diff --git a/website/pages/tools/chrome_remote_desktop.mdx b/website/pages/tools/chrome_remote_desktop.mdx
index 08f33c93..365a6408 100644
--- a/website/pages/tools/chrome_remote_desktop.mdx
+++ b/website/pages/tools/chrome_remote_desktop.mdx
@@ -36,7 +36,7 @@ Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More inf
 
 #### Network Artifacts
 <EuiSpacer size="xl"/>
-<NetworkArtifactsTable data={ [{"Description": "Known remote domains", "Domains": ["*remotedesktop-pa.googleapis.com", "*remotedesktop.google.com", "remotedesktop.google.com"], "Ports": []}] }/>
+<NetworkArtifactsTable data={ [{"Description": "Known remote domains", "Domains": ["*remotedesktop.google.com", "*remotedesktop-pa.googleapis.com", "remotedesktop.google.com"], "Ports": []}] }/>
 
 
 
diff --git a/website/pages/tools/distant_desktop.mdx b/website/pages/tools/distant_desktop.mdx
index 5bc10db5..167e0974 100644
--- a/website/pages/tools/distant_desktop.mdx
+++ b/website/pages/tools/distant_desktop.mdx
@@ -23,7 +23,7 @@ Distant Desktop is a remote monitoring and management (RMM) tool. More informati
 />
 
 #### Installation Paths
-<Card code={ ["ddsystem.exe", "dd.exe", "distant-desktop.exe"] }/>
+<Card code={ ["distant-desktop.exe", "dd.exe", "ddsystem.exe"] }/>
 
 
 
diff --git a/website/pages/tools/dw_service.mdx b/website/pages/tools/dw_service.mdx
index 02f57a33..cbac5203 100644
--- a/website/pages/tools/dw_service.mdx
+++ b/website/pages/tools/dw_service.mdx
@@ -23,7 +23,7 @@ DW Service is a remote monitoring and management (RMM) tool. More information wi
 />
 
 #### Installation Paths
-<Card code={ ["dwagsvc.exe", "dwagent.exe", "dwagsvc.exe"] }/>
+<Card code={ ["dwagent.exe", "dwagsvc.exe"] }/>
 
 
 
diff --git a/website/pages/tools/eset_remote_administrator.mdx b/website/pages/tools/eset_remote_administrator.mdx
index 3763a7f0..5a947bbb 100644
--- a/website/pages/tools/eset_remote_administrator.mdx
+++ b/website/pages/tools/eset_remote_administrator.mdx
@@ -23,7 +23,7 @@ ESET Remote Administrator is a remote monitoring and management (RMM) tool. More
 />
 
 #### Installation Paths
-<Card code={ ["era.exe", "einstaller.exe", "ezhelp*.exe", "eratool.exe", "ERAAgent.exe"] }/>
+<Card code={ ["einstaller.exe", "era.exe", "ERAAgent.exe", "ezhelp*.exe", "eratool.exe"] }/>
 
 
 
diff --git a/website/pages/tools/isl_online.mdx b/website/pages/tools/isl_online.mdx
index 271aaca4..1ab7927c 100644
--- a/website/pages/tools/isl_online.mdx
+++ b/website/pages/tools/isl_online.mdx
@@ -23,7 +23,7 @@ ISL Online is a remote monitoring and management (RMM) tool. More information wi
 />
 
 #### Installation Paths
-<Card code={ ["islalwaysonmonitor.exe", "isllight.exe", "isllightservice.exe", "ISLLightClient.exe", "C:\\Program Files (x86)\\ISL Online\\ISL Light*", "*\\ISL Online\\ISL Light*", "*\\ISLLight.exe"] }/>
+<Card code={ ["*\\ISLLight.exe", "isllight.exe", "ISLLightClient.exe", "C:\\Program Files (x86)\\ISL Online\\ISL Light*", "*\\ISL Online\\ISL Light*", "ISLLight.exe", "isllightservice.exe", "islalwaysonmonitor.exe"] }/>
 
 
 
diff --git a/website/pages/tools/microsoft_tsc.mdx b/website/pages/tools/microsoft_tsc.mdx
index 67737e36..d20a1a4b 100644
--- a/website/pages/tools/microsoft_tsc.mdx
+++ b/website/pages/tools/microsoft_tsc.mdx
@@ -23,7 +23,7 @@ Microsoft TSC is a remote monitoring and management (RMM) tool. More information
 />
 
 #### Installation Paths
-<Card code={ ["termsrv.exe"] }/>
+<Card code={ ["termsrv.exe", "mstsc.exe"] }/>
 
 
 
diff --git a/website/pages/tools/n-able_advanced_monitoring_agent.mdx b/website/pages/tools/n-able_advanced_monitoring_agent.mdx
index 4497d0c9..04a06096 100644
--- a/website/pages/tools/n-able_advanced_monitoring_agent.mdx
+++ b/website/pages/tools/n-able_advanced_monitoring_agent.mdx
@@ -23,7 +23,7 @@ N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) too
 />
 
 #### Installation Paths
-<Card code={ ["BASupSrvc.exe", "winagent.exe", "BASupApp.exe", "BASupTSHelper.exe", "Agent_*_RW.exe", "BASEClient.exe", "BASupSrvcCnfg.exe"] }/>
+<Card code={ ["Agent_*_RW.exe", "BASEClient.exe", "BASupApp.exe", "BASupSrvc.exe", "BASupSrvcCnfg.exe", "BASupTSHelper.exe"] }/>
 
 
 
@@ -36,7 +36,7 @@ N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) too
 
 #### Network Artifacts
 <EuiSpacer size="xl"/>
-<NetworkArtifactsTable data={ [{"Description": "Known remote domains", "Domains": ["*.beanywhere.com ", "systemmonitor.co.uk", "*system-monitor.com", "cloudbackup.management", "*systemmonitor.co.uk", "n-able.com", "systemmonitor.us", "*systemmonitor.eu.com", "*.logicnow.com", "*.swi-tc.com", "*remote.management", "systemmonitor.us.cdn.cloudflare.net", "*cloudbackup.management", "remote.management", "logicnow.com", "system-monitor.com", "*systemmonitor.us", "systemmonitor.eu.com", "*.n-able.com"], "Ports": []}] }/>
+<NetworkArtifactsTable data={ [{"Description": "Known remote domains", "Domains": ["*remote.management", "*.logicnow.com", "*systemmonitor.us", "*systemmonitor.eu.com", "*system-monitor.com", "systemmonitor.us.cdn.cloudflare.net", "*cloudbackup.management", "*systemmonitor.co.uk", "*.n-able.com", "*.beanywhere.com ", "*.swi-tc.com"], "Ports": []}] }/>
 
 
 
diff --git a/website/pages/tools/quick_assist.mdx b/website/pages/tools/quick_assist.mdx
index 8225a5cd..acf8fcb0 100644
--- a/website/pages/tools/quick_assist.mdx
+++ b/website/pages/tools/quick_assist.mdx
@@ -34,16 +34,11 @@ Quick Assist is a remote monitoring and management (RMM) tool. More information
 
 
 
-#### Network Artifacts
-<EuiSpacer size="xl"/>
-<NetworkArtifactsTable data={ [{"Description": "Known remote domains", "Domains": ["*.support.services.microsoft.com"], "Ports": []}] }/>
 
 
 
 
 ### Detections
-- Detects potential network activity of Quick Assist RMM tool
-  - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_network_sigma.yml)
 - Detects potential processes activity of Quick Assist RMM tool
   - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml)
 
