rm dupes

magicsword-io · Oct 1, 2024 · 03b8e42 · 03b8e42
1 parent a838b72
commit 03b8e42
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 189 deletions.
diff --git a/yaml/dw_service.yaml b/yaml/dw_service.yaml
@@ -17,6 +17,7 @@ Details:
   Capabilities: []
   Vulnerabilities: []
   InstallationPaths:
+  - dwagsvc.exe
   - dwagent.exe
   - dwagsvc.exe
 Artifacts:

diff --git a/yaml/esetremoteadministrator.yaml b/yaml/esetremoteadministrator.yaml
diff --git a/yaml/fixme.it.yaml b/yaml/fixme.it.yaml
diff --git a/yaml/fixme.yaml b/yaml/fixme.yaml
@@ -1,9 +1,9 @@
-Name: FixMe
-Description: FixMe is a remote monitoring and management (RMM) tool. More information
+Name: FixMe.it
+Description: FixMe.it is a remote monitoring and management (RMM) tool. More information
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: ''
+LastModified: 2/7/2024
 Details:
   Website: ''
   PEMetadata:
@@ -23,14 +23,23 @@ Details:
   - TiExpertCore.exe
   - FixMeit Unattended Access Setup.exe
   - FixMeit Expert Setup.exe
+  - TiExpertCore.exe
+  - fixmeitclient.exe
+  - TiClientCore.exe
+  - TiClientHelper*.exe
+  - 9380CC75B872221A7425D7503565B67580407F60
 Artifacts:
   Disk: []
   EventLog: []
   Registry: []
   Network:
   - Description: Known remote domains
     Domains:
+    - '*.fixme.it'
+    - '*.techinline.net'
     - fixme.it
+    - '*set.me'
+    - '*setme.net'
     Ports: []
 Detections:
 - Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_network_sigma.yml

diff --git a/yaml/fleetdeck.yaml b/yaml/fleetdeck.yaml
@@ -1,5 +1,5 @@
-Name: FleetDeck
-Description: FleetDeck is a remote monitoring and management (RMM) tool. More information
+Name: FleetDeck.io
+Description: FleetDeck.io is a remote monitoring and management (RMM) tool. More information
   will be added as it becomes available.
 Author: ''
 Created: ''
@@ -18,19 +18,26 @@ Details:
   Vulnerabilities: []
   InstallationPaths:
   - fleetdeck_agent_svc.exe
+  - fleetdeck_commander_svc.exe
+  - fleetdeck_installer.exe
+  - fleetdeck_commander_launcher.exe
+  - fleetdeck_agent.exe
 Artifacts:
   Disk: []
   EventLog: []
   Registry: []
   Network:
   - Description: Known remote domains
     Domains:
+    - '*.fleetdeck.io'
+    - cognito-idp.us-west-2.amazonaws.com
     - fleetdeck.io
     Ports: []
 Detections:
-- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_network_sigma.yml
-  Description: Detects potential network activity of FleetDeck RMM tool
-- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_processes_sigma.yml
-  Description: Detects potential processes activity of FleetDeck RMM tool
-References: []
+- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml
+  Description: Detects potential network activity of FleetDesk.io RMM tool
+- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml
+  Description: Detects potential processes activity of FleetDesk.io RMM tool
+References:
+- https://fleetdeck.io/faq/
 Acknowledgement: []
diff --git a/yaml/fleetdeckio.yaml b/yaml/fleetdeckio.yaml
diff --git a/yaml/fleetdesk.io.yaml b/yaml/fleetdesk.io.yaml