updated pyfiles to have proper ATT&CK mappings

Payload_Type/athena/athena/mythic/agent_functions/arp.py

@@ -28,22 +28,8 @@ def __init__(self, command_line, **kwargs):
                         ui_position=0,
                         group_name="Default"
                     ),
-                    # ParameterGroupInfo(
-                    #     required=True,
-                    #     ui_position=0,
-                    #     group_name="TargetList"
-                    # )
                 ],
             ),
-            # CommandParameter(
-            #     name="inputlist",
-            #     type=ParameterType.File,
-            #     description="List of hosts in a newline separated file",
-            #     parameter_group_info=[ParameterGroupInfo(
-            #             required=True,
-            #             group_name="TargetList"
-            #     )]
-            # )
         ]
 
     async def parse_arguments(self):
@@ -63,15 +49,9 @@ class ArpCommand(CommandBase):
     help_cmd = "arp"
     description = "Perform an ARP scan in your local network."
     version = 1
-    is_exit = False
-    is_file_browse = False
-    is_process_list = False
-    is_download_file = False
-    is_remove_file = False
-    is_upload_file = False
     author = "@checkymander"
     argument_class = ArpArguments
-    attackmapping = []
+    attackmapping = ["T1046"]
     attributes = CommandAttributes(
         supported_os=[SupportedOS.Windows],
     )

Payload_Type/athena/athena/mythic/agent_functions/cat.py

@@ -33,9 +33,10 @@ class CatCommand(CommandBase):
     help_cmd = "cat /path/to/file"
     description = "Read the contents of a file and display it to the user."
     version = 1
+    supported_ui_features = ["cat"]
     author = "@checkymander"
     argument_class = CatArguments
-    attackmapping = ["T1005", "T1552.001"]
+    attackmapping = ["T1005", "T1039", "T1025"]
     attributes = CommandAttributes(
     )
 

Payload_Type/athena/athena/mythic/agent_functions/cd.py

@@ -36,7 +36,7 @@ class CdCommand(CommandBase):
     version = 1
     author = "@checkymander"
     argument_class = CdArguments
-    attackmapping = ["T1083"]
+    attackmapping = ["T1083", "T1082"]
     attributes = CommandAttributes(
     )
 

Payload_Type/athena/athena/mythic/agent_functions/coff.py

@@ -74,15 +74,9 @@ class CoffCommand(CommandBase):
     help_cmd = "coff"
     description = "Execute a COFF file in process. Leverages the Netitude RunOF project. argumentData can be generated using the beacon_generate.py script found in the TrustedSec COFFLoader GitHub repo. This command is not intended to be used directly, but can be."
     version = 1
-    is_exit = False
-    is_file_browse = False
-    is_process_list = False
-    is_download_file = False
-    is_remove_file = False
-    is_upload_file = False
     author = "@checkymander & @scottctaylor12"
     argument_class = CoffArguments
-    attackmapping = []
+    attackmapping = ["T1620"]
     attributes = CommandAttributes(
         load_only=False,
         builtin=False,

Payload_Type/athena/athena/mythic/agent_functions/cp.py

@@ -43,15 +43,9 @@ class CpCommand(CommandBase):
     help_cmd = "cp <source> <destination>"
     description = "Copy a file from one location to another."
     version = 1
-    is_exit = False
-    is_file_browse = False
-    is_process_list = False
-    is_download_file = False
-    is_remove_file = False
-    is_upload_file = False
     author = "@checkymander"
     argument_class = CpArguments
-    attackmapping = []
+    attackmapping = ["T1570"]
     attributes = CommandAttributes(
     )
 

Payload_Type/athena/athena/mythic/agent_functions/crop.py

@@ -99,7 +99,6 @@ class FarmerCommand(CommandBase):
     help_cmd = "crop"
     description = "Drop a file for hash collection"
     version = 1
-    is_exit = False
     help_cmd = """
 Crop https://github.com/mdsecactivebreach/Farmer
     created by @domchell
@@ -114,14 +113,9 @@ class FarmerCommand(CommandBase):
 Drop a .searchconnect-ms
 crop -targetLocation \\myserver\shared\ -targetFilename Athena.searchconnector-ms -targetPath \\MyCropServer:8080\harvest -recurse      
     """
-    is_file_browse = False
-    is_process_list = False
-    is_download_file = False
-    is_remove_file = False
-    is_upload_file = False
     author = "@domchell, @checkymander"
     argument_class = FarmerArguments
-    attackmapping = []
+    attackmapping = ["T1187"]
     attributes = CommandAttributes(
         supported_os=[SupportedOS.Windows],
     )