diff --git a/website/public/api/rmm_tools.csv b/website/public/api/rmm_tools.csv
index c3c86874..51a94079 100644
--- a/website/public/api/rmm_tools.csv
+++ b/website/public/api/rmm_tools.csv
@@ -1,340 +1,340 @@
 Name,Category,Description,Author,Created,LastModified,Website,Filename,OriginalFileName,PEDescription,Product,Privileges,Free,Verification,SupportedOS,Capabilities,Vulnerabilities,InstallationPaths,Artifacts,Detections,References,Acknowledgement
+Domotz,,Domotz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"domotz.exe, Domotz Pro Desktop App.exe, domotz_bash.exe, domotz*.exe, Domotz Pro Desktop App Setup*.exe, domotz-windows*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.domotz.co"", ""domotz.com"", ""*cell-1.domotz.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_network_sigma.yml"", ""Description"": ""Detects potential network activity of Domotz RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Domotz RMM tool""}]",https://help.domotz.com/tips-tricks/unblock-outgoing-connections-on-firewall/,[]
 LabTeach (Connectwise Automate),,LabTeach (Connectwise Automate) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,ltsvc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/labteach__connectwise_automate__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LabTeach (Connectwise Automate) RMM tool""}]",,[]
-Zabbix Agent,,Zabbix Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,zabbix_agent*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""zabbix.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zabbix_agent_network_sigma.yml"", ""Description"": ""Detects potential network activity of Zabbix Agent RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zabbix_agent_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Zabbix Agent RMM tool""}]",https://www.zabbix.com/documentation/current/en/manual/appendix/install/windows_agent,[]
-Senso.cloud,,Senso.cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"SensoClient.exe, SensoService.exe, aadg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.senso.cloud"", ""senso.cloud""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_network_sigma.yml"", ""Description"": ""Detects potential network activity of Senso.cloud RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Senso.cloud RMM tool""}]",https://support.senso.cloud/support/solutions/articles/79000116305-firewall-and-content-filter-configuration,[]
-I'm InTouch,,I'm InTouch is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"iit.exe, intouch.exe, I'm InTouch Go Installer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.01com.com"", ""01com.com/imintouch-remote-pc-desktop""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_network_sigma.yml"", ""Description"": ""Detects potential network activity of I'm InTouch RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of I'm InTouch RMM tool""}]",https://www.01com.com/mobile/imintouch-remote-pc-desktop/faqs/remote-access/,[]
-RustDesk,,RustDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rustdesk*.exe, rustdesk.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""rustdesk.com"", ""user_managed"", ""web.rustdesk.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of RustDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RustDesk RMM tool""}]",https://rustdesk.com/docs/en/,[]
-Electric AI (Kaseya),,Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://www.electric.ai/product/device-management-solutions - Usess Kaseya/jamf,[]
-ZOC,,ZOC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\ZOC8\*, *\ZOC?\*, *\zoc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ZOC RMM tool""}]",,[]
-Any Support,,Any Support is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/27/2024,,,,,,,,,,,,ManualLauncher.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.anysupport.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_network_sigma.yml"", ""Description"": ""Detects potential network activity of Any Support RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Any Support RMM tool""}]",https://www.anysupport.net/introduce_howto.php,[]
-PDQ Connect,,PDQ Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,pdq-connect*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""app.pdq.com"", ""cfcdn.pdq.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of PDQ Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PDQ Connect RMM tool""}]",https://connect.pdq.com/hc/en-us/articles/9518992071707-Network-Requirements,[]
-Pcnow,,Pcnow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"mwcliun.exe, pcnmgr.exe, webexpcnow.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""au.pcmag.com/utilities/21470/webex-pcnow""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pcnow RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pcnow RMM tool""}]",http://pcnow.webex.com/ - DOA as of 2024,[]
-Quick Assist,,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Quick Assist RMM tool""}]",,[]
-Seetrol,,Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"seetrolcenter.exe, seetrolclient.exe, seetrolmyservice.exe, seetrolremote.exe, seetrolsetting.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""seetrol.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_network_sigma.yml"", ""Description"": ""Detects potential network activity of Seetrol RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Seetrol RMM tool""}]",http://www.seetrol.com/en/features/features3.php,[]
-CarotDAV,,CarotDAV is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Rei Software\CarotDAV\*, *\Rei Software\CarotDAV\*, *\CarotDAV.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/carotdav_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CarotDAV RMM tool""}]",,[]
-Goverlan,,Goverlan is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"goverrmc.exe, govsrv*.exe, GovAgentInstallHelper.exe, GovAgentx64.exe, GovReachClient.exe, C:\Program Files (x86)\PJ Technologies\GOVsrv\*, *\PJ Technologies\GOVsrv\*, *\GovSrv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""goverlan.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_network_sigma.yml"", ""Description"": ""Detects potential network activity of Goverlan RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Goverlan RMM tool""}]",https://www.goverlan.com/pdf/Goverlan-Remote-Control-Software.pdf,[]
-OptiTune,,OptiTune is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"OTService.exe, OTPowerShell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.optitune.us"", ""*.opti-tune.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/optitune_network_sigma.yml"", ""Description"": ""Detects potential network activity of OptiTune RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/optitune_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of OptiTune RMM tool""}]",https://www.bravurasoftware.com/optitune/support/faq.aspx,[]
-EMCO Remote Console,,EMCO Remote Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,remoteconsole.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""emcosoftware.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/emco_remote_console_network_sigma.yml"", ""Description"": ""Detects potential network activity of EMCO Remote Console RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/emco_remote_console_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of EMCO Remote Console RMM tool""}]",,[]
-N-Able Advanced Monitoring Agent,,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Agent_*_RW.exe, BASEClient.exe, BASupApp.exe, BASupSrvc.exe, BASupSrvcCnfg.exe, BASupTSHelper.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*remote.management"", ""*.logicnow.com"", ""*systemmonitor.us"", ""*systemmonitor.eu.com"", ""*system-monitor.com"", ""systemmonitor.us.cdn.cloudflare.net"", ""*cloudbackup.management"", ""*systemmonitor.co.uk"", ""*.n-able.com"", ""*.beanywhere.com "", ""*.swi-tc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_network_sigma.yml"", ""Description"": ""Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool""}]",https://documentation.n-able.com/takecontrol/troubleshooting/Content/kb/Take-Control-Standalone-Ports-and-Domains-Firewall-and-AV-Exclusions.htm,[]
-Tailscale,,Tailscale is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"tailscale-*.exe, tailscaled.exe, tailscale-ipn.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.tailscale.com"", ""*.tailscale.io"", ""tailscale.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tailscale_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tailscale RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tailscale_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Tailscale RMM tool""}]",https://tailscale.com/kb/1023/troubleshooting,[]
-Pilixo,,Pilixo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rdp.exe, Pilixo_Installer*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""pilixo.com"", ""download.pilixo.com"", ""*.pilixo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pilixo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pilixo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pilixo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pilixo RMM tool""}]",https://pilixo.freshdesk.com/support/solutions/articles/9000141879-device-connectivity-and-firewalls,[]
-Remote Desktop Manager (Devolutions),,Remote Desktop Manager (Devolutions) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-BeyondTrust (Bomgar),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"bomgar-scc-*.exe, bomgar-scc.exe, bomgar-pac-*.exe, bomgar-pac.exe, bomgar-rdp.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.beyondtrustcloud.com"", ""*.bomgarcloud.com"", ""bomgarcloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml"", ""Description"": ""Detects potential network activity of BeyondTrust (Bomgar) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeyondTrust (Bomgar) RMM tool""}]",https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm,[]
-Alpemix,,"Alpemix is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.
-",Nasreddine Bencherchali,2024-08-05,2024-08-05,https://www.alpemix.com/en/Home,Alpemix.exe,Alpemix,Alpemix,Alpemix,,,,"Windows, Linux, Android, Mac, IOS","5 Different Solutions for Remote Support, Access to Unattended Computers, Access to User Account Control (UAC) Screens, Add Your Own Logo, Auto Sizing, Automatic Update, Clipboard Transfer, Computer Independent Licensing, Contact List and Groups, Encrypted Communication, External Communication Barrier, File Transfer, Instant Messaging, Multi-Platform Support, Multiple Chat, Multiple Connections, No Port Forwarding Required, Peer to Peer Connection (p2p), Receiving Offline Message, Remote Restart, ReportingRestricting The Authority, Screen Sharing, Sending Announcement Message, Sharing a certain part of the screen, Video Recording, Voice Communication, Who is currently supporting?, Working in Black Screen Mode",,"C:\AlpemixService.exe, C:\AlpemixSrvc\","{""Disk"": [{""File"": ""%localappdata%\\Alpemix\\Alpemix.ini"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""AlpemixSrvc"", ""ImagePath"": ""*\\Alpemix.exe servicestartxxx"", ""Description"": ""Service installation event as result of Alpemix installation.""}], ""Registry"": [{""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\AlpemixSrvcx"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.alpemix.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.teknopars.com""], ""Ports"": [80]}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Alpemix RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_network_sigma.yml"", ""Description"": ""Detects potential network activity of Alpemix RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_files_sigma.yml"", ""Description"": ""Detects potential files activity of Alpemix RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Alpemix RMM tool""}]",https://www.alpemix.com/en/remote-access,"[{""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]"
-CloudBerry Explorer,,CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\CloudBerryLab\CloudBerry Drive\*, *\CloudBerryLab\CloudBerry Drive\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Auvik,,Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"auvik.engine.exe, auvik.agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.my.auvik.com"", ""*.auvik.com"", ""auvik.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_network_sigma.yml"", ""Description"": ""Detects potential network activity of Auvik RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Auvik RMM tool""}]",https://support.auvik.com/hc/en-us/articles/204315700-What-protocols-and-ports-does-the-Auvik-collector-use,[]
-Microsoft RDP,,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"termsrv.exe, mstsc.exe, Microsoft Remote Desktop","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft RDP RMM tool""}]",https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows,[]
-Microsoft OneDrive,,Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Tactical RMM,,Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"tacticalrmm.exe, tacticalrmm.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""login.tailscale.com"", ""login.tailscale.com"", ""docs.tacticalrmm.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tactical RMM RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Tactical RMM RMM tool""}]",docs.tacticalrmm.com,[]
-MioNet (WD Anywhere Access),,MioNet (WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"mionet.exe, mionetmanager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mionet__wd_anywhere_access__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MioNet (WD Anywhere Access) RMM tool""}]",https://en.wikipedia.org/wiki/WD_Anywhere_Access - DOA as of 2016,[]
-Comodo RMM,,Comodo RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"itsmagent.exe, rviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.itsm-us1.comodo.com"", ""*mdmsupport.comodo.com"", ""one.comodo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_network_sigma.yml"", ""Description"": ""Detects potential network activity of Comodo RMM RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Comodo RMM RMM tool""}]","https://help.itarian.com/topic-459-1-1005-14776-Appendix-1b---Endpoint-Manager-Services---IP-Nos,-Host-Names-and-Port-Details---US-Customers.html",[]
-Pocket Controller,,Pocket Controller is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"pocketcontroller.exe, pocketcloudservice.exe, wysebrowser.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""soti.net/products/soti-pocket-controller""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pocket Controller RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pocket Controller RMM tool""}]",,[]
-NordLocker,,NordLocker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-ExpanDrive,,ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\ExpanDrive.exe, *\ExpanDrive.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/expandrive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ExpanDrive RMM tool""}]",,[]
-OCS inventory,,OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"ocsinventory.exe, ocsservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ocsinventory-ng.org""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_network_sigma.yml"", ""Description"": ""Detects potential network activity of OCS inventory RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of OCS inventory RMM tool""}]",https://ocsinventory-ng.org/?page_id=878&lang=en,[]
-GotoHTTP,,GotoHTTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"GotoHTTP_x64.exe, gotohttp.exe, GotoHTTP*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.gotohttp.com"", ""gotohttp.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_network_sigma.yml"", ""Description"": ""Detects potential network activity of GotoHTTP RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GotoHTTP RMM tool""}]",https://gotohttp.com/goto/help.12x,[]
-CloudXplorer,,CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\ClumsyLeaf Software\CloudXplorer\*, *\ClumsyLeaf Software\CloudXplorer\*, *\clumsyleaf.cloudxplorer*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudxplorer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudXplorer RMM tool""}]",,[]
-Terminals,,Terminals is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+ServerEye,,ServerEye is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"servereye*.exe, ServiceProxyLocalSys.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.server-eye.de""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_network_sigma.yml"", ""Description"": ""Detects potential network activity of ServerEye RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ServerEye RMM tool""}]",https://www.servereye.de/wp-content/uploads/Anleitung-zur-Erstinstallation_aktuell.pdf,[]
 RPort,,RPort is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,rport.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""rport.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rport_network_sigma.yml"", ""Description"": ""Detects potential network activity of RPort RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rport_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RPort RMM tool""}]",https://kb.rport.io/using-the-remote-access,[]
-CentraStage (Now Datto),,CentraStage (Now Datto) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"CagService.exe, AEMAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.rmm.datto.com"", ""*cc.centrastage.net"", ""datto.com/au/products/rmm/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__network_sigma.yml"", ""Description"": ""Detects potential network activity of CentraStage (Now Datto) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CentraStage (Now Datto) RMM tool""}]",https://rmm.datto.com/help/de/Content/1INTRODUCTION/Requirements/AllowListRequirements.htm,[]
-Instant Housecall,,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"hsloader.exe, InstantHousecall.exe, ihcserver.exe, instanthousecall.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.instanthousecall.com"", ""secure.instanthousecall.com"", ""*.instanthousecall.net"", ""instanthousecall.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_network_sigma.yml"", ""Description"": ""Detects potential network activity of Instant Housecall RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Instant Housecall RMM tool""}]",https://instanthousecall.com/features/,[]
-CruzControl,,CruzControl is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://resources.doradosoftware.com/cruz-rmm,[]
-Mikogo,,Mikogo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"mikogo.exe, mikogo-starter.exe, mikogo-service.exe, mikogolauncher.exe, C:\Users\*\AppData\Roaming\Mikogo\*, *Users\*\AppData\Roaming\Mikogo\*, *\Mikogo-Service.exe, *\Mikogo-Screen-Service.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.real-time-collaboration.com"", ""*.mikogo4.com"", ""*.mikogo.com"", ""mikogo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mikogo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Mikogo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mikogo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Mikogo RMM tool""}]",https://mikogo.zendesk.com/hc/en-us/articles/214072478-Which-IP-addresses-do-we-use-for-our-services,[]
