A threat actor may use organized and distributed software to attack an IT resource or service.  The current model only defines three types of threat tools as examples.  Threat tools include viruses, botnets, and other software that enables or automates a threat actor’s attack.  Currently in the model, a there is a network of virtual tunnels that is used to anonymously perform a cyber-attack, a peer-to-peer file sharing application is used to distribute malicious code as part of a cyber-attack, and a botnet is used as an attacker.<br/>