Payload_Type/athena/athena/mythic/agent_functions/cursed.py

@@ -101,7 +101,7 @@ class CursedCommand(CommandBase):
     author = "@checkymander"
     supported_ui_features = ["task_response:interactive"]
     argument_class = CursedArguments
-    attackmapping = ["T1059"]
+    attackmapping = ["T1185", "T1564.010", "T1539", "T1134.004"]
     attributes = CommandAttributes(
         load_only=False,
         builtin=False

Payload_Type/athena/athena/mythic/agent_functions/download.py

@@ -88,13 +88,7 @@ class DownloadCommand(CommandBase):
     help_cmd = "download [path/to/file]"
     description = "Download a file off the target system."
     version = 1
-    is_exit = False
-    is_file_browse = False
-    is_process_list = False
     supported_ui_features = ["file_browser:download"]
-    is_upload_file = False
-    is_remove_file = False
-    is_download_file = True
     author = "@checkymander"
     argument_class = DownloadArguments
     attackmapping = ["T1020", "T1030", "T1041"]

Payload_Type/athena/athena/mythic/agent_functions/drives.py

@@ -21,7 +21,7 @@ class DrivesCommand(CommandBase):
     description = "Get all drives on the host and information about them "
     version = 1
     author = "@tr41nwr3ck"
-    attackmapping = []
+    attackmapping = ["T1083", "T1082"]
     argument_class = DrivesArguments
     browser_script = BrowserScript(script_name="drives", author="@tr41nwr3ck")
     attributes = CommandAttributes(

Payload_Type/athena/athena/mythic/agent_functions/ds-connect.py

@@ -92,12 +92,6 @@ class DsConnectCommand(CommandBase):
     """
     description = "Bind to an LDAP Controller"
     version = 1
-    is_exit = False
-    is_file_browse = False
-    is_process_list = False
-    is_download_file = False
-    is_remove_file = False
-    is_upload_file = False
     author = "@checkymander"
     argument_class = DsConnectArguments
     attackmapping = []

Payload_Type/athena/athena/mythic/agent_functions/ds-query.py

@@ -104,7 +104,7 @@ class DsQueryCommand(CommandBase):
     is_upload_file = False
     author = "@checkymander"
     argument_class = DsQueryArguments
-    attackmapping = []
+    attackmapping = ["T1087.002","T1069.002"]
     attributes = CommandAttributes(
     )
 

Payload_Type/athena/athena/mythic/agent_functions/ds.py

@@ -184,7 +184,7 @@ class DsCommand(CommandBase):
     author = "@checkymander"
     argument_class = DsArguments
     browser_script = BrowserScript(script_name="ds", author="@checkymander")
-    attackmapping = []
+    attackmapping = ["T1087.002", "T1069.002"]
     attributes = CommandAttributes(
     )
 

Payload_Type/athena/athena/mythic/agent_functions/echo.py

@@ -30,11 +30,3 @@ async def create_go_tasking(self, taskData: PTTaskMessageAllData) -> PTTaskCreat
             Success=True,
         )
         return response
-
-    # async def process_response(self, task: PTTaskMessageAllData, response: any) -> PTTaskProcessResponseMessageResponse:
-    #     if "message" in response:
-    #         user_output = response["message"]
-    #         await MythicRPC().execute("create_output", task_id=task.Task.ID, output=message_converter.translateAthenaMessage(user_output))
-
-    #     resp = PTTaskProcessResponseMessageResponse(TaskID=task.Task.ID, Success=True)
-    #     return resp

Payload_Type/athena/athena/mythic/agent_functions/env.py

@@ -21,7 +21,7 @@ class EnvCommand(CommandBase):
     description = "output current environment variables"
     version = 1
     author = "@tr41nwr3ck"
-    attackmapping = []
+    attackmapping = ["T1082"]
     argument_class = EnvArguments
     browser_script = BrowserScript(script_name="env", author="@tr41nwr3ck")
     attributes = CommandAttributes(

Payload_Type/athena/athena/mythic/agent_functions/exec.py

@@ -86,7 +86,7 @@ class ExecCommand(CommandBase):
     version = 1
     author = "@checkymander"
     argument_class = ExecArguments
-    attackmapping = ["T1059", "T1059.004"]
+    attackmapping = ["T1059", "T1059.004", "T1059.003", "T1564.010", "T1134.004"]
     attributes = CommandAttributes(
         builtin=False
     )