-mRemoteNG,,mRemoteNG is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"mRemoteNG.exe, C:\Program Files (x86)\mRemoteNG\*, *\mRemoteNG\*, *\mRemoteNG.exe, c:\Program Files (x86)%\mRemoteNG, *%\mRemoteNG, mRemoteNG-Installer-*.msi, *\mRemoteNG.exe","{""Disk"": [{""File"": ""C:\\Users\\*\\AppData\\Roaming\\mRemoteNG\\mRemoteNG.log"", ""Description"": ""mRemoteNG log file"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\AppData\\Roaming\\mRemoteNG\\confCons.xml"", ""Description"": ""mRemoteNG configuration file"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\AppData\\*\\mRemoteNG\\**10\\user.config"", ""Description"": ""mRemoteNG user configuration file"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""mremoteng.org""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_network_sigma.yml"", ""Description"": ""Detects potential network activity of mRemoteNG RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_files_sigma.yml"", ""Description"": ""Detects potential files activity of mRemoteNG RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of mRemoteNG RMM tool""}]",https://github.com/mRemoteNG/mRemoteNG,[]
-LabTech RMM (Now ConnectWise Automate),,LabTech RMM (Now ConnectWise Automate) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"ltsvc.exe, ltsvcmon.exe, lttray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""connectwise.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/labtech_rmm__now_connectwise_automate__network_sigma.yml"", ""Description"": ""Detects potential network activity of LabTech RMM (Now ConnectWise Automate) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/labtech_rmm__now_connectwise_automate__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LabTech RMM (Now ConnectWise Automate) RMM tool""}]",,[]
-ScreenMeet,,ScreenMeet is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"ScreenMeetSupport.exe, ScreenMeet.Support.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.screenmeet.com"", ""*.scrn.mt""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_network_sigma.yml"", ""Description"": ""Detects potential network activity of ScreenMeet RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ScreenMeet RMM tool""}]",https://docs.screenmeet.com/docs/firewall-white-list,[]
-RES Automation Manager,,RES Automation Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"wisshell*.exe, wmc.exe, wmc_deployer.exe, wmcsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ivanti.com/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_network_sigma.yml"", ""Description"": ""Detects potential network activity of RES Automation Manager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RES Automation Manager RMM tool""}]",https://forums.ivanti.com/s/article/INFO-Which-ports-does-Ivanti-Automation-use?language=en_US&ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1,[]
-Anyplace Control,,Anyplace Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,apc_host.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""anyplace-control.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of Anyplace Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Anyplace Control RMM tool""}]",http://www.anyplace-control.com/anyplace-control/help/faq.htm,[]
-Dropbox,,Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Dropbox\Client\*, *\Dropbox\Client\*, *\Dropbox.exe, *Users\*\Dropbox\bin\","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dropbox_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Dropbox RMM tool""}]",,[]
-TightVNC,,TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"tvnviewer.exe, TightVNCViewerPortable*.exe, tvnserver.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""tightvnc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of TightVNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TightVNC RMM tool""}]",https://www.tightvnc.com/doc/win/TightVNC_for_Windows-Installation_and_Getting_Started.pdf,[]
-LiteManager,,LiteManager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"lmnoipserver.exe, ROMFUSClient.exe, romfusclient.exe, romviewer.exe, romserver.exe, ROMServer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.litemanager.ru"", ""*.litemanager.com"", ""litemanager.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_network_sigma.yml"", ""Description"": ""Detects potential network activity of LiteManager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LiteManager RMM tool""}]",https://www.litemanager.com/articles/LiteManager_remote_access_to_a_desktop_via_the_Internet_or_LAN/,[]
+Azure Storage Explorer,,Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Microsoft Azure Storage Explorer\*, *\Microsoft Azure Storage Explorer\*, *\StorageExplorer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/azure_storage_explorer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Azure Storage Explorer RMM tool""}]",,[]
+PSEXEC (Clone),,PSEXEC (Clone) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"paexec.exe, PAExec-*.exe, csexec.exe , remcom.exe, remcomsvc.exe, xcmd.exe, xcmdsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__network_sigma.yml"", ""Description"": ""Detects potential network activity of PSEXEC (Clone) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PSEXEC (Clone) RMM tool""}]",https://www.poweradmin.com/paexec/,[]
+NoMachine,,NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nomachine*.exe, nxservice*.ese, nxd.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""nomachine.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_network_sigma.yml"", ""Description"": ""Detects potential network activity of NoMachine RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NoMachine RMM tool""}]",https://kb.nomachine.com/AR04S01122,[]
+Microsoft OneDrive,,Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Xeox,,Xeox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"xeox-agent_x64.exe, xeox_service_windows.exe, xeox-agent_*.exe, xeox-agent_x86.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.xeox.com"", ""xeox.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_network_sigma.yml"", ""Description"": ""Detects potential network activity of Xeox RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Xeox RMM tool""}]",https://help.xeox.com/knowledge-base/gSuyNfDH6u79M82utnswf2/firewall-settings-xeox-agent-and-integrations/47T7S9tZJ2L1Z2W5gwuXoW,[]
+Netop,,Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Danware Data\NetOp Packn Deploy\*, *\Danware Data\NetOp Packn Deploy\*, *\Netop Remote Control\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+KHelpDesk,,KHelpDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,KHelpDesk.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.khelpdesk.com.br""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of KHelpDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of KHelpDesk RMM tool""}]",https://www.khelpdesk.com.br/en-us,[]
 Box,,Box is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Box\Box\*, *\Box\Box\*, *\Box.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/box_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Box RMM tool""}]",,[]
-Sophos-Remote Management System,,Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"clientmrinit.exe, mgntsvc.exe, routernt.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.sophos.com"", ""*.sophosupd.com"", ""*.sophosupd.net"", ""community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_network_sigma.yml"", ""Description"": ""Detects potential network activity of Sophos-Remote Management System RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Sophos-Remote Management System RMM tool""}]",community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system,[]
-ManageEngine,,ManageEngine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"InstallShield Setup.exe, ManageEngine_Remote_Access_Plus.exe, *\dcagentservice.exe, C:\Program Files (x86)\DesktopCentral_Agent\bin\*, *\DesktopCentral_Agent\bin\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ManageEngine RMM tool""}]",,[]
-Cloud Explorer,,Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Splashtop Remote,,Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"strwinclt.exe, Splashtop_Streamer_Windows*.exe, SplashtopSOS.exe, sragent.exe, srmanager.exe, srserver.exe, srservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""splashtop.com"", ""*.api.splashtop.com"", ""*.relay.splashtop.com"", ""*.api.splashtop.eu""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_network_sigma.yml"", ""Description"": ""Detects potential network activity of Splashtop Remote RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Splashtop Remote RMM tool""}]",https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/115001811966-What-are-the-Firewall-Exceptions-and-IP-addresses-of-Splashtop-servers-Services,[]
-Dameware-mini remote control Protocol,,Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"dntus*.exe, dwrcs.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""dameware.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml"", ""Description"": ""Detects potential network activity of Dameware-mini remote control Protocol RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Dameware-mini remote control Protocol RMM tool""}]",,[]
-rdp2tcp,,rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"tdp2tcp.exe, rdp2tcp.py","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""github.com/V-E-O/rdp2tcp""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_network_sigma.yml"", ""Description"": ""Detects potential network activity of rdp2tcp RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of rdp2tcp RMM tool""}]",github.com/V-E-O/rdp2tcp,[]
-FleetDesk.io,,FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"fleetdeck_agent_svc.exe, fleetdeck_commander_svc.exe, fleetdeck_installer.exe, fleetdeck_agent.exe, fleetdeck_commander_launcher.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fleetdeck.io"", ""cognito-idp.us-west-2.amazonaws.com"", ""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDesk.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDesk.io RMM tool""}]",https://fleetdeck.io/faq/,[]
-Jump Cloud,,Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,JumpCloud*.exe ,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.api.jumpcloud.com"", ""*.assist.jumpcloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_cloud_network_sigma.yml"", ""Description"": ""Detects potential network activity of Jump Cloud RMM tool""}]",https://jumpcloud.com/support/understand-remote-assist-agent,[]
-RuDesktop,,RuDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rd.exe, rudesktop*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.rudesktop.ru"", ""rudesktop.ru""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of RuDesktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RuDesktop RMM tool""}]",https://rudesktop.ru,[]
+Bomgar - Now BeyondTrust,,Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Apple Remote Desktop,,Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/24/2024,,,,,,,,,,,,ARDAgent.app,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/apple_remote_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Apple Remote Desktop RMM tool""}]",https://support.apple.com/guide/remote-desktop/install-and-set-up-remote-desktop-apdf49e03a4/mac,[]
+Royal Server,,Royal Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""royalapps.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_server_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal Server RMM tool""}]",,[]
+FleetDeck.io,,FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"fleetdeck_agent_svc.exe, fleetdeck_commander_svc.exe, fleetdeck_installer.exe, fleetdeck_commander_launcher.exe, fleetdeck_agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDeck.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDeck.io RMM tool""}]",,[]
+rsync,,rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+ISL Online,,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"islalwaysonmonitor.exe, isllight.exe, isllightservice.exe, ISLLightClient.exe, C:\Program Files (x86)\ISL Online\ISL Light*, *\ISL Online\ISL Light*, *\ISLLight.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.islonline.com"", ""*.islonline.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml"", ""Description"": ""Detects potential network activity of ISL Online RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ISL Online RMM tool""}]",https://help.islonline.com/19818/165940,[]
+NTR Remote,,NTR Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,NTRsupportPro_EN.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ntrsupport.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_network_sigma.yml"", ""Description"": ""Detects potential network activity of NTR Remote RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NTR Remote RMM tool""}]",DOA as of 2024,[]
+MeshCentral,,MeshCentral is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"meshcentral*.exe, mesh*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""meshcentral.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_network_sigma.yml"", ""Description"": ""Detects potential network activity of MeshCentral RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MeshCentral RMM tool""}]",https://ylianst.github.io/MeshCentral/meshcentral/,[]
+JollysFastVNC,,JollysFastVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+PuTTY Tray,,PuTTY Tray is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\puttytray.exe, *\puttytray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/putty_tray_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PuTTY Tray RMM tool""}]",,[]
 LogMeIn,,"LogMeIn is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.
 ",Nasreddine Bencherchali,2024-08-05,2024-08-05,https://www.logmein.com/,lmiguardiansvc.exe,,,,,,,,,,None,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""logmein-gateway.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.logmein.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.logmein.eu""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""logmeinrescue.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.logmeininc.com""], ""Ports"": [443]}]}","[{""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/dns_query/dns_query_win_remote_access_software_domains_non_browsers.yml"", ""Description"": ""DNS Query To Remote Access Software Domain From Non-Browser App""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_remote_access_tools_logmein.yml"", ""Description"": ""Remote Access Tool - LogMeIn Execution""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_network_sigma.yml"", ""Description"": ""Detects potential network activity of LogMeIn RMM tool""}]",https://support.logmeininc.com/central/help/allowlisting-and-firewall-configuration,"[{""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]"
-SmartFTP,,SmartFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\SmartFTP Client\en-US\, *\SmartFTP Client\*, *\SfShellTools.dll.mui","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-NetSupport Manager,,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pcictlui.exe, pcicfgui.exe, client32.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.netsupportmanager.com"", ""netsupportmanager.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_network_sigma.yml"", ""Description"": ""Detects potential network activity of NetSupport Manager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NetSupport Manager RMM tool""}]",https://www.netsupportmanager.com/resources/,[]
+Electric,,Electric is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""electric.ai""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml"", ""Description"": ""Detects potential network activity of Electric RMM tool""}]",,[]
+CruzControl,,CruzControl is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://resources.doradosoftware.com/cruz-rmm,[]
+Netreo,,Netreo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""charon.netreo.net"", ""activation.netreo.net"", ""*.api.netreo.com"", ""netreo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netreo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Netreo RMM tool""}]",https://solutions.netreo.com/docs/firewall-requirements,[]
+DW Service,,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"dwagsvc.exe, dwagent.exe, dwagsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.dwservice.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml"", ""Description"": ""Detects potential network activity of DW Service RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DW Service RMM tool""}]",https://news.dwservice.net/dwservice-security-infrastructure/,[]
+Remote.it,,Remote.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"remote-it-installer.exe, remote.it.exe, remoteit.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""auth.api.remote.it"", ""api.remote.it"", ""remote.it""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote.it RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote.it RMM tool""}]",https://docs.remote.it/introduction/get-started,[]
+FileZilla,,FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\FileZilla FTP Client\*, *\FileZilla FTP Client\*, *\FileZilla.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/filezilla_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FileZilla RMM tool""}]",,[]
+DeskNets,,DeskNets is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://www.desknets.com/en/download.html,[]
+MEGAsync,,MEGAsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Local\MEGAsync\*, *Users\*\AppData\Local\MEGAsync\*, *Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*, *ProgramData\MEGAsync\*, *\MEGAsyncSetup64.exe, *\MEGAupdater.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/megasync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MEGAsync RMM tool""}]",,[]
+Bitvise SSH Client,,Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Bitvise SSH Client\*, *\Bitvise SSH Client\*, *\BvSshClient-Inst.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_client_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Bitvise SSH Client RMM tool""}]",,[]
+Netop Remote Control (Impero Connect),,Netop Remote Control (Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nhostsvc.exe, nhstw32.exe, ngstw32.exe, Netop Ondemand.exe, nldrw32.exe, rmserverconsolemediator.exe, ImperoInit.exe, Connect.Backdrop.cloud*.exe, ImperoClientSVC.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.connect.backdrop.cloud"", ""*.netop.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__network_sigma.yml"", ""Description"": ""Detects potential network activity of Netop Remote Control (Impero Connect) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Netop Remote Control (Impero Connect) RMM tool""}]",https://kb.netop.com/article/firewall-and-proxy-server-considerations-when-using-netop-portal-communication-373.html,[]
