From cfaf2245f142ce385a4d121906829fff7923f802 Mon Sep 17 00:00:00 2001
From: Ian Walker-Smith
 <155087894+ianwalkersmithciticom@users.noreply.github.com>
Date: Wed, 27 Nov 2024 06:28:49 -0300
Subject: [PATCH] db backup restore threat (#565)

Co-authored-by: Damien Burks <20100558+damienjburks@users.noreply.github.com>
Co-authored-by: Eddie Knight <knight@linux.com>
---
 services/database/relational/threats.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml
index 6e70ed5f..9deacba3 100644
--- a/services/database/relational/threats.yaml
+++ b/services/database/relational/threats.yaml
@@ -91,3 +91,22 @@ threats:
       - CCC.F06
     mitre_technique:
       - T1556
+
+  - id: CCC.RDMS.TH14
+    title: DB backup is uninentionally restored
+    description: A threat actor restores a database backup thereby destroying data.
+    features:
+      - CCC.F11
+    mitre_technique:
+      - T1485
+
+  - id: CCC.RDMS.TH15
+    title: brute force attack against the database
+    description: |
+      threat actor uses brute force attack to discover
+      database user password, threat actor then has access to the
+      database user
+    features:
+      - CCC.RDMS.F07
+    mitre_technique:
+      - T1110