fix some issues (#33)

* fix some issues * fix date
magicsword-io · Oct 7, 2024 · 5b73c9d · 5b73c9d
1 parent edb6666
commit 5b73c9d
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 11 deletions.
diff --git a/yaml/action1.yaml b/yaml/action1.yaml
@@ -5,7 +5,7 @@ Description: "Action1 is a powerful Remote Monitoring and Management(RMM) tool t
   \ remote execution and then points that the agent is installed.\n"
 Author: '@kostastsale'
 Created: '2024-08-03'
-LastModified: '2024-08-03'
+LastModified: '2024-10-06'
 Details:
   Website: https://www.action1.com/
   PEMetadata:
@@ -55,12 +55,13 @@ Artifacts:
   - EventID: 7045
     ProviderName: Service Control Manager
     LogFile: System.evtx
-    ServiceName: Action1 Agent
+    ServiceName: A1Agent
     ImagePath: '"C:\\Windows\\Action1\\action1_agent.exe"'
     Description: Service installation event as result of Action1 installation.
-  - EventID: 4688
+  - EventID: 4697
     ProviderName: Microsoft-Security-Auditing
     LogFile: Security.evtx
+    ServiceName: A1Agent
     CommandLine: C:\Windows\Action1\action1_agent.exe service
     Description: Service installation event as result of Action1 installation.
   - EventID: 4688

diff --git a/yaml/anydesk.yaml b/yaml/anydesk.yaml
@@ -8,7 +8,7 @@ Description: 'AnyDesk is a popular remote desktop software that enables users to
   '
 Author: Ali Alwashali, Nasreddine Bencherchali
 Created: '2023-09-29'
-LastModified: '2024-08-02'
+LastModified: '2024-10-06'
 Details:
   Website: https://anydesk.com/en
   PEMetadata:
@@ -121,6 +121,12 @@ Artifacts:
     ServiceName: AnyDesk Service
     ImagePath: '"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe" --service'
     Description: Service installation event as result of AnyDesk installation.
+  - EventID: 4697
+    ProviderName: Microsoft-Security-Auditing
+    LogFile: Security.evtx
+    ServiceName: AnyDesk Service
+    ImagePath: '"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe" --service'
+    Description: Service installation event as result of AnyDesk installation.
   Registry:
   - Path: HKLM\SOFTWARE\Clients\Media\AnyDesk
     Description: N/A

diff --git a/yaml/atera.yaml b/yaml/atera.yaml
@@ -1,10 +1,8 @@
 Name: Atera
-Description: 'Atera is a remote monitoring and management (RMM) tool. It is used by
-  threat actors to deploy ransomware or facilitate command execution and lateral movement.
-
-  '
-Created: 2024/08/03
-LastModified: ''
+Description: |
+  Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransomware or facilitate command execution and lateral movement.
+Created: '2024-08-03'
+LastModified: '2024-10-06'
 Details:
   Website: https://www.atera.com/
   PEMetadata:
@@ -91,7 +89,7 @@ Artifacts:
     LogFile: Application.evtx
     Data: 'Product: AteraAgent -- Installation completed successfully.'
     Description: Service installation event as result of AteraAgent installation.
-  - EventID: 4688
+  - EventID: 4697
     ProviderName: Microsoft-Security-Auditing
     LogFile: Security.evtx
     CommandLine: C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageFileExplorer\\AgentPackageFileExplorer.exe