+RemotePass,,RemotePass is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"remotepass-access.exe, rpaccess.exe, rpwhostscr.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""remotepass.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepass_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemotePass RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepass_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemotePass RMM tool""}]",https://www.remotepass.com/rpaccess.html - DOA as of 2024,[]
+Addigy,,Addigy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/27/2024,,,,,,,,,,,,addigy-*.pkg,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""prod.addigy.com"", ""grtmprod.addigy.com"", ""agents.addigy.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/addigy_network_sigma.yml"", ""Description"": ""Detects potential network activity of Addigy RMM tool""}]",https://addigy.com/,[]
+Syncro,,Syncro is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/13/2024,,,,,,,,,,,,"Syncro.Installer.exe, Kabuto.App.Runner.exe, Syncro.Overmind.Service.exe, Kabuto.Installer.exe, KabutoSetup.exe, Syncro.Service.exe, Kabuto.Service.Runner.exe, Syncro.App.Runner.exe, SyncroLive.Service.exe, SyncroLive.Agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""kabuto.io"", ""*.syncromsp.com"", ""*.syncroapi.com"", ""syncromsp.com"", ""servably.com"", ""ld.aurelius.host"", ""app.kabuto.io "", ""*.kabutoservices.com"", ""repairshopr.com"", ""kabutoservices.com"", ""attachments.servably.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncro_network_sigma.yml"", ""Description"": ""Detects potential network activity of Syncro RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncro_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Syncro RMM tool""}]",https://community.syncromsp.com/t/syncro-exceptions-and-allowlists/2004,[]
+IntelliAdmin Remote Control,,IntelliAdmin Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"iadmin.exe, intelliadmin.exe, agent32.exe, agent64.exe, agent_setup_5.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""*.intelliadmin.com"", ""intelliadmin.com/remote-control""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of IntelliAdmin Remote Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of IntelliAdmin Remote Control RMM tool""}]",intelliadmin.com/remote-control,[]
+Tanium Deploy,,Tanium Deploy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""tanium.com/products/tanium-deploy""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_deploy_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tanium Deploy RMM tool""}]",,[]
+AweRay,,AweRay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"aweray_remote*.exe, AweSun.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""asapi*.aweray.net"", ""client-api.aweray.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray_network_sigma.yml"", ""Description"": ""Detects potential network activity of AweRay RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AweRay RMM tool""}]",https://sun.aweray.com/help,[]
+UltraVNC,,UltraVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,UltraVNC*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""ultravnc.com"", ""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of UltraVNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of UltraVNC RMM tool""}]",https://uvnc.com/docs/uvnc-server/49-UltraVNC-server-configuration.html,[]
+Site24x7,,Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/13/2024,,,,,,,,,,,,"MEAgentHelper.exe, MonitoringAgent.exe, Site24x7WindowsAgentTrayIcon.exe, Site24x7PluginAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""plus*.site24x7.com"", ""plus*.site24x7.eu"", ""plus*.site24x7.in"", ""plus*.site24x7.cn"", ""plus*.site24x7.net.au"", ""site24x7.com/msp""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_network_sigma.yml"", ""Description"": ""Detects potential network activity of Site24x7 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Site24x7 RMM tool""}]",https://support.site24x7.com/portal/en/kb/articles/which-ports-do-i-need-to-allow-access-in-my-firewall-to-use-site24x7-agent,[]
+Kaseya (VSA),,"Kaseya (VSA) aka Unigma is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.
+",Nasreddine Bencherchali,2024-08-05,2024-08-05,,agentmon.exe,,,,,,,,,,"C:\Program Files (x86)\Kaseya\, C:\ProgramData\Kaseya\","{""Disk"": [{""File"": ""%localappdata%\\Kaseya\\Log\\KaseyaLiveConnect\\*"", ""Description"": ""Kaseya Live Connect logs"", ""OS"": ""Windows""}, {""File"": ""~/Library/Logs/com.kaseya/KaseyaLiveConnect/*"", ""Description"": ""Kaseya Live Connect logs"", ""OS"": ""MacOS""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\Endpoint\\*"", ""Description"": ""Kaseya Endpoint logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files*\\Kaseya\\*\\agentmon.log"", ""Description"": ""Kaseya Agent Monitor log""}, {""File"": ""/var/log/system.log"", ""Description"": ""Kaseya Agent Monitor log"", ""OS"": ""MacOS 32bit""}, {""File"": "" ~/opt/kaseya/*/logs*"", ""Description"": ""Kaseya Agent Monitor log"", ""OS"": ""MacOS 64bit""}, {""File"": ""C:\\Users\\*\\AppData\\Local\\Temp\\KASetup.log"", ""Description"": ""Kaseya Setup log in user temp directory"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Temp\\KASetup.log"", ""Description"": ""Kaseya Setup log in Windows temp directory"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\KaseyaEdgeServices\\*"", ""Description"": ""Kaseya Edge Services logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\api\\v1.0\\logs\\"", ""Description"": ""Kaseya API logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\api\\v1.5\\endpoint\\logs"", ""Description"": ""Kaseya API logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\api\\v1.5\\endpoints\\logs"", ""Description"": ""Kaseya API logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Kaseya\\Log\\MakeSelfSignedCert.exe\\"", ""Description"": ""Certificate creation"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\WebPages\\install\\makecert.txt"", ""Description"": ""Certificate creation"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\KaseyaEndpoint*"", ""Description"": ""Endpoint service logs"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\Session_*"", ""Description"": ""Session logs"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""deploy01.kaseya.com"", ""*managedsupport.kaseya.net"", ""*.kaseya.net"", ""kaseya.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__network_sigma.yml"", ""Description"": ""Detects potential network activity of Kaseya (VSA) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__files_sigma.yml"", ""Description"": ""Detects potential files activity of Kaseya (VSA) RMM tool""}]","https://helpdesk.kaseya.com/hc/en-gb/articles/229012608-Software-Deployment-URL-Port-Requirements, https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations, https://ruler-project.github.io/ruler-project/RULER/remote/Kaseya/, https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations",[]
+Cloud Turtle,,Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Genie9\*, *\Genie9\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Pulseway,,Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"PCMonitorManager.exe, pcmonitorsrv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""pulseway.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pulseway RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pulseway RMM tool""}]",https://intercom.help/pulseway/en/,[]
+Dropbox,,Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Dropbox\Client\*, *\Dropbox\Client\*, *\Dropbox.exe, *Users\*\Dropbox\bin\","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dropbox_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Dropbox RMM tool""}]",,[]
+Mikogo,,Mikogo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"mikogo.exe, mikogo-starter.exe, mikogo-service.exe, mikogolauncher.exe, C:\Users\*\AppData\Roaming\Mikogo\*, *Users\*\AppData\Roaming\Mikogo\*, *\Mikogo-Service.exe, *\Mikogo-Screen-Service.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.real-time-collaboration.com"", ""*.mikogo4.com"", ""*.mikogo.com"", ""mikogo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mikogo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Mikogo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mikogo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Mikogo RMM tool""}]",https://mikogo.zendesk.com/hc/en-us/articles/214072478-Which-IP-addresses-do-we-use-for-our-services,[]
+Action1,,"Action1 is a powerful Remote Monitoring and Management(RMM) tool that enables users to execute commands, scripts, and binaries. 
+Through the web interface of action1, the administrator must create a new policy or an app to establish remote execution and then points that the agent is installed.
+",@kostastsale,2024-08-03,2024-08-03,https://www.action1.com/,action1_connector.exe,,,,SYSTEM,Yes,Corporate email required although temporary email services are accepted,Windows,"Backup and disaster recovery, Billing and invoicing, Customer portal, HelpDesk and ticketing, Mobile app, Network discovery, Patch management, Remote monitoring and management, Reporting and analytics",,C:\Windows\Action1\*,"{""Disk"": [{""File"": ""C:\\Windows\\Action1\\action1_agent.exe"", ""Description"": ""Action1 service binary"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Action1\\*"", ""Description"": ""Multiple files and binaries related to Action1 installation"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Action1\\scripts\\*"", ""Description"": ""Multiple scripts related to Action1 installation"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Action1\\rule_data\\*"", ""Description"": ""Files related to Action1 rules"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Action1\\action1_log_*.log"", ""Description"": ""Contains history, errors, system notifications. Incoming and outgoing connections."", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""Action1 Agent"", ""ImagePath"": ""\""C:\\\\Windows\\\\Action1\\\\action1_agent.exe\"""", ""Description"": ""Service installation event as result of Action1 installation.""}, {""EventID"": 4688, ""ProviderName"": ""Microsoft-Security-Auditing"", ""LogFile"": ""Security.evtx"", ""CommandLine"": ""C:\\Windows\\Action1\\action1_agent.exe service"", ""Description"": ""Service installation event as result of Action1 installation.""}, {""EventID"": 4688, ""ProviderName"": ""Microsoft-Security-Auditing"", ""LogFile"": ""Security.evtx"", ""CommandLine"": ""C:\\Windows\\Action1\\action1_agent.exe loggedonuser"", ""Description"": ""Executing command to get logged on user.""}], ""Registry"": [{""Path"": ""HKLM\\System\\CurrentControlSet\\Services\\A1Agent"", ""Description"": ""Service installation event as result of Action1 installation.""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps\\action1_agent.exe"", ""Description"": ""Ensures that detailed crash information is available for analysis, which aids in maintaining the stability and reliability of the software.""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Action1"", ""Description"": ""Storing its configuration settings and other relevant information""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.action1.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""a1-backend-packages.s3.amazonaws.com""], ""Ports"": [443]}]}","[{""Name"": ""Arbitrary code execution and remote sessions via Action1 RMM"", ""Description"": ""Threat hunting rule for detecting the execution of arbitrary code and remote sessions via Action1 RMM"", ""author"": ""@kostastsale"", ""Link"": ""https://github.com/tsale/Sigma_rules/blob/ea87e4fc851207ca0f002ec043624f2b3bf1b2da/Threat%20Hunting%20Queries/Action1_RMM.yml""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Action1 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_network_sigma.yml"", ""Description"": ""Detects potential network activity of Action1 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_files_sigma.yml"", ""Description"": ""Detects potential files activity of Action1 RMM tool""}]","https://www.action1.com/documentation/firewall-configuration/, https://www.action1.com/documentation/, https://twitter.com/Kostastsale/status/1646256901506605063?s=20, https://ruler-project.github.io/ruler-project/RULER/remote/Action1/","[{""Person"": ""Kostas"", ""Handle"": ""@kostastsale""}]"
+KiTTY,,KiTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\kitty.exe, *\kitty.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kitty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of KiTTY RMM tool""}]",,[]
+PDQ Connect,,PDQ Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,pdq-connect*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""app.pdq.com"", ""cfcdn.pdq.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of PDQ Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PDQ Connect RMM tool""}]",https://connect.pdq.com/hc/en-us/articles/9518992071707-Network-Requirements,[]
+Ericom Connect,,Ericom Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"EricomConnectRemoteHost*.exe, ericomconnnectconfigurationtool.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ericom.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of Ericom Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ericom Connect RMM tool""}]",https://www.ericom.com/connect-accessnow/,[]
+PSEXEC,,PSEXEC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"psexec.exe, psexecsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec_network_sigma.yml"", ""Description"": ""Detects potential network activity of PSEXEC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PSEXEC RMM tool""}]",https://learn.microsoft.com/en-us/sysinternals/downloads/psexec,[]
+FreeRDP,,FreeRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+AliWangWang-remote-control,,AliWangWang-remote-control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,alitask.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""wangwang.taobao.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aliwangwang-remote-control_network_sigma.yml"", ""Description"": ""Detects potential network activity of AliWangWang-remote-control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aliwangwang-remote-control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AliWangWang-remote-control RMM tool""}]",https://github.com/KKomarov/AliWangWangEng/blob/master/chs.locale,[]
+GotoHTTP,,GotoHTTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"GotoHTTP_x64.exe, gotohttp.exe, GotoHTTP*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.gotohttp.com"", ""gotohttp.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_network_sigma.yml"", ""Description"": ""Detects potential network activity of GotoHTTP RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GotoHTTP RMM tool""}]",https://gotohttp.com/goto/help.12x,[]
+TeleDesktop,,TeleDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"pstlaunch.exe, ptdskclient.exe, ptdskhost.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""tele-desk.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of TeleDesktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TeleDesktop RMM tool""}]",http://potomacsoft.com/ - DOA as of 2024,[]
+Remote Utilities,,Remote Utilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rutview.exe, rutserv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.internetid.ru""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_utilities_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote Utilities RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_utilities_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote Utilities RMM tool""}]",https://www.remoteutilities.com/download/,[]
+MSP360,,MSP360 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Online Backup.exe, CBBackupPlan.exe, Cloud.Backup.Scheduler.exe, Cloud.Backup.RM.Service.exe, cbb.exe, CloudRaService.exe, CloudRaSd.exe, CloudRaCmd.exe, CloudRaUtilities.exe, Remote Desktop.exe, Connect.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.cloudberrylab.com"", ""*.msp360.com"", ""*.mspbackups.com"", ""msp360.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_network_sigma.yml"", ""Description"": ""Detects potential network activity of MSP360 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MSP360 RMM tool""}]",https://kb.msp360.com/managed-backup-service/mbs-tcp-ports-configuration#,[]
+Xshell,,Xshell is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\NetSarang\xShell\*, *\NetSarang\xShell\*, *\xShell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xshell_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Xshell RMM tool""}]",,[]
+RAdmin,,"RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.
+",Nasreddine Bencherchali,2024-08-05,2024-08-05,https://www.radmin.com/,RServer3.exe,RServer3.exe,Radmin Server,Radmin Server,,,,Windows,,,"C:\Program Files (x86)\Radmin Viewer 3\Radmin.exe, C:\Windows\SysWOW64\rserver30\rserver3.exe, C:\Windows\SysWOW64\rserver30\FamItrfc, C:\Windows\SysWOW64\rserver30\FamItrf2","{""Disk"": [{""File"": ""C:\\Windows\\SysWOW64\\rserver30\\Radm_log.htm"", ""Description"": ""RAdmin log file (32-bit)"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\System32\\rserver30\\Radm_log.htm"", ""Description"": ""RAdmin log file (64-bit)"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\System32\\rserver30\\CHATLOGS\\*\\*.htm"", ""Description"": ""RAdmin chat logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\Documents\\ChatLogs\\*\\*.htm"", ""Description"": ""RAdmin user chat logs"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [{""Path"": ""HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Radmin\\v3.0\\Server\\Parameters\\Radmin Security"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""radmin.com""], ""Ports"": [443]}]}","[{""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_pua_radmin.yml"", ""Description"": ""PUA - Radmin Viewer Utility Execution""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_registry_enumeration_for_credentials_cli.yml"", ""Description"": ""Enumeration for 3rd Party Creds From CLI""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of RAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_network_sigma.yml"", ""Description"": ""Detects potential network activity of RAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_files_sigma.yml"", ""Description"": ""Detects potential files activity of RAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RAdmin RMM tool""}]","https://radmin-club.com/radmin/how-to-establish-a-connection-outside-of-lan/, https://helpdesk.radmin.com/radmin3help/, https://helpdesk.radmin.com/radmin3help/files/viewercmd.htm, https://helpdesk.radmin.com/radmin3help/files/cmd.htm","[{""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]"
+NateOn-desktop sharing,,NateOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nateon*.exe, nateon.exe, nateonmain.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.nate.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_network_sigma.yml"", ""Description"": ""Detects potential network activity of NateOn-desktop sharing RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NateOn-desktop sharing RMM tool""}]",http://rsupport.nate.com/rview/r8/main/index.aspx,[]
