OilRig](https://attack.mitre.org/groups/G0049). It was first observed in November 2017 during targeting of a Middle Eastern government organization, and an updated version was observed in August 2018 being used to target a government organization with spearphishing emails.(Citation: FireEye APT34 Dec 2017)(Citation: Palo Alto OilRig Sep 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '18', Created = '2017-05-31T21:33:08.292Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'BOOTRASH', Description = '[BOOTRASH](https://attack.mitre.org/software/S0114) is a [Bootkit](https://attack.mitre.org/techniques/T1067) that targets Windows operating systems. It has been used by threat actors that target the financial sector. (Citation: MTrends 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '19', Created = '2017-05-31T21:32:15.994Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'BS2005', Description = '[BS2005](https://attack.mitre.org/software/S0014) is malware that was used by [Ke3chang](https://attack.mitre.org/groups/G0004) in spearphishing campaigns since at least 2011. (Citation: Villeneuve et al 2014)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '20', Created = '2017-05-31T21:32:33.738Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'BUBBLEWRAP', Description = '[BUBBLEWRAP](https://attack.mitre.org/software/S0043) is a full-featured, second-stage backdoor used by the [admin@338](https://attack.mitre.org/groups/G0018) group. It is set to run when the system boots and includes functionality to check, upload, and register plug-ins that can further enhance its capabilities. (Citation: FireEye admin@338)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '21', Created = '2017-05-31T21:32:59.661Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Backdoor.Oldrea', Description = '[Backdoor.Oldrea](https://attack.mitre.org/software/S0093) is a backdoor used by [Dragonfly](https://attack.mitre.org/groups/G0035). It appears to be custom malware authored by the group or specifically for it. (Citation: Symantec Dragonfly)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '22', Created = '2019-01-29T21:33:34.082Z', Modified = '2019-04-23T21:17:49.678Z', Name = 'BadPatch', Description = '[BadPatch](https://attack.mitre.org/software/S0337) is a Windows Trojan that was used in a Gaza Hackers-linked campaign.(Citation: Unit 42 BadPatch Oct 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '23', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Bandook', Description = '[Bandook](https://attack.mitre.org/software/S0234) is a commercially available RAT, written in Delphi, which has been available since roughly 2007 (Citation: EFF Manul Aug 2016) (Citation: Lookout Dark Caracal Jan 2018).', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '24', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Bankshot', Description = '[Bankshot](https://attack.mitre.org/software/S0239) is a remote access tool (RAT) that was first reported by the Department of Homeland Security in December of 2017. In 2018, [Lazarus Group](https://attack.mitre.org/groups/G0032) used the [Bankshot](https://attack.mitre.org/software/S0239) implant in attacks against the Turkish financial sector. (Citation: McAfee Bankshot)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '25', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Bisonal', Description = '[Bisonal](https://attack.mitre.org/software/S0268) is malware that has been used in attacks against targets in Russia, South Korea, and Japan. It has been observed in the wild since 2014. (Citation: Unit 42 Bisonal July 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '26', Created = '2017-05-31T21:32:57.807Z', Modified = '2019-04-22T22:19:05.060Z', Name = 'BlackEnergy', Description = '[BlackEnergy](https://attack.mitre.org/software/S0089) is a malware toolkit that has been used by both criminal and APT actors. It dates back to at least 2007 and was originally designed to create botnets for use in conducting Distributed Denial of Service (DDoS) attacks, but its use has evolved to support various plug-ins. It is well known for being used during the confrontation between Georgia and Russia in 2008, as well as in targeting Ukrainian institutions. Variants include BlackEnergy 2 and BlackEnergy 3. (Citation: F-Secure BlackEnergy 2014)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '27', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Brave Prince', Description = '[Brave Prince](https://attack.mitre.org/software/S0252) is a Korean-language implant that was first observed in the wild in December 2017. It contains similar code and behavior to [Gold Dragon](https://attack.mitre.org/software/S0249), and was seen along with [Gold Dragon](https://attack.mitre.org/software/S0249) and [RunningRAT](https://attack.mitre.org/software/S0253) in operations surrounding the 2018 Pyeongchang Winter Olympics. (Citation: McAfee Gold Dragon)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '28', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Briba', Description = '[Briba](https://attack.mitre.org/software/S0204) is a trojan used by [Elderwood](https://attack.mitre.org/groups/G0066) to open a backdoor and download files on to compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Briba May 2012)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '29', Created = '2017-05-31T21:32:20.137Z', Modified = '2019-01-30T15:39:45.451Z', Name = 'CALENDAR', Description = '[CALENDAR](https://attack.mitre.org/software/S0025) is malware used by [APT1](https://attack.mitre.org/groups/G0006) that mimics legitimate Gmail Calendar traffic. (Citation: Mandiant APT1)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '30', Created = '2018-04-18T17:59:24.739Z', Modified = '2019-04-24T23:11:34.478Z', Name = 'CCBkdr', Description = '[CCBkdr](https://attack.mitre.org/software/S0222) is malware that was injected into a signed version of CCleaner and distributed from CCleaner''s distribution website. (Citation: Talos CCleanup 2017) (Citation: Intezer Aurora Sept 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '31', Created = '2017-05-31T21:32:19.389Z', Modified = '2019-04-23T21:19:10.378Z', Name = 'CHOPSTICK', Description = '[CHOPSTICK](https://attack.mitre.org/software/S0023) is a malware family of modular backdoors used by [APT28](https://attack.mitre.org/groups/G0007). It has been used since at least 2012 and is usually dropped on victims as second-stage malware, though it has been used as first-stage malware in several cases. It has both Windows and Linux variants. (Citation: FireEye APT28) (Citation: ESET Sednit Part 2) (Citation: FireEye APT28 January 2017) (Citation: DOJ GRU Indictment Jul 2018) It is tracked separately from the [X-Agent for Android](https://attack.mitre.org/software/S0314).', Windows = 'true', MacOS = 'false', Linux = 'true'),
models.Threat_DB(IDthreat = '32', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'CORALDECK', Description = '[CORALDECK](https://attack.mitre.org/software/S0212) is an exfiltration tool used by [APT37](https://attack.mitre.org/groups/G0067). (Citation: FireEye APT37 Feb 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '33', Created = '2017-05-31T21:33:18.506Z', Modified = '2019-01-30T18:08:50.719Z', Name = 'CORESHELL', Description = '[CORESHELL](https://attack.mitre.org/software/S0137) is a downloader used by [APT28](https://attack.mitre.org/groups/G0007). The older versions of this malware are known as SOURFACE and newer versions as CORESHELL.(Citation: FireEye APT28) (Citation: FireEye APT28 January 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '34', Created = '2019-01-30T18:58:03.614Z', Modified = '2019-04-22T19:48:08.741Z', Name = 'Cannon', Description = '[Cannon](https://attack.mitre.org/software/S0351) is a Trojan with variants written in C# and Delphi. It was first observed in April 2018. (Citation: Unit42 Cannon Nov 2018)(Citation: Unit42 Sofacy Dec 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '35', Created = '2017-05-31T21:32:22.213Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Carbanak', Description = '[Carbanak](https://attack.mitre.org/software/S0030) is a full-featured, remote backdoor used by a group of the same name ([Carbanak](https://attack.mitre.org/groups/G0008)). It is intended for espionage, data exfiltration, and providing remote access to infected machines. (Citation: Kaspersky Carbanak) (Citation: FireEye CARBANAK June 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '36', Created = '2019-01-29T19:36:02.103Z', Modified = '2019-04-12T14:43:22.440Z', Name = 'Carbon', Description = '[Carbon](https://attack.mitre.org/software/S0335) is a sophisticated, second-stage backdoor and framework that can be used to steal sensitive information from victims. [Carbon](https://attack.mitre.org/software/S0335) has been selectively used by [Turla](https://attack.mitre.org/groups/G0010) to target government and foreign affairs-related organizations in Central Asia.(Citation: ESET Carbon Mar 2017)(Citation: Securelist Turla Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '37', Created = '2019-01-30T16:39:53.573Z', Modified = '2019-04-25T21:31:15.886Z', Name = 'Cardinal RAT', Description = '[Cardinal RAT](https://attack.mitre.org/software/S0348) is a potentially low volume remote access trojan (RAT) observed since December 2015. [Cardinal RAT](https://attack.mitre.org/software/S0348) is notable for its unique utilization of uncompiled C# source code and the Microsoft Windows built-in csc.exe compiler.(Citation: PaloAlto CardinalRat Apr 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '38', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Catchamas', Description = '[Catchamas](https://attack.mitre.org/software/S0261) is a Windows Trojan that steals information from compromised systems. (Citation: Symantec Catchamas April 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '39', Created = '2017-05-31T21:33:22.451Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'ChChes', Description = '[ChChes](https://attack.mitre.org/software/S0144) is a Trojan that appears to be used exclusively by [menuPass](https://attack.mitre.org/groups/G0045). It was used to target Japanese organizations in 2016. Its lack of persistence methods suggests it may be intended as a first-stage tool. (Citation: Palo Alto menuPass Feb 2017) (Citation: JPCERT ChChes Feb 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '40', Created = '2017-05-31T21:33:05.710Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Cherry Picker', Description = '[Cherry Picker](https://attack.mitre.org/software/S0107) is a point of sale (PoS) memory scraper. (Citation: Trustwave Cherry Picker)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '41', Created = '2017-05-31T21:32:18.315Z', Modified = '2019-04-24T16:39:53.803Z', Name = 'China Chopper', Description = '[China Chopper](https://attack.mitre.org/software/S0020) is a [Web Shell](https://attack.mitre.org/techniques/T1100) hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back to a remote command and control server. (Citation: Lee 2013) It has been used by several threat groups. (Citation: Dell TG-3390) (Citation: FireEye Periscope March 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '42', Created = '2017-05-31T21:32:38.128Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'CloudDuke', Description = '[CloudDuke](https://attack.mitre.org/software/S0054) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) in 2015. (Citation: F-Secure The Dukes) (Citation: Securelist Minidionis July 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '43', Created = '2019-01-29T21:40:37.350Z', Modified = '2019-04-23T21:09:54.593Z', Name = 'Cobian RAT', Description = '[Cobian RAT](https://attack.mitre.org/software/S0338) is a backdoor, remote access tool that has been observed since 2016.(Citation: Zscaler Cobian Aug 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '44', Created = '2017-05-31T21:33:13.252Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'ComRAT', Description = '[ComRAT](https://attack.mitre.org/software/S0126) is a remote access tool suspected of being a decedent of [Agent.btz](https://attack.mitre.org/software/S0092) and used by [Turla](https://attack.mitre.org/groups/G0010). (Citation: Symantec Waterbug) (Citation: NorthSec 2015 GData Uroburos Tools)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '45', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Comnie', Description = '[Comnie](https://attack.mitre.org/software/S0244) is a remote backdoor which has been used in attacks in East Asia. (Citation: Palo Alto Comnie)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '46', Created = '2017-05-31T21:32:36.550Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'CosmicDuke', Description = '[CosmicDuke](https://attack.mitre.org/software/S0050) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) from 2010 to 2015. (Citation: F-Secure The Dukes)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '47', Created = '2017-05-31T21:32:35.022Z', Modified = '2019-04-24T23:17:24.947Z', Name = 'CozyCar', Description = '[CozyCar](https://attack.mitre.org/software/S0046) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) from 2010 to 2015. It is a modular malware platform, and its backdoor component can be instructed to download and execute a variety of modules with different functionality. (Citation: F-Secure The Dukes)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '48', Created = '2017-05-31T21:33:08.679Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Crimson', Description = '[Crimson](https://attack.mitre.org/software/S0115) is malware used as part of a campaign known as Operation Transparent Tribe that targeted Indian diplomatic and military victims. (Citation: Proofpoint Operation Transparent Tribe March 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '49', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'CrossRAT', Description = '[CrossRAT](https://attack.mitre.org/software/S0235) is a cross platform RAT.', Windows = 'true', MacOS = 'true', Linux = 'true'),