Payload_Type/athena/athena/mythic/agent_functions/execute-assembly.py

@@ -43,15 +43,9 @@ class ExecuteAssemblyCommand(CommandBase):
     help_cmd = "execute-assembly"
     description = "Load an arbitrary .NET assembly via Assembly.Load and track the assembly FullName to call for execution with the runassembly command. If assembly is loaded through Apfell's services -> host file, then operators can simply specify the filename from the uploaded file"
     version = 1
-    is_exit = False
-    is_file_browse = False
-    is_process_list = False
-    is_download_file = False
-    is_remove_file = False
-    is_upload_file = False
     author = ""
     argument_class = ExecuteAssemblyArguments
-    attackmapping = []
+    attackmapping = ["T1620"]
     browser_script = None
     attributes = CommandAttributes(
         load_only=False,
@@ -68,13 +62,6 @@ async def create_go_tasking(self, taskData: PTTaskMessageAllData) -> PTTaskCreat
 
         if file.Success:
             file_contents = base64.b64encode(file.Content)
-            # temp = tempfile.NamedTemporaryFile()
-            # temp.write(file.Content)
-            # temp.seek(0)
-            # if not await self.can_run(temp.name):
-            #     await message_utilities.send_agent_message(message="Cannot run assembly. Check if assembly is .NET Core or .NET Framework", task=taskData.Task)
-            #     raise Exception("Cannot run assembly. Check if assembly is .NET Core or .NET Framework")
-            # temp.close()
             taskData.args.add_arg("asm", file_contents.decode("utf-8"))
         else:
             raise Exception("Failed to get file contents: " + file.Error)

Payload_Type/athena/athena/mythic/agent_functions/farmer.py

@@ -48,16 +48,9 @@ class FarmerCommand(CommandBase):
      
     """
     version = 1
-    is_exit = False
-    is_file_browse = False
-    is_process_list = False
-    is_download_file = False
-    is_remove_file = False
-    is_upload_file = False
-
     author = "@domchell, @checkymander"
     argument_class = FarmerArguments
-    attackmapping = []
+    attackmapping = ["T1187"]
     attributes = CommandAttributes(
     )
 

Payload_Type/athena/athena/mythic/agent_functions/get-clipboard.py

@@ -22,7 +22,7 @@ class GetClipboardCommand(CommandBase):
     version = 1
     supported_ui_features = []
     author = "@checkymander"
-    attackmapping = []
+    attackmapping = ["T1115"]
     argument_class = GetClipboardArguments
     attributes = CommandAttributes(
         supported_os=[SupportedOS.Windows, SupportedOS.MacOS]

Payload_Type/athena/athena/mythic/agent_functions/get-localgroup.py

@@ -48,7 +48,7 @@ class GetSharesCommand(CommandBase):
     version = 1
     author = "@checkymander"
     argument_class = GetSharesArguments
-    attackmapping = ["T1106"]
+    attackmapping = ["T1069", "T1069.001"]
     attributes = CommandAttributes(
         supported_os=[SupportedOS.Windows],
     )

Payload_Type/athena/athena/mythic/agent_functions/get-sessions.py

@@ -48,7 +48,7 @@ class GetSessionsCommand(CommandBase):
     version = 1
     author = "@checkymander"
     argument_class = GetSessionsArguments
-    attackmapping = ["T1106"]
+    attackmapping = ["T0840"]
     attributes = CommandAttributes(
         supported_os=[SupportedOS.Windows],
     )

Payload_Type/athena/athena/mythic/agent_functions/get-shares.py

@@ -48,7 +48,7 @@ class GetSharesCommand(CommandBase):
     version = 1
     author = "@checkymander"
     argument_class = GetSharesArguments
-    attackmapping = ["T1106"]
+    attackmapping = ["T1135"]
     attributes = CommandAttributes(
         supported_os=[SupportedOS.Windows],
     )

Payload_Type/athena/athena/mythic/agent_functions/http-server.py

@@ -77,7 +77,7 @@ class HttpServerCommand(CommandBase):
     version = 1
     author = "@checkymander"
     argument_class = HttpServerArguments
-    attackmapping = ["T1572"]
+    attackmapping = []
     attributes = CommandAttributes(
         load_only=False,
         builtin=False

Payload_Type/athena/athena/mythic/agent_functions/ifconfig.py

@@ -21,7 +21,7 @@ class IfconfigCommand(CommandBase):
     description = "Return all the IP addresses associated with the host"
     version = 1
     author = "@checkymander"
-    attackmapping = ["T1082"]
+    attackmapping = ["T1016", "T1082"]
     argument_class = IfconfigArguments
     attributes = CommandAttributes(
     )

Payload_Type/athena/athena/mythic/agent_functions/inject-assembly.py

@@ -138,15 +138,9 @@ class InjectAssemblyCommand(CommandBase):
     help_cmd = "inject-assembly"
     description = "Use donut to convert a .NET assembly into shellcode and execute the buffer in a remote process"
     version = 1
-    is_exit = False
-    is_file_browse = False
-    is_process_list = False
-    is_download_file = False
-    is_remove_file = False
-    is_upload_file = False
     author = ""
     argument_class = InjectAssemblyArguments
-    attackmapping = []
+    attackmapping = ["T1055", "T1564.010", "T1134.004"]
     browser_script = None
     attributes = CommandAttributes(
         supported_os=[SupportedOS.Windows],