+Splashtop (Beta),,Splashtop (Beta) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"SRServer.exe, SplashtopSOS.exe, Splashtop_Streamer_Windows*.exe, SRManager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""splashtop.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__network_sigma.yml"", ""Description"": ""Detects potential network activity of Splashtop (Beta) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Splashtop (Beta) RMM tool""}]",,[]
+ezHelp,,ezHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"ezhelpclientmanager.exe, ezHelpManager.exe, ezhelpclient.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ezhelp.co.kr"", ""ezhelp.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ezhelp_network_sigma.yml"", ""Description"": ""Detects potential network activity of ezHelp RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ezhelp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ezHelp RMM tool""}]",https://www.exhelp.co.kr,[]
+BeyondTrust (Bomgar),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"bomgar-scc-*.exe, bomgar-scc.exe, bomgar-pac-*.exe, bomgar-pac.exe, bomgar-rdp.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.beyondtrustcloud.com"", ""*.bomgarcloud.com"", ""bomgarcloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml"", ""Description"": ""Detects potential network activity of BeyondTrust (Bomgar) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeyondTrust (Bomgar) RMM tool""}]",https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm,[]
+ShowMyPC,,ShowMyPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"SMPCSetup.exe, showmypc*.exe, showmypc.exe, smpcsetup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.showmypc.com"", ""showmypc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/showmypc_network_sigma.yml"", ""Description"": ""Detects potential network activity of ShowMyPC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/showmypc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ShowMyPC RMM tool""}]",https://showmypc.com/service/faq/ShowMyPCSecurityOverview1.pdf,[]
+Distant Desktop,,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"ddsystem.exe, dd.exe, distant-desktop.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.distantdesktop.com"", ""*signalserver.xyz""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Distant Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Distant Desktop RMM tool""}]",https://www.distantdesktop.com/manual/first-start.htm,[]
+AweRay (AweSun),,AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"aweray_remote*.exe, AweSun.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""asapi-us.aweray.net"", ""asapi.aweray.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__network_sigma.yml"", ""Description"": ""Detects potential network activity of AweRay (AweSun) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AweRay (AweSun) RMM tool""}]",,[]
+HelpU,,HelpU is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"helpu_install.exe, HelpuUpdater.exe, HelpuManager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""helpu.co.kr"", ""*.helpu.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_network_sigma.yml"", ""Description"": ""Detects potential network activity of HelpU RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of HelpU RMM tool""}]",https://helpu.co.kr/,[]
+Solar-PuTTY,,Solar-PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Solar-Putty-v4\*, *\Solar-Putty-v4\*, *\Solar-PuTTY.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/solar-putty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Solar-PuTTY RMM tool""}]",,[]
+DesktopNow,,DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,desktopnow.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.nchuser.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_network_sigma.yml"", ""Description"": ""Detects potential network activity of DesktopNow RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DesktopNow RMM tool""}]",https://forums.ivanti.com/s/article/Network-Ports-used-by-Environment-Manager?language=en_US,[]
+Bitvise SSH Server,,Bitvise SSH Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Bitvise SSH Server\*, *\Bitvise SSH Server\*, *\BvSshServer-Inst.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_server_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Bitvise SSH Server RMM tool""}]",,[]
+TigerVNC,,TigerVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"tigervnc*.exe, winvnc4.exe, C:\Program Files\TightVNC\*, *\TightVNC\*, *\tvnserver.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tigervnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of TigerVNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tigervnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TigerVNC RMM tool""}]",https://github.com/TigerVNC/tigervnc/releases,[]
+NinjaOne (formerly NinjaRMM),,NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,*ProgramData\NinjaRMMAgent\*,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Chrome SSH Extension,,Chrome SSH Extension is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodihamcpbpeioajjeobimgagajmlibd*, *Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodihamcpbpeioajjeobimgagajmlibd*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Remote Desktop Plus,,Remote Desktop Plus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,rdp.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""donkz.nl""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote Desktop Plus RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote Desktop Plus RMM tool""}]",https://www.donkz.nl/,[]
+Microsoft TSC,,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,termsrv.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft TSC RMM tool""}]",https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application,[]
+Instant Housecall,,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"hsloader.exe, InstantHousecall.exe, ihcserver.exe, instanthousecall.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.instanthousecall.com"", ""secure.instanthousecall.com"", ""*.instanthousecall.net"", ""instanthousecall.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_network_sigma.yml"", ""Description"": ""Detects potential network activity of Instant Housecall RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Instant Housecall RMM tool""}]",https://instanthousecall.com/features/,[]
+NordLocker,,NordLocker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
 Pocket Cloud (Wyse),,Pocket Cloud (Wyse) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pocketcloud*.exe, pocketcloudservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_cloud__wyse__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pocket Cloud (Wyse) RMM tool""}]",https://wyse-pocketcloud.informer.com/2.1/,[]
-Guacamole,,Guacamole is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,guacd.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""guacamole.apache.org""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_network_sigma.yml"", ""Description"": ""Detects potential network activity of Guacamole RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Guacamole RMM tool""}]",guacamole.apache.org,[]
-Cloudsfer,,Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-LANDesk,,LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"issuser.exe, landeskagentbootstrap.exe, LANDeskPortalManager.exe, ldinv32.exe, ldsensors.exe, C:\Program Files (x86)\LANDesk\*, *\LANDesk\*, *\issuser.exe, *\softmon.exe, *\tmcsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ivanticloud.com"", ""*.ivanti.com"", ""ivanti.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of LANDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LANDesk RMM tool""}]",https://forums.ivanti.com/s/article/URL-exception-list-for-Ivanti-Security-Controls?language=en_US,[]
-Cruz,,Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""resources.doradosoftware.com/cruz-rmm""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cruz_network_sigma.yml"", ""Description"": ""Detects potential network activity of Cruz RMM tool""}]",,[]
-pcAnywhere,,pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"awhost32.exe, awrem32.exe, pcaquickconnect.exe, winaw32.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_network_sigma.yml"", ""Description"": ""Detects potential network activity of pcAnywhere RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of pcAnywhere RMM tool""}]",https://en.wikipedia.org/wiki/PcAnywhere,[]
-mstsc,,mstsc is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Windows\System32\mstsc.exe, *Windows\System32\mstsc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mstsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of mstsc RMM tool""}]",,[]
-FreeNX,,FreeNX is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\nxplayer.exe, *\nxplayer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freenx_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FreeNX RMM tool""}]",,[]
-PSEXEC (Clone),,PSEXEC (Clone) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"paexec.exe, PAExec-*.exe, csexec.exe , remcom.exe, remcomsvc.exe, xcmd.exe, xcmdsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__network_sigma.yml"", ""Description"": ""Detects potential network activity of PSEXEC (Clone) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PSEXEC (Clone) RMM tool""}]",https://www.poweradmin.com/paexec/,[]
-SpyAnywhere,,SpyAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,sysdiag.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.spytech-web.com"", ""spyanywhere.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_network_sigma.yml"", ""Description"": ""Detects potential network activity of SpyAnywhere RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SpyAnywhere RMM tool""}]",https://www.spyanywhere.com/support.shtml,[]
-ODrive,,ODrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\current\, *Users\*\.odrive, *\Odriveapp.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/odrive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ODrive RMM tool""}]",,[]
-MultCloud,,MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"requires sign up, requires sign up","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Visual Studio Dev Tunnel,,Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""global.rel.tunnels.api.visualstudio.com"", ""*.rel.tunnels.api.visualstudio.com"", ""*.devtunnels.ms""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/visual_studio_dev_tunnel_network_sigma.yml"", ""Description"": ""Detects potential network activity of Visual Studio Dev Tunnel RMM tool""}]",https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/security,[]
-Xpra,,Xpra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Xpra\*, *\Xpra\*, *\Xpra-Launcher.exe, *\Xpra-x86_64_Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xpra_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Xpra RMM tool""}]",,[]
-Royal Apps,,Royal Apps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"royalserver.exe, royalts.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal Apps RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Royal Apps RMM tool""}]",https://www.royalapps.com/ts/win/download,[]
-eHorus,,eHorus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,ehorus standalone.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""ehorus.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_network_sigma.yml"", ""Description"": ""Detects potential network activity of eHorus RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of eHorus RMM tool""}]",,[]
-Bomgar,,Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,bomgar-scc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""beyondtrust.com/brand/bomgar""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_network_sigma.yml"", ""Description"": ""Detects potential network activity of Bomgar RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Bomgar RMM tool""}]",,[]
-SuperPuTTY,,SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Downloads\SuperPuTTY\*, *Downloads\SuperPuTTY\*, *\superputty.exe, *\SuperPuTTY\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superputty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SuperPuTTY RMM tool""}]",,[]
-ZeroTier,,ZeroTier is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"zerotier*.msi, zerotier*.exe, zero-powershell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""zerotier.com"", ""*.zerotier.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_network_sigma.yml"", ""Description"": ""Detects potential network activity of ZeroTier RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ZeroTier RMM tool""}]",https://my.zerotier.com/,[]
-Devolutions Remote Desktop Manager,,Devolutions Remote Desktop Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Mocha VNC Lite,,Mocha VNC Lite is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"This installs a modified VNC and cannot be blocked by path separate from VNC, This installs a modified VNC and cannot be blocked by path separate from VNC, *\RealVNC\VNC4\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+FleetDeck,,FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,fleetdeck_agent_svc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDeck RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDeck RMM tool""}]",,[]
+NetSupport Manager,,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pcictlui.exe, pcicfgui.exe, client32.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.netsupportmanager.com"", ""netsupportmanager.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_network_sigma.yml"", ""Description"": ""Detects potential network activity of NetSupport Manager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NetSupport Manager RMM tool""}]",https://www.netsupportmanager.com/resources/,[]
+S3 Browser,,S3 Browser is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\S3 Browser\*, *\S3 Browser\*, *\s3browser*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/s3_browser_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of S3 Browser RMM tool""}]",,[]
+WebRDP,,WebRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,webrdp.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""github.com/Mikej81/WebRDP""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_network_sigma.yml"", ""Description"": ""Detects potential network activity of WebRDP RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of WebRDP RMM tool""}]",github.com/Mikej81/WebRDP,[]
+Syncthing,,Syncthing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Roaming\SyncTrayzor\*, *Users\*\AppData\Roaming\SyncTrayzor\*, *\Syncthing.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncthing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Syncthing RMM tool""}]",,[]
+DeskDay,,DeskDay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,ultimate_*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""deskday.ai"", ""app.deskday.ai""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskday_network_sigma.yml"", ""Description"": ""Detects potential network activity of DeskDay RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskday_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DeskDay RMM tool""}]",https://support.deskday.ai/en/articles/8235973-installing-the-end-user-application-ultimate,[]
+Supremo,,Supremo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/13/2024,,,,,,,,,,,,"supremo.exe, supremoservice.exe, supremosystem.exe, supremohelper.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""supremocontrol.com"", ""*.supremocontrol.com"", ""* .nanosystems.it""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Supremo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Supremo RMM tool""}]",https://www.supremocontrol.com/frequently-asked-questions/,[]
+Syspectr,,Syspectr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"oo-syspectr*.exe, OOSysAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""atled.syspectr.com"", ""app.syspectr.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syspectr_network_sigma.yml"", ""Description"": ""Detects potential network activity of Syspectr RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syspectr_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Syspectr RMM tool""}]",https://www.syspectr.com/en/installation-in-a-network,[]
+CloudExplorer,,CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Laplink Gold,,Laplink Gold is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"tsircusr.exe, laplink.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""wen.laplink.com/product/laplink-gold""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_network_sigma.yml"", ""Description"": ""Detects potential network activity of Laplink Gold RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Laplink Gold RMM tool""}]",wen.laplink.com/product/laplink-gold,[]
+CloudXplorer,,CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\ClumsyLeaf Software\CloudXplorer\*, *\ClumsyLeaf Software\CloudXplorer\*, *\clumsyleaf.cloudxplorer*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudxplorer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudXplorer RMM tool""}]",,[]
 BeAnyWhere,,BeAnyWhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"basuptshelper.exe, basupsrvcupdate.exe, BASupApp.exe, BASupSysInf.exe, BASupAppSrvc.exe, TakeControl.exe, BASupAppElev.exe, basupsrvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""beanywhere.en.uptodown.com/windows"", ""beanywhere.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beanywhere_network_sigma.yml"", ""Description"": ""Detects potential network activity of BeAnyWhere RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beanywhere_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeAnyWhere RMM tool""}]",https://www.shouldiremoveit.com/beanywhere-support-service-40908-program.aspx,[]
+Quest KACE Agent (formerly Dell KACE),,Quest KACE Agent (formerly Dell KACE) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,konea.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.kace.com"", ""www.quest.com/kace/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quest_kace_agent__formerly_dell_kace__network_sigma.yml"", ""Description"": ""Detects potential network activity of Quest KACE Agent (formerly Dell KACE) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quest_kace_agent__formerly_dell_kace__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Quest KACE Agent (formerly Dell KACE) RMM tool""}]",https://support.quest.com/kb/4211365/which-network-ports-and-urls-are-required-for-the-kace-sma-appliance-to-function,[]
+RuDesktop,,RuDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rd.exe, rudesktop*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.rudesktop.ru"", ""rudesktop.ru""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of RuDesktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RuDesktop RMM tool""}]",https://rudesktop.ru,[]