models.Threat_DB(IDthreat = '50', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'DDKONG', Description = '[DDKONG](https://attack.mitre.org/software/S0255) is a malware sample that was part of a campaign by [Rancor](https://attack.mitre.org/groups/G0075). [DDKONG](https://attack.mitre.org/software/S0255) was first seen used in February 2017. (Citation: Rancor Unit42 June 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '51', Created = '2018-04-18T17:59:24.739Z', Modified = '2019-01-29T18:23:45.808Z', Name = 'DOGCALL', Description = '[DOGCALL](https://attack.mitre.org/software/S0213) is a backdoor used by [APT37](https://attack.mitre.org/groups/G0067) that has been used to target South Korean government and military organizations in 2017. It is typically dropped using a Hangul Word Processor (HWP) exploit. (Citation: FireEye APT37 Feb 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '52', Created = '2019-01-29T19:18:28.468Z', Modified = '2019-02-12T19:12:53.072Z', Name = 'DarkComet', Description = '[DarkComet](https://attack.mitre.org/software/S0334) is a Windows remote administration tool and backdoor.(Citation: TrendMicro DarkComet Sept 2014)(Citation: Malwarebytes DarkComet March 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '53', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Daserf', Description = '[Daserf](https://attack.mitre.org/software/S0187) is a backdoor that has been used to spy on and steal from Japanese, South Korean, Russian, Singaporean, and Chinese victims. Researchers have identified versions written in both Visual C and Delphi. (Citation: Trend Micro Daserf Nov 2017) (Citation: Secureworks BRONZE BUTLER Oct 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '54', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'DealersChoice', Description = '[DealersChoice](https://attack.mitre.org/software/S0243) is a Flash exploitation framework used by [APT28](https://attack.mitre.org/groups/G0007). (Citation: Sofacy DealersChoice)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '55', Created = '2019-01-30T20:01:44.815Z', Modified = '2019-04-24T20:56:04.497Z', Name = 'Denis', Description = '[Denis](https://attack.mitre.org/software/S0354) is a Windows backdoor and Trojan.(Citation: Cybereason Oceanlotus May 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '56', Created = '2017-05-31T21:32:18.668Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Derusbi', Description = '[Derusbi](https://attack.mitre.org/software/S0021) is malware used by multiple Chinese APT groups. (Citation: Novetta-Axiom) (Citation: ThreatConnect Anthem) Both Windows and Linux variants have been observed. (Citation: Fidelis Turbo)', Windows = 'true', MacOS = 'false', Linux = 'true'),
models.Threat_DB(IDthreat = '57', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Dipsind', Description = '[Dipsind](https://attack.mitre.org/software/S0200) is a malware family of backdoors that appear to be used exclusively by [PLATINUM](https://attack.mitre.org/groups/G0068). (Citation: Microsoft PLATINUM April 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '58', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'DownPaper', Description = '[DownPaper](https://attack.mitre.org/software/S0186) is a backdoor Trojan', Windows = 'NULL', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '59', Created = '2017-05-31T21:33:16.790Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Downdelph', Description = '[Downdelph](https://attack.mitre.org/software/S0134) is a first-stage downloader written in Delphi that has been used by [APT28](https://attack.mitre.org/groups/G0007) in rare instances between 2013 and 2015. (Citation: ESET Sednit Part 3)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '60', Created = '2017-05-31T21:32:31.188Z', Modified = '2019-04-24T23:18:53.005Z', Name = 'Duqu', Description = '[Duqu](https://attack.mitre.org/software/S0038) is a malware platform that uses a modular approach to extend functionality after deployment within a target network. (Citation: Symantec W32.Duqu)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '61', Created = '2017-05-31T21:32:41.750Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'DustySky', Description = '[DustySky](https://attack.mitre.org/software/S0062) is multi-stage malware written in .NET that has been used by [Molerats](https://attack.mitre.org/groups/G0021) since May 2015. (Citation: DustySky) (Citation: DustySky2)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '62', Created = '2017-05-31T21:32:19.746Z', Modified = '2019-04-24T23:21:07.723Z', Name = 'Dyre', Description = '[Dyre](https://attack.mitre.org/software/S0024) is a Trojan that has been used for financial gain. (Citation: Symantec Dyre June 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '63', Created = '2017-05-31T21:32:43.237Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'ELMER', Description = '[ELMER](https://attack.mitre.org/software/S0064) is a non-persistent, proxy-aware HTTP backdoor written in Delphi that has been used by [APT16](https://attack.mitre.org/groups/G0023). (Citation: FireEye EPS Awakens Part 2)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '64', Created = '2017-05-31T21:32:54.416Z', Modified = '2019-04-17T22:12:24.546Z', Name = 'Elise', Description = '[Elise](https://attack.mitre.org/software/S0081) is a custom backdoor Trojan that appears to be used exclusively by [Lotus Blossom](https://attack.mitre.org/groups/G0030). It is part of a larger group of tools referred to as LStudio, ST Group, and APT0LSTU. (Citation: Lotus Blossom Jun 2015)(Citation: Accenture Dragonfish Jan 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '65', Created = '2017-05-31T21:32:54.772Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Emissary', Description = '[Emissary](https://attack.mitre.org/software/S0082) is a Trojan that has been used by [Lotus Blossom](https://attack.mitre.org/groups/G0030). It shares code with [Elise](https://attack.mitre.org/software/S0081), with both Trojans being part of a malware group referred to as LStudio. (Citation: Lotus Blossom Dec 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '66', Created = '2019-03-25T18:35:14.353Z', Modified = '2019-04-24T21:06:36.786Z', Name = 'Emotet', Description = '[Emotet](https://attack.mitre.org/software/S0367) is a modular malware variant which is primarily used as a downloader for other malware variants such as [TrickBot](https://attack.mitre.org/software/S0266) and IcedID. Emotet first emerged in June 2014 and has been primarily used to target the banking sector. (Citation: Trend Micro Banking Malware Jan 2019)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '67', Created = '2017-05-31T21:32:58.738Z', Modified = '2019-04-16T21:27:36.933Z', Name = 'Epic', Description = '[Epic](https://attack.mitre.org/software/S0091) is a backdoor that has been used by [Turla](https://attack.mitre.org/groups/G0010). (Citation: Kaspersky Turla)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '68', Created = '2017-12-14T16:46:06.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'EvilGrab', Description = '[EvilGrab](https://attack.mitre.org/software/S0152) is a malware family with common reconnaissance capabilities. It has been deployed by [menuPass](https://attack.mitre.org/groups/G0045) via malicious Microsoft Office documents as part of spearphishing campaigns. (Citation: PWC Cloud Hopper Technical Annex April 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '69', Created = '2019-01-30T15:10:03.894Z', Modified = '2019-04-24T21:14:11.790Z', Name = 'Exaramel', Description = '[Exaramel](https://attack.mitre.org/software/S0343) is multi-platform backdoor for Linux and Windows systems.(Citation: ESET TeleBots Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'true'),
models.Threat_DB(IDthreat = '70', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'FALLCHILL', Description = '[FALLCHILL](https://attack.mitre.org/software/S0181) is a RAT that has been used by [Lazarus Group](https://attack.mitre.org/groups/G0032) since at least 2016 to target the aerospace, telecommunications, and finance industries. It is usually dropped by other [Lazarus Group](https://attack.mitre.org/groups/G0032) malware or delivered when a victim unknowingly visits a compromised website. (Citation: US-CERT FALLCHILL Nov 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '71', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-01-30T13:42:08.715Z', Name = 'FELIXROOT', Description = '[FELIXROOT](https://attack.mitre.org/software/S0267) is a backdoor that has been used to target Ukrainian victims. (Citation: FireEye FELIXROOT July 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '72', Created = '2017-05-31T21:32:28.754Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'FLASHFLOOD', Description = '[FLASHFLOOD](https://attack.mitre.org/software/S0036) is malware developed by [APT30](https://attack.mitre.org/groups/G0013) that allows propagation and exfiltration of data over removable devices. [APT30](https://attack.mitre.org/groups/G0013) may use this capability to exfiltrate data across air-gaps. (Citation: FireEye APT30)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '73', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'FLIPSIDE', Description = '[FLIPSIDE](https://attack.mitre.org/software/S0173) is a simple tool similar to Plink that is used by [FIN5](https://attack.mitre.org/groups/G0053) to maintain access to victims. (Citation: Mandiant FIN5 GrrCON Oct 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '74', Created = '2017-05-31T21:32:52.470Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'FakeM', Description = '[FakeM](https://attack.mitre.org/software/S0076) is a shellcode-based Windows backdoor that has been used by [Scarlet Mimic](https://attack.mitre.org/groups/G0029). (Citation: Scarlet Mimic Jan 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '75', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Felismus', Description = '[Felismus](https://attack.mitre.org/software/S0171) is a modular backdoor that has been used by [Sowbug](https://attack.mitre.org/groups/G0054). (Citation: Symantec Sowbug Nov 2017) (Citation: Forcepoint Felismus Mar 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '76', Created = '2018-01-16T16:13:52.465Z', Modified = '2019-04-19T15:28:04.283Z', Name = 'FinFisher', Description = '[FinFisher](https://attack.mitre.org/software/S0182) is a government-grade commercial surveillance spyware reportedly sold exclusively to government agencies for use in targeted and lawful criminal investigations. It is heavily obfuscated and uses multiple anti-analysis techniques. It has other variants including [Wingbird](https://attack.mitre.org/software/S0176). (Citation: FinFisher Citation) (Citation: Microsoft SIR Vol 21) (Citation: FireEye FinSpy Sept 2017) (Citation: Securelist BlackOasis Oct 2017) (Citation: Microsoft FinFisher March 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '77', Created = '2019-01-31T00:23:06.022Z', Modified = '2019-01-31T00:23:06.022Z', Name = 'Final1stspy', Description = '[Final1stspy](https://attack.mitre.org/software/S0355) is a dropper family that has been used to deliver [DOGCALL](https://attack.mitre.org/software/S0213).(Citation: Unit 42 Nokki Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '78', Created = '2017-05-31T21:33:21.973Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Flame', Description = 'Flame is a sophisticated toolkit that has been used to collect information since at least 2010, largely targeting Middle East countries. (Citation: Kaspersky Flame)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '79', Created = '2017-05-31T21:32:20.526Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'GLOOXMAIL', Description = '[GLOOXMAIL](https://attack.mitre.org/software/S0026) is malware used by [APT1](https://attack.mitre.org/groups/G0006) that mimics legitimate Jabber/XMPP traffic. (Citation: Mandiant APT1)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '80', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Gazer', Description = '[Gazer](https://attack.mitre.org/software/S0168) is a backdoor used by [Turla](https://attack.mitre.org/groups/G0010) since at least 2016. (Citation: ESET Gazer Aug 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '81', Created = '2017-05-31T21:32:36.177Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'GeminiDuke', Description = '[GeminiDuke](https://attack.mitre.org/software/S0049) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) from 2009 to 2012. (Citation: F-Secure The Dukes)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '82', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Gold Dragon', Description = '[Gold Dragon](https://attack.mitre.org/software/S0249) is a Korean-language, data gathering implant that was first observed in the wild in South Korea in July 2017. [Gold Dragon](https://attack.mitre.org/software/S0249) was used along with [Brave Prince](https://attack.mitre.org/software/S0252) and [RunningRAT](https://attack.mitre.org/software/S0253) in operations targeting organizations associated with the 2018 Pyeongchang Winter Olympics. (Citation: McAfee Gold Dragon)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '83', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-24T23:21:59.015Z', Name = 'GravityRAT', Description = '[GravityRAT](https://attack.mitre.org/software/S0237) is a remote access tool (RAT) and has been in ongoing development since 2016. The actor behind the tool remains unknown, but two usernames have been recovered that link to the author, which are "TheMartian" and "The Invincible." According to the National Computer Emergency Response Team (CERT) of India, the malware has been identified in attacks against organization and entities in India. (Citation: Talos GravityRAT)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '84', Created = '2019-01-30T13:53:14.264Z', Modified = '2019-04-17T22:22:21.777Z', Name = 'GreyEnergy', Description = '[GreyEnergy](https://attack.mitre.org/software/S0342) is a backdoor written in C and compiled in Visual Studio. [GreyEnergy](https://attack.mitre.org/software/S0342) shares similarities with the [BlackEnergy](https://attack.mitre.org/software/S0089) malware and is thought to be the successor of it.(Citation: ESET GreyEnergy Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '85', Created = '2017-05-31T21:33:15.910Z', Modified = '2019-04-29T18:23:15.823Z', Name = 'H1N1', Description = '[H1N1](https://attack.mitre.org/software/S0132) is a malware variant that has been distributed via a campaign using VBA macros to infect victims. Although it initially had only loader capabilities, it has evolved to include information-stealing functionality. (Citation: Cisco H1N1 Part 1)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '86', Created = '2017-12-14T16:46:06.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'HALFBAKED', Description = '[HALFBAKED](https://attack.mitre.org/software/S0151) is a malware family consisting of multiple components intended to establish persistence in victim networks. (Citation: FireEye FIN7 April 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '87', Created = '2017-05-31T21:32:29.203Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'HAMMERTOSS', Description = '[HAMMERTOSS](https://attack.mitre.org/software/S0037) is a backdoor that was used by [APT29](https://attack.mitre.org/groups/G0016) in 2015. (Citation: FireEye APT29) (Citation: F-Secure The Dukes)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '88', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'HAPPYWORK', Description = '[HAPPYWORK](https://attack.mitre.org/software/S0214) is a downloader used by [APT37](https://attack.mitre.org/groups/G0067) to target South Korean government and financial victims in November 2016. (Citation: FireEye APT37 Feb 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '89', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'HARDRAIN', Description = '[HARDRAIN](https://attack.mitre.org/software/S0246) is a Trojan malware variant reportedly used by the North Korean government. (Citation: US-CERT HARDRAIN March 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '90', Created = '2017-05-31T21:32:40.801Z', Modified = '2019-04-25T02:33:53.419Z', Name = 'HDoor', Description = '[HDoor](https://attack.mitre.org/software/S0061) is malware that has been customized and used by the [Naikon](https://attack.mitre.org/groups/G0019) group. (Citation: Baumgartner Naikon 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '91', Created = '2017-05-31T21:33:17.272Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'HIDEDRV', Description = '[HIDEDRV](https://attack.mitre.org/software/S0135) is a rootkit used by [APT28](https://attack.mitre.org/groups/G0007). It has been deployed along with [Downdelph](https://attack.mitre.org/software/S0134) to execute and hide that malware. (Citation: ESET Sednit Part 3) (Citation: Sekoia HideDRV Oct 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '92', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'HOMEFRY', Description = '[HOMEFRY](https://attack.mitre.org/software/S0232) is a 64-bit Windows password dumper/cracker that has previously been used in conjunction with other [Leviathan](https://attack.mitre.org/groups/G0065) backdoors. (Citation: FireEye Periscope March 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '93', Created = '2019-04-19T15:30:36.593Z', Modified = '2019-04-22T19:41:53.168Z', Name = 'HOPLIGHT', Description = '[HOPLIGHT](https://attack.mitre.org/software/S0376) is a backdoor Trojan that has reportedly been used by the North Korean government.(Citation: US-CERT HOPLIGHT Apr 2019)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '94', Created = '2017-05-31T21:32:46.445Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'HTTPBrowser', Description = '[HTTPBrowser](https://attack.mitre.org/software/S0070) is malware that has been used by several threat groups. (Citation: ThreatStream Evasion Analysis) (Citation: Dell TG-3390) It is believed to be of Chinese origin. (Citation: ThreatConnect Anthem)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '95', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Helminth', Description = '[Helminth](https://attack.mitre.org/software/S0170) is a backdoor that has at least two variants - one written in VBScript and PowerShell that is delivered via a macros in Excel spreadsheets, and one that is a standalone Windows executable. (Citation: Palo Alto OilRig May 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '96', Created = '2017-05-31T21:32:56.860Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Hi-Zor', Description = '[Hi-Zor](https://attack.mitre.org/software/S0087) is a remote access tool (RAT) that has characteristics similar to [Sakula](https://attack.mitre.org/software/S0074). It was used in a campaign named INOCNATION. (Citation: Fidelis Hi-Zor)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '97', Created = '2017-05-31T21:32:14.124Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Hikit', Description = '[Hikit](https://attack.mitre.org/software/S0009) is malware that has been used by [Axiom](https://attack.mitre.org/groups/G0001) for late-stage persistence and exfiltration after the initial compromise. (Citation: Novetta-Axiom)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '98', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Hydraq', Description = '[Hydraq](https://attack.mitre.org/software/S0203) is a data-theft trojan first used by [Elderwood](https://attack.mitre.org/groups/G0066) in the 2009 Google intrusion known as Operation Aurora, though variations of this trojan have been used in more recent campaigns by other Chinese actors, possibly including [APT17](https://attack.mitre.org/groups/G0025). (Citation: MicroFocus 9002 Aug 2016) (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Trojan.Hydraq Jan 2010) (Citation: ASERT Seven Pointed Dagger Aug 2015) (Citation: FireEye DeputyDog 9002 November 2013) (Citation: ProofPoint GoT 9002 Aug 2017) (Citation: FireEye Sunshop Campaign May 2013) (Citation: PaloAlto 3102 Sept 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '99', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'ISMInjector', Description = '[ISMInjector](https://attack.mitre.org/software/S0189) is a Trojan used to install another [OilRig](https://attack.mitre.org/groups/G0049) backdoor, ISMAgent. (Citation: OilRig New Delivery Oct 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '100', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'InnaputRAT', Description = '[InnaputRAT](https://attack.mitre.org/software/S0259) is a remote access tool that can exfiltrate files from a victim’s machine. [InnaputRAT](https://attack.mitre.org/software/S0259) has been seen out in the wild since 2016. (Citation: ASERT InnaputRAT April 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '101', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'InvisiMole', Description = '[InvisiMole](https://attack.mitre.org/software/S0260) is a modular spyware program that has been used by threat actors since at least 2013. [InvisiMole](https://attack.mitre.org/software/S0260) has two backdoor modules called RC2FM and RC2CL that are used to perform post-exploitation activities. It has been discovered on compromised victims in the Ukraine and Russia. (Citation: ESET InvisiMole June 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '102', Created = '2017-05-31T21:32:16.360Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Ixeshe', Description = '[Ixeshe](https://attack.mitre.org/software/S0015) is a malware family that has been used since 2009 to attack targets in East Asia. (Citation: Moran 2013)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '103', Created = '2017-05-31T21:32:34.199Z', Modified = '2019-02-01T14:39:35.456Z', Name = 'JHUHUGIT', Description = '[JHUHUGIT](https://attack.mitre.org/software/S0044) is malware used by [APT28](https://attack.mitre.org/groups/G0007). It is based on Carberp source code and serves as reconnaissance malware. (Citation: Kaspersky Sofacy) (Citation: F-Secure Sofacy 2015) (Citation: ESET Sednit Part 1) (Citation: FireEye APT28 January 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '104', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'JPIN', Description = '[JPIN](https://attack.mitre.org/software/S0201) is a custom-built backdoor family used by [PLATINUM](https://attack.mitre.org/groups/G0068). Evidence suggests developers of [JPIN](https://attack.mitre.org/software/S0201) and [Dipsind](https://attack.mitre.org/software/S0200) code bases were related in some way. (Citation: Microsoft PLATINUM April 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '105', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'KARAE', Description = '[KARAE](https://attack.mitre.org/software/S0215) is a backdoor typically used by [APT37](https://attack.mitre.org/groups/G0067) as first-stage malware. (Citation: FireEye APT37 Feb 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '106', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'KEYMARBLE', Description = '[KEYMARBLE](https://attack.mitre.org/software/S0271) is a Trojan that has reportedly been used by the North Korean government. (Citation: US-CERT KEYMARBLE Aug 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '107', Created = '2017-12-14T16:46:06.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'KOMPROGO', Description = '[KOMPROGO](https://attack.mitre.org/software/S0156) is a signature backdoor used by [APT32](https://attack.mitre.org/groups/G0050) that is capable of process, file, and registry management. (Citation: FireEye APT32 May 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '108', Created = '2019-01-31T00:36:39.771Z', Modified = '2019-04-22T13:02:09.313Z', Name = 'KONNI', Description = '[KONNI](https://attack.mitre.org/software/S0356) is a Windows remote administration too that has been seen in use since 2014 and evolved in its capabilities through at least 2017. [KONNI](https://attack.mitre.org/software/S0356) has been linked to several campaigns involving North Korean themes.(Citation: Talos Konni May 2017) [KONNI](https://attack.mitre.org/software/S0356) has significant code overlap with the [NOKKI](https://attack.mitre.org/software/S0353) malware family. There is some evidence potentially linking [KONNI](https://attack.mitre.org/software/S0356) to [APT37](https://attack.mitre.org/groups/G0067).(Citation: Unit 42 NOKKI Sept 2018)(Citation: Unit 42 Nokki Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '109', Created = '2017-05-31T21:32:57.344Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Kasidet', Description = '[Kasidet](https://attack.mitre.org/software/S0088) is a backdoor that has been dropped by using malicious VBA macros. (Citation: Zscaler Kasidet)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '110', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-24T15:26:03.457Z', Name = 'Kazuar', Description = '[Kazuar](https://attack.mitre.org/software/S0265) is a fully featured, multi-platform backdoor Trojan written using the Microsoft .NET framework. (Citation: Unit 42 Kazuar May 2017)', Windows = 'true', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '111', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Kwampirs', Description = '[Kwampirs](https://attack.mitre.org/software/S0236) is a backdoor Trojan used by [Orangeworm](https://attack.mitre.org/groups/G0071). It has been found on machines which had software installed for the use and control of high-tech imaging devices such as X-Ray and MRI machines. (Citation: Symantec Orangeworm April 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '112', Created = '2017-05-31T21:32:33.348Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'LOWBALL', Description = '[LOWBALL](https://attack.mitre.org/software/S0042) is malware used by [admin@338](https://attack.mitre.org/groups/G0018). It was used in August 2015 in email messages targeting Hong Kong-based media organizations. (Citation: FireEye admin@338)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '113', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Linfo', Description = '[Linfo](https://attack.mitre.org/software/S0211) is a rootkit trojan used by [Elderwood](https://attack.mitre.org/groups/G0066) to open a backdoor on compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Linfo May 2012)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '114', Created = '2019-04-16T19:00:49.435Z', Modified = '2019-04-22T21:01:04.924Z', Name = 'LockerGoga', Description = '[LockerGoga ](https://attack.mitre.org/software/S0372) is ransomware that has been tied to various attacks on European companies. It was first reported upon in January 2019.(Citation: Unit42 LockerGoga 2019)(Citation: CarbonBlack LockerGoga 2019)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '115', Created = '2017-05-31T21:32:14.527Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Lurid', Description = '[Lurid](https://attack.mitre.org/software/S0010) is a malware family that has been used by several groups, including [PittyTiger](https://attack.mitre.org/groups/G0011), in targeted attacks as far back as 2006. (Citation: Villeneuve 2014) (Citation: Villeneuve 2011)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '116', Created = '2018-04-18T17:59:24.739Z', Modified = '2019-04-22T23:25:33.378Z', Name = 'MURKYTOP', Description = '[MURKYTOP](https://attack.mitre.org/software/S0233) is a reconnaissance tool used by [Leviathan](https://attack.mitre.org/groups/G0065). (Citation: FireEye Periscope March 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '117', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Matroyshka', Description = '[Matroyshka](https://attack.mitre.org/software/S0167) is a malware framework used by [CopyKittens](https://attack.mitre.org/groups/G0052) that consists of a dropper, loader, and RAT. It has multiple versions; v1 was seen in the wild from July 2016 until January 2017. v2 has fewer commands and other minor differences. (Citation: ClearSky Wilted Tulip July 2017) (Citation: CopyKittens Nov 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '118', Created = '2019-01-29T21:47:53.070Z', Modified = '2019-04-17T22:05:05.681Z', Name = 'Micropsia', Description = '[Micropsia](https://attack.mitre.org/software/S0339) is a remote access tool written in Delphi.