 WebEx (Remote Access),,WebEx (Remote Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://help.webex.com/en-us/article/nyc3q0b/Set-Up-a-Computer-for-Remote-Access,[]
-AnyDesk,RMM,"AnyDesk is a popular remote desktop software that enables users to access and control a computer or device from a remote location. It was developed with the primary goal of facilitating remote work, technical support, and collaboration between individuals and teams.
-","Ali Alwashali, Nasreddine Bencherchali",2023-09-29,2024-08-02,https://anydesk.com/en,anydesk.exe,AnyDesk.exe,AnyDesk,AnyDesk,User,True,False,"Android, ChromeOS, IOS, Linux, Mac, Windows","File Transfer, File System Access, Remote Control, GUI Support, Command line Support",https://www.cvedetails.com/vulnerability-list/vendor_id-16953/product_id-40173/Anydesk-Anydesk.html,"C:\Program Files (x86)\AnyDesk\*, C:\Program Files\AnyDesk\*","{""Disk"": [{""File"": ""%programdata%\\AnyDesk\\ad_svc.trace"", ""Description"": ""AnyDesk service log file. As well as ad.trace, we can determine the IP address of the other participant and its AnyDesk ID when a connection is established."", ""OS"": ""Windows"", ""Example"": [""info 2022-08-23 10:20:11.969       gsvc   4628   3528    3                anynet.relay_conn - External address: 34.xx.xx.123:46798""]}, {""File"": ""%programdata%\\AnyDesk\\connection_trace.txt"", ""Description"": ""Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)"", ""OS"": ""Windows"", ""Example"": [""Incoming 2022-08-23, 10:23 Passwd 547911884 547911884"", ""Incoming 2022-09-28, 12:39 User 442226597 442226597""]}, {""File"": ""%APPDATA%\\AnyDesk\\connection_trace.txt"", ""Description"": ""Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)"", ""OS"": ""Windows"", ""Example"": [""Incoming 2022-08-23, 10:23 Passwd 547911884 547911884"", ""Incoming 2022-09-28, 12:39 User 442226597 442226597""]}, {""File"": ""%APPDATA%\\AnyDesk\\ad.trace"", ""Description"": ""AnyDesk user interface log file. In this log file, we can determine the IP address of the other participant and its AnyDesk ID. It is also possible to track events of file transfer. Below is the Client ID and external IP address of the remote participant."", ""OS"": ""Windows"", ""Example"": [""info 2022-09-28 12:39:26.845       lsvc   9952   9944   21                anynet.any_socket - Client-ID: 442226597 (FPR: 8e28a2a25b30)."", ""info 2022-09-28 12:39:26.845       lsvc   9952   9944   21                anynet.any_socket - Logged in from 12.xx.xx.21:59562 on relay 80e496c0.""]}, {""File"": ""%APPDATA%\\AnyDesk\\chat\\*.txt"", ""Description"": ""If the chat functionality is used, its entries will be printed in a text file in this folder."", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\AnyDesk\\user.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\AnyDesk\\service.conf"", ""Description"": ""Password can be set to auto-validate the session. The password will be saved in a salted hash format."", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\AnyDesk\\service.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\AnyDesk\\system.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\AnyDesk\\system.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\AnyDesk.lnk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\AnyDesk\\Uninstall AnyDesk.lnk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\Videos\\AnyDesk\\*.anydesk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\AnyDesk\\*"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""~/Library/Application Support/AnyDesk/Logs/"", ""Description"": ""N/A"", ""OS"": ""Mac""}, {""File"": ""~/.config/AnyDesk/Logs/"", ""Description"": ""N/A"", ""OS"": ""Linux""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""AnyDesk Service"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\AnyDesk\\\\AnyDesk.exe\"" --service"", ""Description"": ""Service installation event as result of AnyDesk installation.""}], ""Registry"": [{""Path"": ""HKLM\\SOFTWARE\\Clients\\Media\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Classes\\.anydesk\\shell\\open\\command"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Classes\\AnyDesk\\shell\\open\\command"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\AnyDesk Printer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\USBPRINT\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\WSDPRINT\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AnyDesk"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""During setup the boot.net.anydesk.com domain is request over port 443"", ""Domains"": [""boot.net.anydesk.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""relay-[a-f0-9]{8}.net.anydesk.com:443""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.anydesk.com""], ""Ports"": [443]}], ""Other"": [{""Type"": ""User-Agent"", ""Value"": ""AnyDesk/*""}, {""Type"": ""NamedPipe"", ""Value"": ""adprinterpipe""}]}","[{""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/builtin/system/service_control_manager/win_system_service_install_anydesk.yml"", ""Description"": ""Anydesk Remote Access Software Service Installation""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/file/file_event/file_event_win_anydesk_artefact.yml"", ""Description"": ""N/A""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk.yml"", ""Description"": ""N/A""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk_silent_install.yml"", ""Description"": ""Remote Access Tool - AnyDesk Silent Installation""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of AnyDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of AnyDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_files_sigma.yml"", ""Description"": ""Detects potential files activity of AnyDesk RMM tool""}]","https://support.anydesk.com/knowledge/firewall, https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html, https://github.com/mthcht/awesome-lists/tree/79ced75eebe53bcabf1235b3c17eb11788875482/Lists/RMM/anydesk, https://ruler-project.github.io/ruler-project/RULER/remote/AnyDesk/","[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}, {""Person"": ""Ali Alwashali"", ""Handle"": ""@ali_alwashali""}, {""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]"
-Free Ping Tool,,Free Ping Tool is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"can't find this one, can't find this one","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-S3 Browser,,S3 Browser is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\S3 Browser\*, *\S3 Browser\*, *\s3browser*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/s3_browser_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of S3 Browser RMM tool""}]",,[]
-Azure Storage Explorer,,Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Microsoft Azure Storage Explorer\*, *\Microsoft Azure Storage Explorer\*, *\StorageExplorer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/azure_storage_explorer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Azure Storage Explorer RMM tool""}]",,[]
-NinjaOne (formerly NinjaRMM),,NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,*ProgramData\NinjaRMMAgent\*,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Adobe Connect,,Adobe Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/27/2024,,,,,,,,,,,,"ConnectAppSetup*.exe, ConnectShellSetup*.exe, Connect.exe, ConnectDetector.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.adobeconnect.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of Adobe Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Adobe Connect RMM tool""}]",https://helpx.adobe.com/adobe-connect/firewall-proxy-server-configuration-adobe-connect.html,[]
-CloudHQ,,CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Raidrive,,Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\OpenBoxLab\RaiDrive\*, *\OpenBoxLab\RaiDrive\*, service = raidrive_*, Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenBoxLab\RaiDrive\Drives","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-RemotePC,,RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"C:\Program Files (x86)\RemotePC\*, Idrive.File-Transfer, *\RemotePC\*, remotepcservice.exe, RemotePC.exe, remotepchost.exe, idrive.RemotePCAgent, rpcsuite.exe, *\RemotePCService.exe, RemotePCService.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.remotedesktop.com"", ""*.remotepc.com"", ""www.remotepc.com"", ""remotepc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemotePC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemotePC RMM tool""}]",https://www.remotedesktop.com/helpdesk/faq-firewall,[]
-LogMeIn rescue,,LogMeIn rescue is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"support-logmeinrescue*.exe, support-logmeinrescue.exe, lmi_rescue.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.logmeinrescue.com"", ""*.logmeinrescue.eu"", ""logmeinrescue.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_network_sigma.yml"", ""Description"": ""Detects potential network activity of LogMeIn rescue RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LogMeIn rescue RMM tool""}]",https://support.logmeinrescue.com/rescue/help/allowlisting-and-rescue,[]
-UltraViewer,,UltraViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"UltraViewer_Service.exe, UltraViewer_setup*, UltraViewer_Desktop.exe, ultraviewer.exe, C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe, *\UltraViewer\, *\UltraViewer_Desktop.exe, ultraviewer_desktop.exe, ultraviewer_service.exe, UltraViewer_Desktop.exe, UltraViewer_setup*, UltraViewer_Service.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""* .ultraviewer.net"", ""ultraviewer.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of UltraViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of UltraViewer RMM tool""}]",https://www.ultraviewer.net/en/200000026-summary-of-ultraviewer-s-security-information.html,[]
-aria2,,aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\ProgramData\CentraStage\AEMAgent\*, *ProgramData\CentraStage\AEMAgent\*, *\Steinberg\Download Assistant\3rd Party\optional\aria2\*, *\aria2c.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aria2_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of aria2 RMM tool""}]",,[]
-Pandora RC (eHorus),,Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"ehorus standalone.exe, ehorus_agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""portal.ehorus.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__network_sigma.yml"", ""Description"": ""Detects potential network activity of Pandora RC (eHorus) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pandora RC (eHorus) RMM tool""}]",https://pandorafms.com/manual/!current/en/documentation/09_pandora_rc/01_pandora_rc_introduction,[]
-IntelliAdmin Remote Control,,IntelliAdmin Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"iadmin.exe, intelliadmin.exe, agent32.exe, agent64.exe, agent_setup_5.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""*.intelliadmin.com"", ""intelliadmin.com/remote-control""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of IntelliAdmin Remote Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of IntelliAdmin Remote Control RMM tool""}]",intelliadmin.com/remote-control,[]
-MEGAsync,,MEGAsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Local\MEGAsync\*, *Users\*\AppData\Local\MEGAsync\*, *Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*, *ProgramData\MEGAsync\*, *\MEGAsyncSetup64.exe, *\MEGAupdater.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/megasync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MEGAsync RMM tool""}]",,[]
-Encapto,,Encapto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""encapto.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/encapto_network_sigma.yml"", ""Description"": ""Detects potential network activity of Encapto RMM tool""}]",https://www.encapto.com - used to manage Cisco services,[]
-ShowMyPC,,ShowMyPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"SMPCSetup.exe, showmypc*.exe, showmypc.exe, smpcsetup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.showmypc.com"", ""showmypc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/showmypc_network_sigma.yml"", ""Description"": ""Detects potential network activity of ShowMyPC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/showmypc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ShowMyPC RMM tool""}]",https://showmypc.com/service/faq/ShowMyPCSecurityOverview1.pdf,[]
-Lite Manager,,Lite Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\LiteManager Pro – Viewer\*, *\LiteManager Pro – Viewer\*, *\LMNoIpServer.exe.","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Netop Remote Control (aka Impero Connect),,Netop Remote Control (aka Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"nhostsvc.exe, nhstw32.exe, nldrw32.exe, rmserverconsolemediator.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""imperosoftware.com/impero-connect/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__aka_impero_connect__network_sigma.yml"", ""Description"": ""Detects potential network activity of Netop Remote Control (aka Impero Connect) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__aka_impero_connect__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Netop Remote Control (aka Impero Connect) RMM tool""}]",,[]
-GoToAssist,,GoToAssist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"gotoassist.exe, g2a*.exe, GoTo Assist Opener.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""goto.com"", ""*.getgo.com"", ""*.fastsupport.com"", ""*.gotoassist.com"", ""helpme.net"", ""*.gotoassist.me"", ""*.gotoassist.at"", ""*.desktopstreaming.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotoassist_network_sigma.yml"", ""Description"": ""Detects potential network activity of GoToAssist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotoassist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GoToAssist RMM tool""}]",https://help.gotoassist.com/remote-support/help/what-should-i-allow-on-my-firewall-for-gotoassist-remote-support-v5,[]
-Ericom Connect,,Ericom Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"EricomConnectRemoteHost*.exe, ericomconnnectconfigurationtool.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ericom.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of Ericom Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ericom Connect RMM tool""}]",https://www.ericom.com/connect-accessnow/,[]
-TeamViewer,,"TeamViewer is a remote monitoring and management (RMM) tool.
-","Nasreddine Bencherchali, Michael Haag",2024-08-02,2024-08-02,https://www.teamviewer.com/en,TeamViewer.exe,,,TeamViewer,user,True,False,"Android, ChromeOS, IOS, Linux, Mac, Windows",,https://www.cvedetails.com/vulnerability-list/vendor_id-11100/product_id-19942/Teamviewer-Teamviewer.html,"C:\Program Files\TeamViewer\, teamviewer_desktop.exe, teamviewer_service.exe, teamviewerhost","{""Disk"": [{""File"": ""C:\\Users\\<username>\\AppData\\Local\\Temp\\TeamViewer\\TV15Install.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""TeamViewer\\d\\d_Logfile\\.log"", ""Description"": ""N/A"", ""OS"": ""Windows"", ""Type"": ""Regex""}, {""File"": ""C:\\Program Files\\TeamViewer\\Connections_incoming.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\TeamViewer\\TVNetwork.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%LOCALAPPDATA%\\Temp\\TeamViewer\\TV15Install.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\\\TeamViewer\\\\TeamViewer\\d\\d_Logfile\\.log"", ""Description"": ""N/A"", ""OS"": ""Windows"", ""Type"": ""Regex""}, {""File"": ""teamviewerqs.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""tv_w32.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""tv_w64.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""tv_x64.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""teamviewer.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""teamviewer_service.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%LOCALAPPDATA%\\TeamViewer\\Database\\tvchatfilecache.db"", ""Description"": ""SQlite 3 database storing cache about TeamViewer chat"", ""OS"": ""Windows""}, {""File"": ""%LOCALAPPDATA%\\TeamViewer\\RemotePrinting\\tvprint.db"", ""Description"": ""SQlite 3 database storing TeamViewer print jobs"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\TeamViewer.lnk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files*\\TeamViewer\\connections*.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\AppData\\Roaming\\TeamViewer\\MRU\\RemoteSupport\\*tvc"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""TeamViewer"", ""ImagePath"": ""\""C:\\\\Program Files\\\\TeamViewer\\\\TeamViewer_Service.exe\"""", ""Description"": ""Service installation event as result of TeamViewer installation.""}], ""Registry"": [{""Path"": ""HKLM\\SOFTWARE\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKU\\<SID>\\SOFTWARE\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MainWindowHandle"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImage"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePath"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePosition"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MinimizeToTray"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedCapturingEndpoint"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioSendingVolumeV2"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedRenderingEndpoint"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindow_Mode"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindowPositions"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.teamviewer.com""], ""Ports"": []}, {""Description"": ""N/A"", ""Domains"": [""router15.teamviewer.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""client.teamviewer.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""taf.teamviewer.com""], ""Ports"": [443]}], ""Other"": [{""Type"": ""Mutex"", ""Value"": ""TeamViewer_LogMutex""}, {""Type"": ""Mutex"", ""Value"": ""TeamViewerHooks_DynamicMemMutex""}, {""Type"": ""Mutex"", ""Value"": ""TeamViewer3_Win32_Instance_Mutex""}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of TeamViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of TeamViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_files_sigma.yml"", ""Description"": ""Detects potential files activity of TeamViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TeamViewer RMM tool""}]","https://community.teamviewer.com/English/kb/articles/4139-ports-used-by-teamviewer, https://arista.my.site.com/AristaCommunity/s/article/Security-Analysis-TeamViewer#, https://www.teamviewer.com/en/global/support/knowledge-base/teamviewer-classic/troubleshooting/log-file-reading-incoming-connection/, https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html, https://github.com/Purp1eW0lf/Blue-Team-Notes","[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}]"
-Access Remote PC,,Access Remote PC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"rpcgrab.exe, rpcsetup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/access_remote_pc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Access Remote PC RMM tool""}]",,[]