(Citation: Talos Micropsia June 2017)(Citation: Radware Micropsia July 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '119', Created = '2017-05-31T21:33:16.315Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Miner-C', Description = '[Miner-C](https://attack.mitre.org/software/S0133) is malware that mines victims for the Monero cryptocurrency. It has targeted FTP servers and Network Attached Storage (NAS) devices to spread. (Citation: Softpedia MinerC)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '120', Created = '2017-05-31T21:32:36.919Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'MiniDuke', Description = '[MiniDuke](https://attack.mitre.org/software/S0051) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) from 2010 to 2015. The [MiniDuke](https://attack.mitre.org/software/S0051) toolset consists of multiple downloader and backdoor components. The loader has been used with other [MiniDuke](https://attack.mitre.org/software/S0051) components as well as in conjunction with [CosmicDuke](https://attack.mitre.org/software/S0050) and [PinchDuke](https://attack.mitre.org/software/S0048). (Citation: F-Secure The Dukes)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '121', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'MirageFox', Description = '[MirageFox](https://attack.mitre.org/software/S0280) is a remote access tool used against Windows systems. It appears to be an upgraded version of a tool known as Mirage, which is a RAT believed to originate in 2012. (Citation: APT15 Intezer June 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '122', Created = '2017-05-31T21:32:55.565Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Mis-Type', Description = '[Mis-Type](https://attack.mitre.org/software/S0084) is a backdoor hybrid that was used by [Dust Storm](https://attack.mitre.org/groups/G0031) in 2012. (Citation: Cylance Dust Storm)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '123', Created = '2017-05-31T21:32:55.126Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Misdat', Description = '[Misdat](https://attack.mitre.org/software/S0083) is a backdoor that was used by [Dust Storm](https://attack.mitre.org/groups/G0031) from 2010 to 2011. (Citation: Cylance Dust Storm)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '124', Created = '2017-05-31T21:32:54.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Mivast', Description = '[Mivast](https://attack.mitre.org/software/S0080) is a backdoor that has been used by [Deep Panda](https://attack.mitre.org/groups/G0009). It was reportedly used in the Anthem breach. (Citation: Symantec Black Vine)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '125', Created = '2017-05-31T21:33:27.016Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'MoonWind', Description = '[MoonWind](https://attack.mitre.org/software/S0149) is a remote access tool (RAT) that was used in 2016 to target organizations in Thailand. (Citation: Palo Alto MoonWind March 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '126', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'More_eggs', Description = '[More_eggs](https://attack.mitre.org/software/S0284) is a JScript backdoor used by [Cobalt Group](https://attack.mitre.org/groups/G0080). Its name was given based on the variable "More_eggs" being present in its code. There are at least two different versions of the backdoor being used, version 2.0 and version 4.4. (Citation: Talos Cobalt Group July 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '127', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Mosquito', Description = '[Mosquito](https://attack.mitre.org/software/S0256) is a Win32 backdoor that has been used by [Turla](https://attack.mitre.org/groups/G0010). [Mosquito](https://attack.mitre.org/software/S0256) is made up of three parts: the installer, the launcher, and the backdoor. The main backdoor is called CommanderDLL and is launched by the loader program. (Citation: ESET Turla Mosquito Jan 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '128', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'NDiskMonitor', Description = '[NDiskMonitor](https://attack.mitre.org/software/S0272) is a custom backdoor written in .NET that appears to be unique to [Patchwork](https://attack.mitre.org/groups/G0040). (Citation: TrendMicro Patchwork Dec 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '129', Created = '2017-05-31T21:32:27.787Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'NETEAGLE', Description = '[NETEAGLE](https://attack.mitre.org/software/S0034) is a backdoor developed by [APT30](https://attack.mitre.org/groups/G0013) with compile dates as early as 2008. It has two main variants known as “Scout” and “Norton.” (Citation: FireEye APT30)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '130', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'NETWIRE', Description = '[NETWIRE](https://attack.mitre.org/software/S0198) is a publicly available, multiplatform remote administration tool (RAT) that has been used by criminal and APT groups since at least 2012. (Citation: FireEye APT33 Sept 2017) (Citation: McAfee Netwire Mar 2015) (Citation: FireEye APT33 Webinar Sept 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '131', Created = '2019-01-30T19:50:45.307Z', Modified = '2019-01-31T00:38:08.331Z', Name = 'NOKKI', Description = '[NOKKI](https://attack.mitre.org/software/S0353) is a modular remote access tool. The earliest observed attack using [NOKKI](https://attack.mitre.org/software/S0353) was in January 2018. [NOKKI](https://attack.mitre.org/software/S0353) has significant code overlap with the [KONNI](https://attack.mitre.org/software/S0356) malware family. There is some evidence potentially linking [NOKKI](https://attack.mitre.org/software/S0353) to [APT37](https://attack.mitre.org/groups/G0067).(Citation: Unit 42 NOKKI Sept 2018)(Citation: Unit 42 Nokki Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '132', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Naid', Description = '[Naid](https://attack.mitre.org/software/S0205) is a trojan used by [Elderwood](https://attack.mitre.org/groups/G0066) to open a backdoor on compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Naid June 2012)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '133', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'NanHaiShu', Description = '[NanHaiShu](https://attack.mitre.org/software/S0228) is a remote access tool and JScript backdoor used by [Leviathan](https://attack.mitre.org/groups/G0065). [NanHaiShu](https://attack.mitre.org/software/S0228) has been used to target government and private-sector organizations that have relations to the South China Sea dispute. (Citation: Proofpoint Leviathan Oct 2017) (Citation: fsecure NanHaiShu July 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '134', Created = '2019-01-29T20:05:35.952Z', Modified = '2019-04-17T20:47:23.692Z', Name = 'NanoCore', Description = '[NanoCore](https://attack.mitre.org/software/S0336) is a modular remote access tool developed in .NET that can be used to spy on victims and steal information. It has been used by threat actors since 2013.(Citation: DigiTrust NanoCore Jan 2017)(Citation: Cofense NanoCore Mar 2018)(Citation: PaloAlto NanoCore Feb 2016)(Citation: Unit 42 Gorgon Group Aug 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '135', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'NavRAT', Description = '[NavRAT](https://attack.mitre.org/software/S0247) is a remote access tool designed to upload, download, and execute files. It has been observed in attacks targeting South Korea. (Citation: Talos NavRAT May 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '136', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Nerex', Description = '[Nerex](https://attack.mitre.org/software/S0210) is a Trojan used by [Elderwood](https://attack.mitre.org/groups/G0066) to open a backdoor on compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Nerex May 2012)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '137', Created = '2017-05-31T21:32:38.851Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Net Crawler', Description = '[Net Crawler](https://attack.mitre.org/software/S0056) is an intranet worm capable of extracting credentials using credential dumpers and spreading to systems on a network over SMB by brute forcing accounts with recovered passwords and using [PsExec](https://attack.mitre.org/software/S0029) to execute a copy of [Net Crawler](https://attack.mitre.org/software/S0056). (Citation: Cylance Cleaver)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '138', Created = '2017-05-31T21:32:25.361Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'NetTraveler', Description = '[NetTraveler](https://attack.mitre.org/software/S0033) is malware that has been used in multiple cyber espionage campaigns for basic surveillance of victims. The earliest known samples have timestamps back to 2005, and the largest number of observed samples were created between 2010 and 2013. (Citation: Kaspersky NetTraveler)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '139', Created = '2017-05-31T21:33:09.842Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Nidiran', Description = '[Nidiran](https://attack.mitre.org/software/S0118) is a custom backdoor developed and used by [Suckfly](https://attack.mitre.org/groups/G0039). It has been delivered via strategic web compromise. (Citation: Symantec Suckfly March 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '140', Created = '2019-03-26T15:02:14.907Z', Modified = '2019-04-24T20:02:44.931Z', Name = 'NotPetya', Description = '[NotPetya](https://attack.mitre.org/software/S0368) is malware that was first seen in a worldwide attack starting on June 27, 2017. The main purpose of the malware appeared to be to effectively destroy data and disk structures on compromised systems. Though [NotPetya](https://attack.mitre.org/software/S0368) presents itself as a form of ransomware, it appears likely that the attackers never intended to make the encrypted data recoverable. As such, [NotPetya](https://attack.mitre.org/software/S0368) may be more appropriately thought of as a form of wiper malware. [NotPetya](https://attack.mitre.org/software/S0368) contains worm-like features to spread itself across a computer network using the SMBv1 exploits EternalBlue and EternalRomance.(Citation: Talos Nyetya June 2017)(Citation: Talos Nyetya June 2017)(Citation: US-CERT NotPetya 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '141', Created = '2017-05-31T21:33:18.946Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'OLDBAIT', Description = '[OLDBAIT](https://attack.mitre.org/software/S0138) is a credential harvester used by [APT28](https://attack.mitre.org/groups/G0007). (Citation: FireEye APT28) (Citation: FireEye APT28 January 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '142', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'OSInfo', Description = '[OSInfo](https://attack.mitre.org/software/S0165) is a custom tool used by [APT3](https://attack.mitre.org/groups/G0022) to do internal discovery on a victim''s computer and network. (Citation: Symantec Buckeye)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '143', Created = '2019-01-30T15:43:19.105Z', Modified = '2019-02-12T21:14:11.002Z', Name = 'OceanSalt', Description = '[OceanSalt](https://attack.mitre.org/software/S0346) is a Trojan that was used in a campaign targeting victims in South Korea, United States, and Canada. [OceanSalt](https://attack.mitre.org/software/S0346) shares code similarity with [SpyNote RAT](https://attack.mitre.org/software/S0305), which has been linked to [APT1](https://attack.mitre.org/groups/G0006).(Citation: McAfee Oceansalt Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '144', Created = '2019-01-30T13:24:08.616Z', Modified = '2019-01-30T13:24:08.617Z', Name = 'Octopus', Description = '[Octopus](https://attack.mitre.org/software/S0340) is a Windows Trojan.(Citation: Securelist Octopus Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '145', Created = '2019-03-25T14:07:22.547Z', Modified = '2019-04-19T19:17:11.968Z', Name = 'Olympic Destroyer', Description = '[Olympic Destroyer](https://attack.mitre.org/software/S0365) is malware that was first seen infecting computer systems at the 2018 Winter Olympics, held in Pyeongchang, South Korea. The main purpose of the malware appears to be to cause destructive impact to the affected systems. The malware leverages various native Windows utilities and API calls to carry out its destructive tasks. The malware has worm-like features to spread itself across a computer network in order to maximize its destructive impact.(Citation: Talos Olympic Destroyer 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '146', Created = '2017-05-31T21:32:37.341Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'OnionDuke', Description = '[OnionDuke](https://attack.mitre.org/software/S0052) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) from 2013 to 2015. (Citation: F-Secure The Dukes)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '147', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-24T23:40:23.257Z', Name = 'OopsIE', Description = '[OopsIE](https://attack.mitre.org/software/S0264) is a Trojan used by [OilRig](https://attack.mitre.org/groups/G0049) to remotely execute commands as well as upload/download files to/from victims. (Citation: Unit 42 OopsIE! Feb 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '148', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Orz', Description = '[Orz](https://attack.mitre.org/software/S0229) is a custom JavaScript backdoor used by [Leviathan](https://attack.mitre.org/groups/G0065). It was observed being used in 2014 as well as in August 2017 when it was dropped by Microsoft Publisher files. (Citation: Proofpoint Leviathan Oct 2017) (Citation: FireEye Periscope March 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '149', Created = '2017-05-31T21:32:47.412Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'OwaAuth', Description = '[OwaAuth](https://attack.mitre.org/software/S0072) is a Web shell and credential stealer deployed to Microsoft Exchange servers that appears to be exclusively used by [Threat Group-3390](https://attack.mitre.org/groups/G0027). (Citation: Dell TG-3390)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '150', Created = '2017-05-31T21:32:16.715Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'P2P ZeuS', Description = '[P2P ZeuS](https://attack.mitre.org/software/S0016) is a closed-source fork of the leaked version of the ZeuS botnet. It presents improvements over the leaked version, including a peer-to-peer architecture. (Citation: Dell P2P ZeuS)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '151', Created = '2017-12-14T16:46:06.