-DW Service,,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"dwagent.exe, dwagsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.dwservice.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml"", ""Description"": ""Detects potential network activity of DW Service RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DW Service RMM tool""}]",https://news.dwservice.net/dwservice-security-infrastructure/,[]
-SecureCRT,,SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\SecureCRT.EXE, *\SecureCRT.EXE, *\VanDyke Software\ClientPack\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/securecrt_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SecureCRT RMM tool""}]",,[]
-Acronic Cyber Protect (Remotix),,Acronic Cyber Protect (Remotix) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"AcronisCyberProtectConnectQuickAssist*.exe, AcronisCyberProtectConnectAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""cloud.acronis.com"", ""agents*-cloud.acronis.com"", ""gw.remotix.com"", ""connect.acronis.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__network_sigma.yml"", ""Description"": ""Detects potential network activity of Acronic Cyber Protect (Remotix) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Acronic Cyber Protect (Remotix) RMM tool""}]",https://kb.acronis.com/content/47189,[]
-Sorillus,,Sorillus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Sorillus-Launcher*.exe, Sorillus Launcher.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.sorillus.com"", ""sorillus.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_network_sigma.yml"", ""Description"": ""Detects potential network activity of Sorillus RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Sorillus RMM tool""}]",https://sorillus.com/,[]
+RemoteView,,RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"remoteview.exe, rv.exe, rvagent.exe, rvagtray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*content.rview.com"", ""*.rview.com"", ""content.rview.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemoteView RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemoteView RMM tool""}]",https://help.rview.com/hc/en-us/articles/360005175994--RemoteView-Server-list-for-firewall,[]
+Tanium,,Tanium is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"TaniumClient.exe, TaniumCX.exe, TaniumExecWrapper.exe, TaniumFileInfo.exe, TPowerShell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""cloud.tanium.com"", ""*.cloud.tanium.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tanium RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Tanium RMM tool""}]",https://help.tanium.com/bundle/ug_client_cloud/page/client/platform_connections.html,[]
 Barracuda,,Barracuda is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.islonline.net"", ""rmm.barracudamsp.com"", ""barracudamsp.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/barracuda_network_sigma.yml"", ""Description"": ""Detects potential network activity of Barracuda RMM tool""}]",https://help.islonline.com/19799/166125,[]
-DeskDay,,DeskDay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,ultimate_*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""deskday.ai"", ""app.deskday.ai""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskday_network_sigma.yml"", ""Description"": ""Detects potential network activity of DeskDay RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskday_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DeskDay RMM tool""}]",https://support.deskday.ai/en/articles/8235973-installing-the-end-user-application-ultimate,[]
-RemoteCall,,RemoteCall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rcengmgru.exe, rcmgrsvc.exe, rxstartsupport.exe, rcstartsupport.exe, raautoup.exe, agentu.exe, remotesupportplayeru.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.remotecall.com"", ""*.startsupport.com"", ""remotecall.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotecall_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemoteCall RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotecall_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemoteCall RMM tool""}]",https://help.remotecall.com/hc/en-us/articles/360005128814--RemoteCall-Server-List-For-Firewall,[]
-Splashtop,,Splashtop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,Nasreddine Bencherchali,,,,,,,,,,,,,,"C:\Program Files (x86)\Splashtop\*, *\Splashtop\Splashtop Remote\Client for RMM\*, strwinclt.exe","{""Disk"": [{""File"": ""C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Status%4Operational.evtx"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Remote Session%4Operational.evtx"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Splashtop\\Temp\\log\\FTCLog.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\agent_log.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\SPLog.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\svcinfo.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\sysinfo.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRService.exe"", ""Description"": ""Splashtop Remote Service"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRAgent.exe"", ""Description"": ""SplashTop Remote Agent"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Software Updater\\SSUAgent.exe"", ""Description"": ""Splashtop Updater"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRUtility.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\db\\SRAgent.sqlite3"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""Splashtop Software Updater Service"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Software Updater\\\\SSUService.exe\"""", ""Description"": ""Service installation event as result of Splashtop Software Updater Service installation.""}, {""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""Splashtop\u00ae Remote Service"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"""", ""Description"": ""Service installation event as result of Splashtop Remote Service installation.""}, {""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""SplashtopRemoteService"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"""", ""Description"": ""Service installation event as result of Splashtop Remote Service installation.""}], ""Registry"": [{""Path"": ""KLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\*"", ""Description"": ""Splashtop Inc. registry key""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater"", ""Description"": ""Splashtop Software Updater uninstall key""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\SplashtopRemoteService"", ""Description"": ""Splashtop Remote Service registry key""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Remote Session/Operational"", ""Description"": ""Splashtop Streamer Remote Session event log channel""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Status/Operational"", ""Description"": ""Splashtop Streamer Status event log channel""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater\\InstallRefCount"", ""Description"": ""Splashtop Software Updater install reference count""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Network\\SplashtopRemoteService"", ""Description"": ""Splashtop Remote Service safe boot configuration""}, {""Path"": ""HKU\\.DEFAULT\\Software\\Splashtop Inc.\\*"", ""Description"": ""Default user Splashtop Inc. registry key""}, {""Path"": ""HKU\\SID\\Software\\Splashtop Inc.\\*"", ""Description"": ""User-specific Splashtop Inc. registry key""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\Splashtop PDF Remote Printer"", ""Description"": ""Splashtop PDF Remote Printer configuration""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\Splashtop Remote Server\\ClientInfo\\*"", ""Description"": ""Splashtop Remote Server client information""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.splashtop.com""], ""Ports"": [""N/A""]}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Splashtop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Splashtop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_files_sigma.yml"", ""Description"": ""Detects potential files activity of Splashtop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Splashtop RMM tool""}]",https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html,"[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}]"
-ManageEngine RMM Central,,ManageEngine RMM Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""manageengine.com/remote-monitoring-management/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_rmm_central_network_sigma.yml"", ""Description"": ""Detects potential network activity of ManageEngine RMM Central RMM tool""}]",,[]
-AeroAdmin,,AeroAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"aeroadmin.exe, AeroAdmin.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""auth*.aeroadmin.com"", ""aeroadmin.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_network_sigma.yml"", ""Description"": ""Detects potential network activity of AeroAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AeroAdmin RMM tool""}]",https://support.aeroadmin.com/kb/faq.php?id=58,[]
-Microsoft TSC,,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"termsrv.exe, mstsc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft TSC RMM tool""}]",https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application,[]
-AweRay (AweSun),,AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"aweray_remote*.exe, AweSun.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""asapi-us.aweray.net"", ""asapi.aweray.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__network_sigma.yml"", ""Description"": ""Detects potential network activity of AweRay (AweSun) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AweRay (AweSun) RMM tool""}]",,[]
-NoMachine,,NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nomachine*.exe, nxservice*.ese, nxd.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""nomachine.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_network_sigma.yml"", ""Description"": ""Detects potential network activity of NoMachine RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NoMachine RMM tool""}]",https://kb.nomachine.com/AR04S01122,[]
-UltraVNC,,UltraVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,UltraVNC*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""ultravnc.com"", ""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of UltraVNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of UltraVNC RMM tool""}]",https://uvnc.com/docs/uvnc-server/49-UltraVNC-server-configuration.html,[]
+I'm InTouch,,I'm InTouch is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"iit.exe, intouch.exe, I'm InTouch Go Installer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.01com.com"", ""01com.com/imintouch-remote-pc-desktop""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_network_sigma.yml"", ""Description"": ""Detects potential network activity of I'm InTouch RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of I'm InTouch RMM tool""}]",https://www.01com.com/mobile/imintouch-remote-pc-desktop/faqs/remote-access/,[]
+Impero Connect,,Impero Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,ImperoClientSVC.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""imperosoftware.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of Impero Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Impero Connect RMM tool""}]",,[]
+Remmina,,Remmina is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
 TeraCLOUD,,TeraCLOUD is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"c:\*\TeraCloud.Client*, *\TeraCloud.Client*, *\Livedrive-Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teracloud_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TeraCLOUD RMM tool""}]",,[]
-Instant Housecall,,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"hsloader.exe, ihcserver.exe, instanthousecall.exe, instanthousecall.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.instanthousecall.com"", ""*.instanthousecall.net"", ""instanthousecall.com"", ""secure.instanthousecall.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_network_sigma.yml"", ""Description"": ""Detects potential network activity of Instant Housecall RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Instant Housecall RMM tool""}]",https://instanthousecall.com/features/,[]
-NinjaRMM,,NinjaRMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"ninjarmmagent.exe, NinjaRMMAgent.exe, NinjaRMMAgenPatcher.exe, ninjarmm-cli.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ninjarmm.com"", ""*.ninjaone.com"", ""resources.ninjarmm.com"", ""ninjaone.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_network_sigma.yml"", ""Description"": ""Detects potential network activity of NinjaRMM RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NinjaRMM RMM tool""}]",https://www.ninjaone.com/faq/,[]
-ngrok,,ngrok is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"ngrok.exe, C:\*\ngrok.zip, *\ngrok*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ngrok.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_network_sigma.yml"", ""Description"": ""Detects potential network activity of ngrok RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ngrok RMM tool""}]",https://ngrok.com/docs/guides/running-behind-firewalls/,[]
-Air Explorer,,Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\airexplorer\*, *\airexplorer\*, *\airexplorer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_explorer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Air Explorer RMM tool""}]",,[]
-Bitvise SSH Client,,Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Bitvise SSH Client\*, *\Bitvise SSH Client\*, *\BvSshClient-Inst.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_client_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Bitvise SSH Client RMM tool""}]",,[]
+Tactical RMM,,Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"tacticalrmm.exe, tacticalrmm.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""login.tailscale.com"", ""login.tailscale.com"", ""docs.tacticalrmm.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tactical RMM RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Tactical RMM RMM tool""}]",docs.tacticalrmm.com,[]
+FixMe,,FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"FixMeit Client.exe, TiExpertStandalone.exe, FixMeitClient*.exe, TiExpertCore.exe, FixMeit Unattended Access Setup.exe, FixMeit Expert Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fixme.it""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_network_sigma.yml"", ""Description"": ""Detects potential network activity of FixMe RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FixMe RMM tool""}]",,[]
+ConnectWise Control,,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"connectwisechat-customer.exe, connectwisecontrol.client.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""control.connectwise.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of ConnectWise Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ConnectWise Control RMM tool""}]",,[]
+ScreenMeet,,ScreenMeet is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"ScreenMeetSupport.exe, ScreenMeet.Support.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.screenmeet.com"", ""*.scrn.mt""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_network_sigma.yml"", ""Description"": ""Detects potential network activity of ScreenMeet RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ScreenMeet RMM tool""}]",https://docs.screenmeet.com/docs/firewall-white-list,[]
 Chicken (of the VNC),,Chicken (of the VNC) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-SkyFex,,SkyFex is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Deskroll.exe, DeskRollUA.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""skyfex.com"", ""deskroll.com"", ""*.deskroll.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_network_sigma.yml"", ""Description"": ""Detects potential network activity of SkyFex RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SkyFex RMM tool""}]",https://skyfex.com/,[]
-Ericom AccessNow,,Ericom AccessNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"accessserver*.exe, accessserver.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ericom.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_network_sigma.yml"", ""Description"": ""Detects potential network activity of Ericom AccessNow RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ericom AccessNow RMM tool""}]",https://www.ericom.com/connect-accessnow/,[]
-Microsoft RDP,,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,mstsc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft RDP RMM tool""}]",https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows,[]
-Royal Server,,Royal Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""royalapps.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_server_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal Server RMM tool""}]",,[]
-Solar-PuTTY,,Solar-PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Solar-Putty-v4\*, *\Solar-Putty-v4\*, *\Solar-PuTTY.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/solar-putty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Solar-PuTTY RMM tool""}]",,[]
-Duplicati,,Duplicati is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"c:\Program Files\*\Duplicati.Server.exe, *\*\Duplicati.Server.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/duplicati_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Duplicati RMM tool""}]",,[]
-Remote Desktop Plus,,Remote Desktop Plus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,rdp.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""donkz.nl""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote Desktop Plus RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote Desktop Plus RMM tool""}]",https://www.donkz.nl/,[]
+Dev Tunnels (aka Visual Studio Dev Tunnel),,Dev Tunnels (aka Visual Studio Dev Tunnel) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.yml"", ""Description"": ""Detects potential network activity of Dev Tunnels (aka Visual Studio Dev Tunnel) RMM tool""}]",,[]
+Comodo RMM,,Comodo RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"itsmagent.exe, rviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.itsm-us1.comodo.com"", ""*mdmsupport.comodo.com"", ""one.comodo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_network_sigma.yml"", ""Description"": ""Detects potential network activity of Comodo RMM RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Comodo RMM RMM tool""}]","https://help.itarian.com/topic-459-1-1005-14776-Appendix-1b---Endpoint-Manager-Services---IP-Nos,-Host-Names-and-Port-Details---US-Customers.html",[]
+CloudFuze,,CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Acronic Cyber Protect (Remotix),,Acronic Cyber Protect (Remotix) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"AcronisCyberProtectConnectQuickAssist*.exe, AcronisCyberProtectConnectAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""cloud.acronis.com"", ""agents*-cloud.acronis.com"", ""gw.remotix.com"", ""connect.acronis.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__network_sigma.yml"", ""Description"": ""Detects potential network activity of Acronic Cyber Protect (Remotix) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Acronic Cyber Protect (Remotix) RMM tool""}]",https://kb.acronis.com/content/47189,[]