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'PHOREAL', Description = '[PHOREAL](https://attack.mitre.org/software/S0158) is a signature backdoor used by [APT32](https://attack.mitre.org/groups/G0050). (Citation: FireEye APT32 May 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '152', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'PLAINTEE', Description = '[PLAINTEE](https://attack.mitre.org/software/S0254) is a malware sample that has been used by [Rancor](https://attack.mitre.org/groups/G0075) in targeted attacks in Singapore and Cambodia. (Citation: Rancor Unit42 June 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '153', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'POORAIM', Description = '[POORAIM](https://attack.mitre.org/software/S0216) is a backdoor used by [APT37](https://attack.mitre.org/groups/G0067) in campaigns since at least 2014. (Citation: FireEye APT37 Feb 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '154', Created = '2017-12-14T16:46:06.044Z', Modified = '2019-04-24T23:41:39.925Z', Name = 'POSHSPY', Description = '[POSHSPY](https://attack.mitre.org/software/S0150) is a backdoor that has been used by [APT29](https://attack.mitre.org/groups/G0016) since at least 2015. It appears to be used as a secondary backdoor used if the actors lost access to their primary backdoors. (Citation: FireEye POSHSPY April 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '155', Created = '2017-05-31T21:33:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'POWERSOURCE', Description = '[POWERSOURCE](https://attack.mitre.org/software/S0145) is a PowerShell backdoor that is a heavily obfuscated and modified version of the publicly available tool DNS_TXT_Pwnage. It was observed in February 2017 in spearphishing campaigns against personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations. The malware was delivered when macros were enabled by the victim and a VBS script was dropped. (Citation: FireEye FIN7 March 2017) (Citation: Cisco DNSMessenger March 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '156', Created = '2018-04-18T17:59:24.739Z', Modified = '2019-04-22T22:36:52.629Z', Name = 'POWERSTATS', Description = '[POWERSTATS](https://attack.mitre.org/software/S0223) is a PowerShell-based first stage backdoor used by [MuddyWater](https://attack.mitre.org/groups/G0069). (Citation: Unit 42 MuddyWater Nov 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '157', Created = '2019-04-16T17:43:42.724Z', Modified = '2019-04-22T19:59:21.380Z', Name = 'POWERTON', Description = '[POWERTON](https://attack.mitre.org/software/S0371) is a custom PowerShell backdoor first observed in 2018. It has typically been deployed as a late-stage backdoor by [APT33](https://attack.mitre.org/groups/G0064). At least two variants of the backdoor have been identified, with the later version containing improved functionality.(Citation: FireEye APT33 Guardrail)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '158', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'POWRUNER', Description = '[POWRUNER](https://attack.mitre.org/software/S0184) is a PowerShell script that sends and receives commands to and from the C2 server. (Citation: FireEye APT34 Dec 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '159', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'PUNCHBUGGY', Description = '[PUNCHBUGGY](https://attack.mitre.org/software/S0196) is a dynamic-link library (DLL) downloader utilized by [FIN8](https://attack.mitre.org/groups/G0061). (Citation: FireEye Fin8 May 2016) (Citation: FireEye Know Your Enemy FIN8 Aug 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '160', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'PUNCHTRACK', Description = '[PUNCHTRACK](https://attack.mitre.org/software/S0197) is non-persistent point of sale (POS) system malware utilized by [FIN8](https://attack.mitre.org/groups/G0061) to scrape payment card data. (Citation: FireEye Fin8 May 2016) (Citation: FireEye Know Your Enemy FIN8 Aug 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '161', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Pasam', Description = '[Pasam](https://attack.mitre.org/software/S0208) is a trojan used by [Elderwood](https://attack.mitre.org/groups/G0066) to open a backdoor on compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Pasam May 2012)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '162', Created = '2017-05-31T21:32:35.780Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'PinchDuke', Description = '[PinchDuke](https://attack.mitre.org/software/S0048) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) from 2008 to 2010. (Citation: F-Secure The Dukes)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '163', Created = '2017-05-31T21:33:12.388Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Pisloader', Description = '[Pisloader](https://attack.mitre.org/software/S0124) is a malware family that is notable due to its use of DNS as a C2 protocol as well as its use of anti-analysis tactics. It has been used by [APT18](https://attack.mitre.org/groups/G0026) and is similar to another malware family, [HTTPBrowser](https://attack.mitre.org/software/S0070), that has been used by the group. (Citation: Palo Alto DNS Requests)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '164', Created = '2017-05-31T21:32:15.638Z', Modified = '2019-04-19T15:08:15.613Z', Name = 'PlugX', Description = '[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) that uses modular plugins. It has been used by multiple threat groups. (Citation: Lastline PlugX Analysis) (Citation: FireEye Clandestine Fox Part 2) (Citation: New DragonOK) (Citation: Dell TG-3390)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '165', Created = '2017-05-31T21:32:15.263Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'PoisonIvy', Description = '[PoisonIvy](https://attack.mitre.org/software/S0012) is a popular remote access tool (RAT) that has been used by many groups. (Citation: FireEye Poison Ivy) (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Darkmoon Aug 2005)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '166', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Power Loader', Description = '[Power Loader](https://attack.mitre.org/software/S0177) is modular code sold in the cybercrime market used as a downloader in malware families such as Carberp, Redyms and Gapz. (Citation: MalwareTech Power Loader Aug 2013) (Citation: WeLiveSecurity Gapz and Redyms Mar 2013)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '167', Created = '2017-05-31T21:33:19.746Z', Modified = '2019-04-22T22:31:38.093Z', Name = 'PowerDuke', Description = '[PowerDuke](https://attack.mitre.org/software/S0139) is a backdoor that was used by [APT29](https://attack.mitre.org/groups/G0016) in 2016. It has primarily been delivered through Microsoft Word or Excel attachments containing malicious macros. (Citation: Volexity PowerDuke November 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '168', Created = '2017-05-31T21:33:07.943Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Prikormka', Description = '[Prikormka](https://attack.mitre.org/software/S0113) is a malware family used in a campaign known as Operation Groundbait. It has predominantly been observed in Ukraine and was used as early as 2008. (Citation: ESET Operation Groundbait)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '169', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-22T22:40:40.953Z', Name = 'Proxysvc', Description = '[Proxysvc](https://attack.mitre.org/software/S0238) is a malicious DLL used by [Lazarus Group](https://attack.mitre.org/groups/G0032) in a campaign known as Operation GhostSecret. It has appeared to be operating undetected since 2017 and was mostly observed in higher education organizations. The goal of [Proxysvc](https://attack.mitre.org/software/S0238) is to deliver additional payloads to the target and to maintain control for the attacker. It is in the form of a DLL that can also be executed as a standalone process. (Citation: McAfee GhostSecret)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '170', Created = '2017-05-31T21:32:53.268Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Psylo', Description = '[Psylo](https://attack.mitre.org/software/S0078) is a shellcode-based Trojan that has been used by [Scarlet Mimic](https://attack.mitre.org/groups/G0029). It has similar characteristics as [FakeM](https://attack.mitre.org/software/S0076). (Citation: Scarlet Mimic Jan 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '171', Created = '2017-05-31T21:33:26.084Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Pteranodon', Description = '[Pteranodon](https://attack.mitre.org/software/S0147) is a custom backdoor used by [Gamaredon Group](https://attack.mitre.org/groups/G0047). (Citation: Palo Alto Gamaredon Feb 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '172', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'QUADAGENT', Description = '[QUADAGENT](https://attack.mitre.org/software/S0269) is a PowerShell backdoor used by [OilRig](https://attack.mitre.org/groups/G0049). (Citation: Unit 42 QUADAGENT July 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '173', Created = '2017-05-31T21:32:38.480Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'RARSTONE', Description = '[RARSTONE](https://attack.mitre.org/software/S0055) is malware used by the [Naikon](https://attack.mitre.org/groups/G0019) group that has some characteristics similar to [PlugX](https://attack.mitre.org/software/S0013). (Citation: Aquino RARSTONE)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '174', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-05-03T16:54:32.964Z', Name = 'RATANKBA', Description = '[RATANKBA](https://attack.mitre.org/software/S0241) is a remote controller tool used by [Lazarus Group](https://attack.mitre.org/groups/G0032). [RATANKBA](https://attack.mitre.org/software/S0241) has been used in attacks targeting financial institutions in Poland, Mexico, Uruguay, the United Kingdom, and Chile. It was also seen used against organizations related to telecommunications, management consulting, information technology, insurance, aviation, and education. [RATANKBA](https://attack.mitre.org/software/S0241) has a graphical user interface to allow the attacker to issue jobs to perform on the infected machines. (Citation: Lazarus RATANKBA) (Citation: RATANKBA)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '175', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'RGDoor', Description = '[RGDoor](https://attack.mitre.org/software/S0258) is a malicious Internet Information Services (IIS) backdoor developed in the C++ language. [RGDoor](https://attack.mitre.org/software/S0258) has been seen deployed on webservers belonging to the Middle East government organizations. [RGDoor](https://attack.mitre.org/software/S0258) provides backdoor access to compromised IIS servers. (Citation: Unit 42 RGDoor Jan 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '176', Created = '2017-05-31T21:32:11.911Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'RIPTIDE', Description = '[RIPTIDE](https://attack.mitre.org/software/S0003) is a proxy-aware backdoor used by [APT12](https://attack.mitre.org/groups/G0005). (Citation: Moran 2014)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '177', Created = '2017-05-31T21:33:07.565Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'ROCKBOOT', Description = '[ROCKBOOT](https://attack.mitre.org/software/S0112) is a [Bootkit](https://attack.mitre.org/techniques/T1067) that has been used by an unidentified, suspected China-based group. (Citation: FireEye Bootkits)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '178', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-24T23:53:43.006Z', Name = 'ROKRAT', Description = '[ROKRAT](https://attack.mitre.org/software/S0240) is a remote access tool (RAT) used by [APT37](https://attack.mitre.org/groups/G0067). This software has been used to target victims in South Korea. [APT37](https://attack.mitre.org/groups/G0067) used ROKRAT during several campaigns in 2016 through 2018. (Citation: Talos ROKRAT) (Citation: Talos Group123)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '179', Created = '2017-05-31T21:33:26.565Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'RTM', Description = '[RTM](https://attack.mitre.org/software/S0148) is custom malware written in Delphi. It is used by the group of the same name ([RTM](https://attack.mitre.org/groups/G0048)). (Citation: ESET RTM Feb 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '180', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'RawPOS', Description = '[RawPOS](https://attack.mitre.org/software/S0169) is a point-of-sale (POS) malware family that searches for cardholder data on victims. It has been in use since at least 2008. (Citation: Kroll RawPOS Jan 2017) (Citation: TrendMicro RawPOS April 2015) (Citation: Visa RawPOS March 2015) FireEye divides RawPOS into three components: FIENDCRY, DUEBREW, and DRIFTWOOD. (Citation: Mandiant FIN5 GrrCON Oct 2016) (Citation: DarkReading FireEye FIN5 Oct 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '181', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Reaver', Description = '[Reaver](https://attack.mitre.org/software/S0172) is a malware family that has been in the wild since at least late 2016. Reporting indicates victims have primarily been associated with the "Five Poisons," which are movements the Chinese government considers dangerous. The type of malware is rare due to its final payload being in the form of [Control Panel Items](https://attack.mitre.org/techniques/T1196). (Citation: Palo Alto Reaver Nov 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '182', Created = '2017-12-14T16:46:06.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'RedLeaves', Description = '[RedLeaves](https://attack.mitre.org/software/S0153) is a malware family used by [menuPass](https://attack.mitre.org/groups/G0045). The code overlaps with [PlugX](https://attack.mitre.org/software/S0013) and may be based upon the open source tool Trochilus. (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: FireEye APT10 April 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '183', Created = '2017-05-31T21:32:17.959Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Regin', Description = '[Regin](https://attack.mitre.org/software/S0019) is a malware platform that has targeted victims in a range of industries, including telecom, government, and financial institutions. Some [Regin](https://attack.mitre.org/software/S0019) timestamps date back to 2003. (Citation: Kaspersky Regin)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '184', Created = '2019-04-17T19:18:00.270Z', Modified = '2019-04-22T20:18:06.862Z', Name = 'Remexi', Description = '[Remexi](https://attack.mitre.org/software/S0375) is a Windows-based Trojan that was developed in the C programming language.(Citation: Securelist Remexi Jan 2019)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '185', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'RemoteCMD', Description = '[RemoteCMD](https://attack.mitre.org/software/S0166) is a custom tool used by [APT3](https://attack.mitre.org/groups/G0022) to execute commands on a remote system similar to SysInternal''s PSEXEC functionality. (Citation: Symantec Buckeye)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '186', Created = '2017-05-31T21:33:12.858Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Remsec', Description = '[Remsec](https://attack.mitre.org/software/S0125) is a modular backdoor that has been used by [Strider](https://attack.mitre.org/groups/G0041) and appears to have been designed primarily for espionage purposes. Many of its modules are written in Lua. (Citation: Symantec Strider Blog)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '187', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-24T23:55:43.081Z', Name = 'RogueRobin', Description = '[RogueRobin](https://attack.mitre.org/software/S0270) is a payload used by [DarkHydrus](https://attack.mitre.org/groups/G0079) that has been developed in PowerShell and C#. (Citation: Unit 42 DarkHydrus July 2018)(Citation: Unit42 DarkHydrus Jan 2019)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '188', Created = '2017-05-31T21:32:58.226Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Rover', Description = '[Rover](https://attack.mitre.org/software/S0090) is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan. (Citation: Palo Alto Rover)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '189', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'RunningRAT', Description = '[RunningRAT](https://attack.mitre.org/software/S0253) is a remote access tool that appeared in operations surrounding the 2018 Pyeongchang Winter Olympics along with [Gold Dragon](https://attack.mitre.org/software/S0249) and [Brave Prince](https://attack.mitre.org/software/S0252). (Citation: McAfee Gold Dragon)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '190', Created = '2017-05-31T21:32:55.925Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'S-Type', Description = '[S-Type](https://attack.mitre.org/software/S0085) is a backdoor that was used by [Dust Storm](https://attack.mitre.org/groups/G0031) from 2013 to 2014. (Citation: Cylance Dust Storm)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '191', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'SEASHARPEE', Description = '[SEASHARPEE](https://attack.mitre.org/software/S0185) is a Web shell that has been used by [APT34](https://attack.mitre.org/groups/G0057). (Citation: FireEye APT34 Webinar Dec 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '192', Created = '2017-05-31T21:32:21.366Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'SHIPSHAPE', Description = '[SHIPSHAPE](https://attack.mitre.org/software/S0028) is malware developed by [APT30](https://attack.mitre.org/groups/G0013) that allows propagation and exfiltration of data over removable devices. [APT30](https://attack.mitre.org/groups/G0013) may use this capability to exfiltrate data across air-gaps. (Citation: FireEye APT30)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '193', Created = '2017-05-31T21:32:42.754Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'SHOTPUT', Description = '[SHOTPUT](https://attack.mitre.org/software/S0063) is a custom backdoor used by [APT3](https://attack.mitre.org/groups/G0022). (Citation: FireEye Clandestine Wolf)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '194', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'SHUTTERSPEED', Description = '[SHUTTERSPEED](https://attack.mitre.org/software/S0217) is a backdoor used by [APT37](https://attack.mitre.org/groups/G0067). (Citation: FireEye APT37 Feb 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '195', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'SLOWDRIFT', Description = '[SLOWDRIFT](https://attack.mitre.org/software/S0218) is a backdoor used by [APT37](https://attack.mitre.org/groups/G0067) against academic and strategic victims in South Korea. (Citation: FireEye APT37 Feb 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '196', Created = '2017-12-14T16:46:06.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'SNUGRIDE', Description = '[SNUGRIDE](https://attack.mitre.org/software/S0159) is a backdoor that has been used by [menuPass](https://attack.mitre.org/groups/G0045) as first stage malware. (Citation: FireEye APT10 April 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '197', Created = '2017-12-14T16:46:06.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'SOUNDBITE', Description = '[SOUNDBITE](https://attack.mitre.org/software/S0157) is a signature backdoor used by [APT32](https://attack.mitre.org/groups/G0050). (Citation: FireEye APT32 May 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '198', Created = '2017-05-31T21:32:28.257Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'SPACESHIP', Description = '[SPACESHIP](https://attack.mitre.org/software/S0035) is malware developed by [APT30](https://attack.mitre.org/groups/G0013) that allows propagation and exfiltration of data over removable devices. [APT30](https://attack.mitre.org/groups/G0013) may use this capability to exfiltrate data across air-gaps. (Citation: FireEye APT30)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '199', Created = '2017-05-31T21:32:48.482Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Sakula', Description = '[Sakula](https://attack.mitre.org/software/S0074) is a remote access tool (RAT) that first surfaced in 2012 and was used in intrusions throughout 2015. (Citation: Dell Sakula)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '200', Created = '2019-04-15T19:40:07.664Z', Modified = '2019-04-18T20:59:56.853Z', Name = 'SamSam', Description = '[SamSam](https://attack.mitre.org/software/S0370) is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to manually interact with the malware to execute some of its core components.(Citation: US-CERT SamSam 2018)(Citation: Talos SamSam Jan 2018)(Citation: Sophos SamSam Apr 2018)(Citation: Symantec SamSam Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '201', Created = '2017-05-31T21:32:37.767Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'SeaDuke', Description = '[SeaDuke](https://attack.mitre.org/software/S0053) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) from 2014 to 2015. It was used primarily as a secondary backdoor for victims that were already compromised with [CozyCar](https://attack.mitre.org/software/S0046). (Citation: F-Secure The Dukes)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '202', Created = '2019-01-30T15:27:06.404Z', Modified = '2019-02-12T21:28:19.201Z', Name = 'Seasalt', Description = '[Seasalt](https://attack.mitre.org/software/S0345) is malware that has been linked to [APT1](https://attack.mitre.org/groups/G0006)''s 2010 operations. It shares some code similarities with [OceanSalt](https://attack.mitre.org/software/S0346).(Citation: Mandiant APT1 Appendix)(Citation: McAfee Oceansalt Oct 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '203', Created = '2017-05-31T21:33:20.223Z', Modified = '2019-04-24T23:59:16.008Z', Name = 'Shamoon', Description = '[Shamoon](https://attack.mitre.org/software/S0140) is wiper malware that was first used by an Iranian group known as the "Cutting Sword of Justice" in 2012. Other versions known as Shamoon 2 and Shamoon 3 were observed in 2016 and 2018. [Shamoon](https://attack.mitre.org/software/S0140) has also been seen leveraging [RawDisk](https://attack.mitre.org/software/S0364) to carry out data wiping tasks. The term Shamoon is sometimes used to refer to the group using the malware as well as the malware itself.(Citation: Palo Alto Shamoon Nov 2016)(Citation: Unit 42 Shamoon3 2018)(Citation: Symantec Shamoon 2012)(Citation: FireEye Shamoon Nov 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '204', Created = '2017-05-31T21:32:13.407Z', Modified = '2019-05-03T16:43:36.251Z', Name = 'Skeleton Key', Description = '[Skeleton Key](https://attack.mitre.org/software/S0007) is malware used to inject false credentials into domain controllers with the intent of creating a backdoor password. (Citation: Dell Skeleton) Functionality similar to [Skeleton Key](https://attack.mitre.org/software/S0007) is included as a module in [Mimikatz](https://attack.mitre.org/software/S0002).', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '205', Created = '2018-04-18T17:59:24.739Z', Modified = '2019-04-25T00:02:48.964Z', Name = 'Smoke Loader', Description = '[Smoke Loader](https://attack.mitre.org/software/S0226) is a malicious bot application that can be used to load other malware. [Smoke Loader](https://attack.mitre.org/software/S0226) has been seen in the wild since at least 2011 and has included a number of different payloads. It is notorious for its use of deception and self-protection. It also comes with several plug-ins. (Citation: Malwarebytes SmokeLoader 2016) (Citation: Microsoft Dofoil 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '206', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Socksbot', Description = '[Socksbot](https://attack.mitre.org/software/S0273) is a backdoor that abuses Socket Secure (SOCKS) proxies. (Citation: TrendMicro Patchwork Dec 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '207', Created = '2017-05-31T21:32:39.606Z', Modified = '2019-04-25T02:48:47.401Z', Name = 'SslMM', Description = '[SslMM](https://attack.mitre.org/software/S0058) is a full-featured backdoor used by [Naikon](https://attack.mitre.org/groups/G0019) that has multiple variants. (Citation: Baumgartner Naikon 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '208', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Starloader', Description = '[Starloader](https://attack.mitre.org/software/S0188) is a loader component that has been observed loading [Felismus](https://attack.mitre.org/software/S0171) and associated tools. (Citation: Symantec Sowbug Nov 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '209', Created = '2017-05-31T21:33:21.437Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'StreamEx', Description = '[StreamEx](https://attack.mitre.org/software/S0142) is a malware family that has been used by [Deep Panda](https://attack.mitre.org/groups/G0009) since at least 2015. In 2016, it was distributed via legitimate compromised Korean websites. (Citation: Cylance Shell Crew Feb 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '210', Created = '2017-05-31T21:32:17.568Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Sykipot', Description = '[Sykipot](https://attack.mitre.org/software/S0018) is malware that has been used in spearphishing campaigns since approximately 2007 against victims primarily in the US. One variant of [Sykipot](https://attack.mitre.org/software/S0018) hijacks smart cards on victims. (Citation: Alienvault Sykipot DOD Smart Cards) The group using this malware has also been referred to as Sykipot. (Citation: Blasco 2013)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '211', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-24T15:28:53.315Z', Name = 'SynAck', Description = '[SynAck](https://attack.mitre.org/software/S0242) is variant of Trojan ransomware targeting mainly English-speaking users since at least fall 2017. (Citation: SecureList SynAck Doppelgänging May 2018) (Citation: Kaspersky Lab SynAck May 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '212', Created = '2017-05-31T21:32:40.391Z', Modified = '2019-05-03T16:44:41.669Z', Name = 'Sys10', Description = '[Sys10](https://attack.mitre.org/software/S0060) is a backdoor that was used throughout 2013 by [Naikon](https://attack.mitre.org/groups/G0019). (Citation: Baumgartner Naikon 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '213', Created = '2017-05-31T21:33:01.951Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'T9000', Description = '[T9000](https://attack.mitre.org/software/S0098) is a backdoor that is a newer variant of the T5000 malware family, also known as Plat1. Its primary function is to gather information about the victim. It has been used in multiple targeted attacks against U.S.-based organizations. (Citation: FireEye admin@338 March 2014) (Citation: Palo Alto T9000 Feb 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '214', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'TDTESS', Description = '[TDTESS](https://attack.mitre.org/software/S0164) is a 64-bit .NET binary backdoor used by [CopyKittens](https://attack.mitre.org/groups/G0052). (Citation: ClearSky Wilted Tulip July 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '215', Created = '2017-05-31T21:33:25.209Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'TEXTMATE', Description = '[TEXTMATE](https://attack.mitre.org/software/S0146) is a second-stage PowerShell backdoor that is memory-resident. It was observed being used along with [POWERSOURCE](https://attack.mitre.org/software/S0145) in February 2017. (Citation: FireEye FIN7 March 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '216', Created = '2017-05-31T21:33:15.467Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'TINYTYPHON', Description = '[TINYTYPHON](https://attack.mitre.org/software/S0131) is a backdoor that has been used by the actors responsible for the MONSOON campaign. The majority of its code was reportedly taken from the MyDoom worm. (Citation: Forcepoint Monsoon)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '217', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'TURNEDUP', Description = '[TURNEDUP](https://attack.mitre.org/software/S0199) is a non-public backdoor. It has been dropped by [APT33](https://attack.mitre.org/groups/G0064)''s DROPSHOT malware (also known as Stonedrill). (Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '218', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'TYPEFRAME', Description = '[TYPEFRAME](https://attack.mitre.org/software/S0263) is a remote access tool that has been used by [Lazarus Group](https://attack.mitre.org/groups/G0032). (Citation: US-CERT TYPEFRAME June 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '219', Created = '2017-05-31T21:32:14.900Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Taidoor', Description = '[Taidoor](https://attack.mitre.org/software/S0011) is malware that has been used since at least 2010, primarily to target Taiwanese government organizations. (Citation: TrendMicro Taidoor)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '220', Created = '2017-05-31T21:32:12.310Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'TinyZBot', Description = '[TinyZBot](https://attack.mitre.org/software/S0004) is a bot written in C# that was developed by [Cleaver](https://attack.mitre.org/groups/G0003). (Citation: Cylance Cleaver)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '221', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-23T20:16:02.322Z', Name = 'TrickBot', Description = '[TrickBot](https://attack.mitre.org/software/S0266) is a Trojan spyware program that has mainly been used for targeting banking sites in United States, Canada, UK, Germany, Australia, Austria, Ireland, London, Switzerland, and Scotland. TrickBot first emerged in the wild in September 2016 and appears to be a successor to [Dyre](https://attack.mitre.org/software/S0024). [TrickBot](https://attack.mitre.org/software/S0266) is developed in the C++ programming language. (Citation: S2 Grupo TrickBot June 2017) (Citation: Fidelis TrickBot Oct 2016) (Citation: IBM TrickBot Nov 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '222', Created = '2017-05-31T21:33:00.176Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Trojan.Karagany', Description = '[Trojan.Karagany](https://attack.mitre.org/software/S0094) is a backdoor primarily used for recon. The source code for it was leaked in 2010 and it is sold on underground forums. (Citation: Symantec Dragonfly)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '223', Created = '2017-05-31T21:32:11.148Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Trojan.Mebromi', Description = '[Trojan.Mebromi](https://attack.mitre.org/software/S0001) is BIOS-level malware that takes control of the victim before MBR. (Citation: Ge 2011)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '224', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Truvasys', Description = '[Truvasys](https://attack.mitre.org/software/S0178) is first-stage malware that has been used by [PROMETHIUM](https://attack.mitre.org/groups/G0056). It is a collection of modules written in the Delphi programming language. (Citation: Microsoft Win Defender Truvasys Sep 2017) (Citation: Microsoft NEODYMIUM Dec 2016) (Citation: Microsoft SIR Vol 21)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '225', Created = '2019-01-29T19:09:26.355Z', Modified = '2019-04-19T15:10:04.189Z', Name = 'UBoatRAT', Description = '[UBoatRAT](https://attack.mitre.org/software/S0333) is a remote access tool that was identified in May 2017.(Citation: PaloAlto UBoatRAT Nov 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '226', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'UPPERCUT', Description = '[UPPERCUT](https://attack.mitre.org/software/S0275) is a backdoor that has been used by [menuPass](https://attack.mitre.org/groups/G0045). (Citation: FireEye APT10 Sept 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '227', Created = '2017-05-31T21:33:17.716Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'USBStealer', Description = '[USBStealer](https://attack.mitre.org/software/S0136) is malware that has used by [APT28](https://attack.mitre.org/groups/G0007) since at least 2005 to extract information from air-gapped networks. It does not have the capability to communicate over the Internet and has been used in conjunction with [ADVSTORESHELL](https://attack.mitre.org/software/S0045). (Citation: ESET Sednit USBStealer 2014) (Citation: Kaspersky Sofacy)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '228', Created = '2017-05-31T21:33:15.020Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Unknown Logger', Description = '[Unknown Logger](https://attack.mitre.org/software/S0130) is a publicly released, free backdoor. Version 1.5 of the backdoor has been used by the actors responsible for the MONSOON campaign. (Citation: Forcepoint Monsoon)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '229', Created = '2017-05-31T21:32:19.029Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Uroburos', Description = '[Uroburos](https://attack.mitre.org/software/S0022) is a rootkit used by [Turla](https://attack.mitre.org/groups/G0010). (Citation: Kaspersky Turla)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '230', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'VERMIN', Description = '[VERMIN](https://attack.mitre.org/software/S0257) is a remote access tool written in the Microsoft .NET framework. It is mostly composed of original code, but also has some open source code. (Citation: Unit 42 VERMIN Jan 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '231', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Vasport', Description = '[Vasport](https://attack.mitre.org/software/S0207) is a trojan used by [Elderwood](https://attack.mitre.org/groups/G0066) to open a backdoor on compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Vasport May 2012)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '232', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Volgmer', Description = '[Volgmer](https://attack.mitre.org/software/S0180) is a backdoor Trojan designed to provide covert access to a compromised system. It has been used since at least 2013 to target the government, financial, automotive, and media industries. Its primary delivery mechanism is suspected to be spearphishing. (Citation: US-CERT Volgmer Nov 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '233', Created = '2017-05-31T21:33:06.433Z', Modified = '2019-01-30T15:21:42.146Z', Name = 'WEBC2', Description = '[WEBC2](https://attack.mitre.org/software/S0109) is a backdoor used by [APT1](https://attack.mitre.org/groups/G0006) to retrieve a Web page from a predetermined C2 server. (Citation: Mandiant APT1 Appendix)(Citation: Mandiant APT1)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '234', Created = '2017-12-14T16:46:06.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'WINDSHIELD', Description = '[WINDSHIELD](https://attack.mitre.org/software/S0155) is a signature backdoor used by [APT32](https://attack.mitre.org/groups/G0050). (Citation: FireEye APT32 May 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '235', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'WINERACK', Description = '[WINERACK](https://attack.mitre.org/software/S0219) is a backdoor used by [APT37](https://attack.mitre.org/groups/G0067). (Citation: FireEye APT37 Feb 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '236', Created = '2019-03-25T17:30:17.004Z', Modified = '2019-04-22T11:43:33.080Z', Name = 'WannaCry', Description = '[WannaCry](https://attack.mitre.org/software/S0366) is ransomware that was first seen in a global attack during May 2017, which affected more than 150 countries. It contains worm-like features to spread itself across a computer network using the SMBv1 exploit EternalBlue.(Citation: LogRhythm WannaCry)(Citation: US-CERT WannaCry 2017)(Citation: Washington Post WannaCry 2017)(Citation: FireEye WannaCry 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '237', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Wiarp', Description = '[Wiarp](https://attack.mitre.org/software/S0206) is a trojan used by [Elderwood](https://attack.mitre.org/groups/G0066) to open a backdoor on compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Wiarp May 2012)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '238', Created = '2017-05-31T21:32:40.004Z', Modified = '2019-05-03T16:45:45.143Z', Name = 'WinMM', Description = '[WinMM](https://attack.mitre.org/software/S0059) is a full-featured, simple backdoor used by [Naikon](https://attack.mitre.org/groups/G0019). (Citation: Baumgartner Naikon 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '239', Created = '2018-01-16T16:13:52.465Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Wingbird', Description = '[Wingbird](https://attack.mitre.org/software/S0176) is a backdoor that appears to be a version of commercial software [FinFisher](https://attack.mitre.org/software/S0182). It is reportedly used to attack individual computers instead of networks. It was used by [NEODYMIUM](https://attack.mitre.org/groups/G0055) in a May 2016 campaign. (Citation: Microsoft SIR Vol 21) (Citation: Microsoft NEODYMIUM Dec 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '240', Created = '2017-05-31T21:33:21.027Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Winnti', Description = '[Winnti](https://attack.mitre.org/software/S0141) is a Trojan that has been used by multiple groups to carry out intrusions in varied regions from at least 2010 to 2016. One of the groups using this malware is referred to by the same name, [Winnti Group](https://attack.mitre.org/groups/G0044), however, reporting indicates a second distinct group, [Axiom](https://attack.mitre.org/groups/G0001), also uses the malware. (Citation: Kaspersky Winnti April 2013) (Citation: Microsoft Winnti Jan 2017) (Citation: Novetta Winnti April 2015)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '241', Created = '2017-05-31T21:32:32.915Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Wiper', Description = '[Wiper](https://attack.mitre.org/software/S0041) is a family of destructive malware used in March 2013 during breaches of South Korean banks and media companies. (Citation: Dell Wiper)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '242', Created = '2017-05-31T21:33:09.453Z', Modified = '2019-04-19T18:36:31.731Z', Name = 'XTunnel', Description = '[XTunnel](https://attack.mitre.org/software/S0117) a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by [APT28](https://attack.mitre.org/groups/G0007) during the compromise of the Democratic National Committee. (Citation: Crowdstrike DNC June 2016) (Citation: Invincea XTunnel) (Citation: ESET Sednit Part 2)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '243', Created = '2019-01-30T13:28:47.452Z', Modified = '2019-04-24T21:24:33.982Z', Name = 'Xbash', Description = '[Xbash](https://attack.mitre.org/software/S0341) is a malware family that has targeted Linux and Microsoft Windows servers. The malware has been tied to the Iron Group, a threat actor group known for previous ransomware attacks. [Xbash](https://attack.mitre.org/software/S0341) was developed in Python and then converted into a self-contained Linux ELF executable by using PyInstaller.(Citation: Unit42 Xbash Sept 2018)', Windows = 'true', MacOS = 'false', Linux = 'true'),
models.Threat_DB(IDthreat = '244', Created = '2017-05-31T21:32:56.394Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'ZLib', Description = '[ZLib](https://attack.mitre.org/software/S0086) is a full-featured backdoor that was used as a second-stage implant by [Dust Storm](https://attack.mitre.org/groups/G0031) from 2014 to 2015. It is malware and should not be confused with the compression library from which its name is derived. (Citation: Cylance Dust Storm)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '245', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-23T17:19:33.877Z', Name = 'Zebrocy', Description = '[Zebrocy](https://attack.mitre.org/software/S0251) is a Trojan that has been used by [APT28](https://attack.mitre.org/groups/G0007) since at least November 2015. The malware comes in several programming language variants, including C++, Delphi, AutoIt, C#, and VB.NET. (Citation: Palo Alto Sofacy 06-2018)(Citation: Unit42 Cannon Nov 2018)(Citation: Unit42 Sofacy Dec 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '246', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'ZeroT', Description = '[ZeroT](https://attack.mitre.org/software/S0230) is a Trojan used by [TA459](https://attack.mitre.org/groups/G0062), often in conjunction with [PlugX](https://attack.mitre.org/software/S0013). (Citation: Proofpoint TA459 April 2017) (Citation: Proofpoint ZeroT Feb 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '247', Created = '2017-05-31T21:32:20.949Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Zeroaccess', Description = '[Zeroaccess](https://attack.mitre.org/software/S0027) is a kernel-mode [Rootkit](https://attack.mitre.org/techniques/T1014) that attempts to add victims to the ZeroAccess botnet, often for monetary gain. (Citation: Sophos ZeroAccess)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '248', Created = '2019-01-29T17:59:43.600Z', Modified = '2019-04-16T20:55:19.901Z', Name = 'Zeus Panda', Description = '[Zeus Panda](https://attack.mitre.org/software/S0330) is a Trojan designed to steal banking information and other sensitive credentials for exfiltration. [Zeus Panda](https://attack.mitre.org/software/S0330)’s original source code was leaked in 2011, allowing threat actors to use its source code as a basis for new malware variants. It is mainly used to target Windows operating systems ranging from Windows XP through Windows 10.(Citation: Talos Zeus Panda Nov 2017)(Citation: GDATA Zeus Panda June 2017)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '249', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'adbupd', Description = '[adbupd](https://attack.mitre.org/software/S0202) is a backdoor used by [PLATINUM](https://attack.mitre.org/groups/G0068) that is similar to [Dipsind](https://attack.mitre.org/software/S0200). (Citation: Microsoft PLATINUM April 2016)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '250', Created = '2017-05-31T21:32:24.937Z', Modified = '2019-04-16T20:26:40.711Z', Name = 'gh0st RAT', Description = '[gh0st RAT](https://attack.mitre.org/software/S0032) is a remote access tool (RAT). The source code is public and it has been used by multiple groups. (Citation: FireEye Hacking Team)(Citation: Arbor Musical Chairs Feb 2018)(Citation: Nccgroup Gh0st April 2018)', Windows = 'true', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '251', Created = '2017-05-31T21:32:46.890Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'hcdLoader', Description = '[hcdLoader](https://attack.mitre.org/software/S0071) is a remote access tool (RAT) that has been used by [APT18](https://attack.mitre.org/groups/G0026). (Citation: Dell Lateral Movement)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '252', Created = '2017-05-31T21:32:45.315Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'httpclient', Description = '[httpclient](https://attack.mitre.org/software/S0068) is malware used by [Putter Panda](https://attack.mitre.org/groups/G0024). It is a simple tool that provides a limited range of functionality, suggesting it is likely used as a second-stage or supplementary/backup tool. (Citation: CrowdStrike Putter Panda)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '253', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-29T16:28:56.207Z', Name = 'jRAT', Description = '[jRAT](https://attack.mitre.org/software/S0283) is a cross-platform, Java-based backdoor originally available for purchase in 2012. Variants of [jRAT](https://attack.mitre.org/software/S0283) have been distributed via a software-as-a-service platform, similar to an online subscription model.(Citation: Kaspersky Adwind Feb 2016) (Citation: jRAT Symantec Aug 2018)', Windows = 'true', MacOS = 'true', Linux = 'true'),
models.Threat_DB(IDthreat = '254', Created = '2017-05-31T21:32:44.700Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'pngdowner', Description = '[pngdowner](https://attack.mitre.org/software/S0067) is malware used by [Putter Panda](https://attack.mitre.org/groups/G0024). It is a simple tool with limited functionality and no persistence mechanism, suggesting it is used only as a simple "download-and-execute" utility. (Citation: CrowdStrike Putter Panda)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '255', Created = '2018-10-17T00:14:20.652Z', Modified = '2019-04-25T00:09:22.985Z', Name = 'yty', Description = '[yty](https://attack.mitre.org/software/S0248) is a modular, plugin-based malware framework. The components of the framework are written in a variety of programming languages. (Citation: ASERT Donot March 2018)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '256', Created = '2019-01-30T17:48:35.006Z', Modified = '2019-01-30T17:48:35.006Z', Name = 'zwShell', Description = '[zwShell](https://attack.mitre.org/software/S0350) is a remote access tool (RAT) written in Delphi that has been used by [Night Dragon](https://attack.mitre.org/groups/G0014).(Citation: McAfee Night Dragon)', Windows = 'true', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '257', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Calisto', Description = '[Calisto](https://attack.mitre.org/software/S0274) is a macOS Trojan that opens a backdoor on the compromised machine. [Calisto](https://attack.mitre.org/software/S0274) is believed to have first been developed in 2016. (Citation: Securelist Calisto July 2018) (Citation: Symantec Calisto July 2018)', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '258', Created = '2017-05-31T21:32:52.875Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'CallMe', Description = '[CallMe](https://attack.mitre.org/software/S0077) is a Trojan designed to run on Apple OSX. It is based on a publicly available tool called Tiny SHell. (Citation: Scarlet Mimic Jan 2016)', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '259', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Chaos', Description = '[Chaos](https://attack.mitre.org/software/S0220) is Linux malware that compromises systems by brute force attacks against SSH services. Once installed, it provides a reverse shell to its controllers, triggered by unsolicited packets. (Citation: Chaos Stolen Backdoor)', Windows = 'false', MacOS = 'false', Linux = 'true'),
models.Threat_DB(IDthreat = '260', Created = '2019-04-23T18:41:36.914Z', Modified = '2019-04-29T21:19:34.739Z', Name = 'CoinTicker', Description = '[CoinTicker](https://attack.mitre.org/software/S0369) is a malicious application that poses as a cryptocurrency price ticker and installs components of the open source backdoors EvilOSX and EggShell.(Citation: CoinTicker 2019)', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '261', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:19:37.952Z', Name = 'Darkmoon', Description = 'NULL', Windows = 'false', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '262', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Dok', Description = '[Dok](https://attack.mitre.org/software/S0281) steals banking information through man-in-the-middle (Citation: objsee mac malware 2017).', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '263', Created = '2019-04-19T16:40:24.922Z', Modified = '2019-04-26T20:14:18.000Z', Name = 'Ebury', Description = '[Ebury](https://attack.mitre.org/software/S0377) is an SSH backdoor targeting Linux operating systems. Attackers require root-level access, which allows them to replace SSH binaries (ssh, sshd, ssh-add, etc) or modify a shared library used by OpenSSH (libkeyutils).(Citation: ESET Ebury Feb 2014)(Citation: BleepingComputer Ebury March 2017)', Windows = 'false', MacOS = 'false', Linux = 'true'),
models.Threat_DB(IDthreat = '264', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'FruitFly', Description = 'FruitFly is designed to spy on mac users (Citation: objsee mac malware 2017).', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '265', Created = '2017-05-31T21:32:35.389Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Hacking Team UEFI Rootkit', Description = '[Hacking Team UEFI Rootkit](https://attack.mitre.org/software/S0047) is a rootkit developed by the company Hacking Team as a method of persistence for remote access software. (Citation: TrendMicro Hacking Team UEFI)', Windows = 'false', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '266', Created = '2017-12-14T16:46:06.044Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Janicab', Description = '[Janicab](https://attack.mitre.org/software/S0163) is an OS X trojan that relied on a valid developer ID and oblivious users to install it. (Citation: Janicab)', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '267', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Keydnap', Description = 'This piece of malware steals the content of the user''s keychain while maintaining a permanent backdoor (Citation: OSX Keydnap malware).', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '268', Created = '2017-12-14T16:46:06.044Z', Modified = '2019-01-30T18:19:22.606Z', Name = 'Komplex', Description = '[Komplex](https://attack.mitre.org/software/S0162) is a backdoor that has been used by [APT28](https://attack.mitre.org/groups/G0007) on OS X and appears to be developed in a similar manner to [XAgentOSX](https://attack.mitre.org/software/S0161) (Citation: XAgentOSX 2017) (Citation: Sofacy Komplex Trojan).', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '269', Created = '2019-03-04T17:12:37.586Z', Modified = '2019-04-23T20:32:46.917Z', Name = 'Linux Rabbit', Description = '[Linux Rabbit](https://attack.mitre.org/software/S0362) is malware that targeted Linux servers and IoT devices in a campaign lasting from August to October 2018. It shares code with another strain of malware known as Rabbot. The goal of the campaign was to install cryptocurrency miners onto the targeted servers and devices.(Citation: Anomali Linux Rabbit 2018)', Windows = 'false', MacOS = 'false', Linux = 'true'),
models.Threat_DB(IDthreat = '270', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'MacSpy', Description = '[MacSpy](https://attack.mitre.org/software/S0282) is a malware-as-a-service offered on the darkweb (Citation: objsee mac malware 2017).', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '271', Created = '2017-05-31T21:32:53.681Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'MobileOrder', Description = '[MobileOrder](https://attack.mitre.org/software/S0079) is a Trojan intended to compromise Android mobile devices. It has been used by [Scarlet Mimic](https://attack.mitre.org/groups/G0029). (Citation: Scarlet Mimic Jan 2016)', Windows = 'false', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '272', Created = '2019-01-30T19:18:19.667Z', Modified = '2019-01-30T19:18:19.667Z', Name = 'OSX_OCEANLOTUS.D', Description = '[OSX_OCEANLOTUS.D](https://attack.mitre.org/software/S0352) is a MacOS backdoor that has been used by [APT32](https://attack.mitre.org/groups/G0050).(Citation: TrendMicro MacOS April 2018)', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '273', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Proton', Description = '[Proton](https://attack.mitre.org/software/S0279) is a macOS backdoor focusing on data theft and credential access (Citation: objsee mac malware 2017).', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '274', Created = '2019-04-17T18:43:36.156Z', Modified = '2019-04-22T20:29:31.147Z', Name = 'SpeakUp', Description = '[SpeakUp](https://attack.mitre.org/software/S0374) is a Trojan backdoor that targets both Linux and OSX devices. It was first observed in January 2019. (Citation: CheckPoint SpeakUp Feb 2019)', Windows = 'false', MacOS = 'true', Linux = 'true'),
models.Threat_DB(IDthreat = '275', Created = '2017-10-25T14:48:42.313Z', Modified = '2019-02-01T17:38:05.973Z', Name = 'Twitoor', Description = '[Twitoor](https://attack.mitre.org/software/S0302) is an Android malware family that likely spreads by SMS or via malicious URLs. (Citation: ESET-Twitoor)', Windows = 'false', MacOS = 'false', Linux = 'false'),
models.Threat_DB(IDthreat = '276', Created = '2018-04-18T17:59:24.739Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'Umbreon', Description = 'A Linux rootkit that provides backdoor access and hides from defenders.', Windows = 'false', MacOS = 'false', Linux = 'true'),
models.Threat_DB(IDthreat = '277', Created = '2017-12-14T16:46:06.044Z', Modified = '2019-01-30T18:23:25.164Z', Name = 'XAgentOSX', Description = '[XAgentOSX](https://attack.mitre.org/software/S0161) is a trojan that has been used by [APT28](https://attack.mitre.org/groups/G0007) on OS X and appears to be a port of their standard [CHOPSTICK](https://attack.mitre.org/software/S0023) or XAgent trojan. (Citation: XAgentOSX 2017)', Windows = 'false', MacOS = 'true', Linux = 'false'),
models.Threat_DB(IDthreat = '278', Created = '2018-10-17T00:14:20.652Z', Modified = '2018-10-17T00:14:20.652Z', Name = 'iKitten', Description = '[iKitten](https://attack.mitre.org/software/S0278) is a macOS exfiltration agent (Citation: objsee mac malware 2017).', Windows = 'false', MacOS = 'true', Linux = 'false'),
]
s.bulk_save_objects(objects)
s.commit()
def insert_plan():
objects = [
models.Plan_DB(IDPlan = '1',IDThreat = '140',Name = 'Notpetya', Description = 'Notpetya'),
models.Plan_DB(IDPlan = '2',IDThreat = '236',Name = 'WannaCry', Description = 'WannaCry'),
models.Plan_DB(IDPlan = '3',IDThreat = '78',Name = 'Flame', Description = 'Flame'),
models.Plan_DB(IDPlan = '4',IDThreat = '52',Name = 'DarkComet', Description = 'DarkComet'),
models.Plan_DB(IDPlan = '5',IDThreat = '60',Name = 'Duqu', Description = 'Duqu')
]
s.bulk_save_objects(objects)
s.commit()
def insert_task():
objects = [
models.Task_DB(IDTask = '1', IDPlan = '1', IDIntel = '3', Orden = '1'),
models.Task_DB(IDTask = '2', IDPlan = '1', IDIntel = '64', Orden = '2'),
models.Task_DB(IDTask = '3', IDPlan = '1', IDIntel = '98', Orden = '3'),
models.Task_DB(IDTask = '4', IDPlan = '1', IDIntel = '86', Orden = '4'),
models.Task_DB(IDTask = '5', IDPlan = '1', IDIntel = '298', Orden = '5'),
models.Task_DB(IDTask = '6', IDPlan = '2', IDIntel = '103', Orden = '1'),
models.Task_DB(IDTask = '7', IDPlan = '2', IDIntel = '20', Orden = '2'),
models.Task_DB(IDTask = '8', IDPlan = '2', IDIntel = '152', Orden = '3'),
models.Task_DB(IDTask = '9', IDPlan = '2', IDIntel = '133', Orden = '4'),
models.Task_DB(IDTask = '10', IDPlan = '2', IDIntel = '301', Orden = '5'),
models.Task_DB(IDTask = '11', IDPlan = '2', IDIntel = '298', Orden = '6'),
models.Task_DB(IDTask = '12', IDPlan = '3', IDIntel = '78', Orden = '1'),
models.Task_DB(IDTask = '13', IDPlan = '3', IDIntel = '152', Orden = '2'),
models.Task_DB(IDTask = '14', IDPlan = '3', IDIntel = '143', Orden = '3'),
models.Task_DB(IDTask = '15', IDPlan = '4', IDIntel = '71', Orden = '1'),
models.Task_DB(IDTask = '16', IDPlan = '4', IDIntel = '69', Orden = '2'),
models.Task_DB(IDTask = '17', IDPlan = '5', IDIntel = '108', Orden = '1'),
models.Task_DB(IDTask = '18', IDPlan = '5', IDIntel = '71', Orden = '2'),
models.Task_DB(IDTask = '19', IDPlan = '5', IDIntel = '18', Orden = '3'),
models.Task_DB(IDTask = '20', IDPlan = '5', IDIntel = '116', Orden = '4'),
models.Task_DB(IDTask = '21', IDPlan = '5', IDIntel = '67', Orden = '5'),
models.Task_DB(IDTask = '22', IDPlan = '5', IDIntel = '69', Orden = '6'),
models.Task_DB(IDTask = '23', IDPlan = '5', IDIntel = '170', Orden = '7')
]
s.bulk_save_objects(objects)
s.commit()
def insert_version():
objects = [
models.Version_DB(repository_id = 'console',repository_path = CONSOLE_PATH,version = CONSOLE_VERSION)
]
try:
s.bulk_save_objects(objects)
s.commit()
except:
print("migration console record already exist")
def upgrade_database(version):
# s = db.session()
if version == 1 :
print("first upgrade to database")
# example to create record on upgrade version.
# create a console records
# objects = [
# models.Version_DB(repository_id= 'console',repository_path = CONSOLE_PATH,version = CONSOLE_VERSION)
# ]
# s.bulk_save_objects(objects)
# s.commit()
if version == 2 :
version_2()
def version_2():
inteligence = s.query(models.Inteligence_DB).filter_by(IDIntel = '75').first()
if inteligence != None:
inteligence.Function= 'invoke-registryrun'
inteligence.Terminated='True'
s.commit()
inteligence = None
inteligence = s.query(models.Inteligence_DB).filter_by(IDIntel = '142').first()
if inteligence != None:
inteligence.Function= 'invoke-registryrunClean'
inteligence.Terminated='False'
s.commit()
def insert_user():
objects = [
models.Users_DB(id = '1', username = 'root',password_hash ='pbkdf2:sha256:150000$5pMOtD6w$3d33b60f62b7d06ecd4544c22786c3909c1ce1c13260c29e96a69b893e90e535', admin=1)
]
s.bulk_save_objects(objects)
s.commit()