+Remote Manipulator System,,Remote Manipulator System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rfusclient.exe, rutserv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.internetid.ru"", ""rmansys.ru""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote Manipulator System RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote Manipulator System RMM tool""}]",https://rmansys.ru/files/,[]
+Tailscale,,Tailscale is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"tailscale-*.exe, tailscaled.exe, tailscale-ipn.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.tailscale.com"", ""*.tailscale.io"", ""tailscale.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tailscale_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tailscale RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tailscale_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Tailscale RMM tool""}]",https://tailscale.com/kb/1023/troubleshooting,[]
+MyIVO,,MyIVO is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"myivomgr.exe, myivomanager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""myivo-server.software.informer.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_network_sigma.yml"", ""Description"": ""Detects potential network activity of MyIVO RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MyIVO RMM tool""}]",myivo.com - DOA as of 2024,[]
+Adobe Connect,,Adobe Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/27/2024,,,,,,,,,,,,"ConnectAppSetup*.exe, ConnectShellSetup*.exe, Connect.exe, ConnectDetector.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.adobeconnect.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of Adobe Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Adobe Connect RMM tool""}]",https://helpx.adobe.com/adobe-connect/firewall-proxy-server-configuration-adobe-connect.html,[]
+Air Explorer,,Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\airexplorer\*, *\airexplorer\*, *\airexplorer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_explorer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Air Explorer RMM tool""}]",,[]
+EMCO Remote Console,,EMCO Remote Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,remoteconsole.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""emcosoftware.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/emco_remote_console_network_sigma.yml"", ""Description"": ""Detects potential network activity of EMCO Remote Console RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/emco_remote_console_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of EMCO Remote Console RMM tool""}]",,[]
+MobaXterm,,MobaXterm is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\MobaXterm_installer_12.1.msi, *\MobaXterm_installer_*.msi, *\Mobatek\MobaXterm\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Cyberduck,,Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Cyberduck\*, *\Cyberduck\*, *\Cyberduck.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cyberduck_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Cyberduck RMM tool""}]",,[]
+SunLogin,,SunLogin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"OrayRemoteShell.exe, OrayRemoteService.exe, sunlogin*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""sunlogin.oray.com"", ""client.oray.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sunlogin_network_sigma.yml"", ""Description"": ""Detects potential network activity of SunLogin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sunlogin_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SunLogin RMM tool""}]",https://sunlogin.oray.com/en/embed/software.html,[]
+Microsoft TSC,,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"termsrv.exe, mstsc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft TSC RMM tool""}]",https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application,[]
+Sophos-Remote Management System,,Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"clientmrinit.exe, mgntsvc.exe, routernt.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.sophos.com"", ""*.sophosupd.com"", ""*.sophosupd.net"", ""community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_network_sigma.yml"", ""Description"": ""Detects potential network activity of Sophos-Remote Management System RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Sophos-Remote Management System RMM tool""}]",community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system,[]
+CloudFlare Tunnel,,CloudFlare Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,cloudflared.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""cloudflare.com/products/tunnel/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_network_sigma.yml"", ""Description"": ""Detects potential network activity of CloudFlare Tunnel RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudFlare Tunnel RMM tool""}]",cloudflare.com/products/tunnel/,[]
+Iperius Remote,,Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"iperius.exe, iperiusremote.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.iperiusremote.com"", ""*.iperius.com"", ""*.iperius-rs.com"", ""iperiusremote.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_network_sigma.yml"", ""Description"": ""Detects potential network activity of Iperius Remote RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Iperius Remote RMM tool""}]",https://www.iperiusremote.com/download-iperius-remote-desktop-windows.aspx,[]
+SmartFTP,,SmartFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\SmartFTP Client\en-US\, *\SmartFTP Client\*, *\SfShellTools.dll.mui","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Manage Engine (Desktop Central),,Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"dcagentservice.exe, dcagentregister.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""desktopcentral.manageengine.com"", ""desktopcentral.manageengine.com.eu"", ""desktopcentral.manageengine.cn"", ""*.dms.zoho.com"", ""*.dms.zoho.com.eu"", ""*.-dms.zoho.com.cn""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__network_sigma.yml"", ""Description"": ""Detects potential network activity of Manage Engine (Desktop Central) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Manage Engine (Desktop Central) RMM tool""}]",https://www.manageengine.com/products/desktop-central/help/domains-required-for-agent-communication.html,[]
+VNC Connect,,VNC Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\RealVNC\VNC Server\*, *\RealVNC\VNC Server\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Pocket Controller (Soti Xsight),,Pocket Controller (Soti Xsight) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pocketcontroller.exe, wysebrowser.exe, XSightService.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*soti.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__network_sigma.yml"", ""Description"": ""Detects potential network activity of Pocket Controller (Soti Xsight) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pocket Controller (Soti Xsight) RMM tool""}]",https://pulse.soti.net/support/soti-xsight/help/,[]
+CloudGopher,,CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+mRemoteNG,,mRemoteNG is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"mRemoteNG.exe, C:\Program Files (x86)\mRemoteNG\*, *\mRemoteNG\*, *\mRemoteNG.exe, c:\Program Files (x86)%\mRemoteNG, *%\mRemoteNG, mRemoteNG-Installer-*.msi, *\mRemoteNG.exe","{""Disk"": [{""File"": ""C:\\Users\\*\\AppData\\Roaming\\mRemoteNG\\mRemoteNG.log"", ""Description"": ""mRemoteNG log file"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\AppData\\Roaming\\mRemoteNG\\confCons.xml"", ""Description"": ""mRemoteNG configuration file"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\AppData\\*\\mRemoteNG\\**10\\user.config"", ""Description"": ""mRemoteNG user configuration file"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""mremoteng.org""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_network_sigma.yml"", ""Description"": ""Detects potential network activity of mRemoteNG RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_files_sigma.yml"", ""Description"": ""Detects potential files activity of mRemoteNG RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of mRemoteNG RMM tool""}]",https://github.com/mRemoteNG/mRemoteNG,[]
+Senso.cloud,,Senso.cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"SensoClient.exe, SensoService.exe, aadg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.senso.cloud"", ""senso.cloud""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_network_sigma.yml"", ""Description"": ""Detects potential network activity of Senso.cloud RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Senso.cloud RMM tool""}]",https://support.senso.cloud/support/solutions/articles/79000116305-firewall-and-content-filter-configuration,[]
+Dameware-mini remote control Protocol,,Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"dntus*.exe, dwrcs.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""dameware.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml"", ""Description"": ""Detects potential network activity of Dameware-mini remote control Protocol RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Dameware-mini remote control Protocol RMM tool""}]",,[]
+ScreenConnect,,ScreenConnect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,"Ali Alwashali, Nasreddine Bencherchali",2023-10-01,2024-08-03,https://www.connectwise.com,,,,,,14-Days Free Trial,,"Android, IOS, Linux, Mac, Windows","Command Line Support, File Transfer, Install Windows updates, Receive notification when user performs a predefined event, Remote Command Line, Remote Control, Sound Capture, Start / Stop services, View event logs",,"C:\Program Files (x86)\ScreenConnect Client (Random)\ScreenConnect.ClientService.exe, Remote Workforce Client.exe, *\*\ScreenConnect.ClientService.exe, C:\Program Files (x86)\ScreenConnect Client (<string ID>)\*, *\ScreenConnect Client*\*, *\*\ScreenConnect.WindowsClient.exe, screenconnect*.exe, screenconnect.windowsclient.exe, Remote Workforce Client.exe, screenconnect*.exe, ConnectWiseControl*.exe, connectwise*.exe, screenconnect.windowsclient.exe, screenconnect.clientservice.exe","{""Disk"": [{""File"": ""C:\\Program Files*\\ScreenConnect\\App_Data\\Session.db"", ""Description"": ""ScreenConnect session database"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files*\\ScreenConnect\\App_Data\\User.xml"", ""Description"": ""ScreenConnect user configuration"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\ScreenConnect Client*\\user.config"", ""Description"": ""ScreenConnect client user configuration"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""control.connectwise.com"", ""*.connectwise.com"", ""*.screenconnect.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_network_sigma.yml"", ""Description"": ""Detects potential network activity of ScreenConnect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_files_sigma.yml"", ""Description"": ""Detects potential files activity of ScreenConnect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ScreenConnect RMM tool""}]",https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,[]
+AeroAdmin,,AeroAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"aeroadmin.exe, AeroAdmin.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""auth*.aeroadmin.com"", ""aeroadmin.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_network_sigma.yml"", ""Description"": ""Detects potential network activity of AeroAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AeroAdmin RMM tool""}]",https://support.aeroadmin.com/kb/faq.php?id=58,[]
+Desktop Central,,Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,dcagentservice.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""desktopcentral.manageengine.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml"", ""Description"": ""Detects potential network activity of Desktop Central RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Desktop Central RMM tool""}]",,[]
+Pilixo,,Pilixo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rdp.exe, Pilixo_Installer*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""pilixo.com"", ""download.pilixo.com"", ""*.pilixo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pilixo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pilixo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pilixo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pilixo RMM tool""}]",https://pilixo.freshdesk.com/support/solutions/articles/9000141879-device-connectivity-and-firewalls,[]
+SuperOps,,SuperOps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"superopsticket.exe, superops.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.superopsbeta.com"", ""superops.ai"", ""serv.superopsalpha.com"", ""*.superops.ai"", ""*.superopsalpha.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superops_network_sigma.yml"", ""Description"": ""Detects potential network activity of SuperOps RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superops_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SuperOps RMM tool""}]",https://support.superops.com/en/articles/6632028-how-to-download-and-deploy-the-agent,[]
+Yandex.Disk,,Yandex.Disk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Yandex\*, *\Yandex\*, *\YandexDisk2.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/yandex.disk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Yandex.Disk RMM tool""}]",,[]
 ITSupport247 (ConnectWise),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,saazapsc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.itsupport247.net"", ""itsupport247.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__network_sigma.yml"", ""Description"": ""Detects potential network activity of ITSupport247 (ConnectWise) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool""}]",https://control.itsupport247.net/,[]
-GoodSync,,GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"installation requires paid version of GoodSync Server, installation requires paid version of GoodSync Server, GoodSync-vsub-Setup.exe, A40B81B36CDC2D24910FC58816E50DCDE21BD1A9","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goodsync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GoodSync RMM tool""}]",,[]
-DesktopNow,,DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,desktopnow.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.nchuser.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_network_sigma.yml"", ""Description"": ""Detects potential network activity of DesktopNow RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DesktopNow RMM tool""}]",https://forums.ivanti.com/s/article/Network-Ports-used-by-Environment-Manager?language=en_US,[]
-Remmina,,Remmina is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-CloudMounter,,CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\CloudMounter\*, *\CloudMounter\*, *\CloudMounter\*, *\cloudmounter.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudmounter_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudMounter RMM tool""}]",,[]
-Distant Desktop,,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"distant-desktop.exe, dd.exe, ddsystem.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.distantdesktop.com"", ""*signalserver.xyz""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Distant Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Distant Desktop RMM tool""}]",https://www.distantdesktop.com/manual/first-start.htm,[]
+WinSCP,,WinSCP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\IEUser\Downloads\WinSCP-5.21.6-Portable\*, *\WinSCP*Portable\*, *\WinSCP.exe, *\WinSCP\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/winscp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of WinSCP RMM tool""}]",,[]
+Zabbix Agent,,Zabbix Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,zabbix_agent*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""zabbix.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zabbix_agent_network_sigma.yml"", ""Description"": ""Detects potential network activity of Zabbix Agent RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zabbix_agent_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Zabbix Agent RMM tool""}]",https://www.zabbix.com/documentation/current/en/manual/appendix/install/windows_agent,[]
+Splashtop,,Splashtop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,Nasreddine Bencherchali,,,,,,,,,,,,,,"C:\Program Files (x86)\Splashtop\*, *\Splashtop\Splashtop Remote\Client for RMM\*, strwinclt.exe","{""Disk"": [{""File"": ""C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Status%4Operational.evtx"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Remote Session%4Operational.evtx"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Splashtop\\Temp\\log\\FTCLog.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\agent_log.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\SPLog.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\svcinfo.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\sysinfo.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRService.exe"", ""Description"": ""Splashtop Remote Service"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRAgent.exe"", ""Description"": ""SplashTop Remote Agent"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Software Updater\\SSUAgent.exe"", ""Description"": ""Splashtop Updater"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRUtility.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\db\\SRAgent.sqlite3"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""Splashtop Software Updater Service"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Software Updater\\\\SSUService.exe\"""", ""Description"": ""Service installation event as result of Splashtop Software Updater Service installation.""}, {""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""Splashtop\u00ae Remote Service"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"""", ""Description"": ""Service installation event as result of Splashtop Remote Service installation.""}, {""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""SplashtopRemoteService"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"""", ""Description"": ""Service installation event as result of Splashtop Remote Service installation.""}], ""Registry"": [{""Path"": ""KLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\*"", ""Description"": ""Splashtop Inc. registry key""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater"", ""Description"": ""Splashtop Software Updater uninstall key""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\SplashtopRemoteService"", ""Description"": ""Splashtop Remote Service registry key""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Remote Session/Operational"", ""Description"": ""Splashtop Streamer Remote Session event log channel""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Status/Operational"", ""Description"": ""Splashtop Streamer Status event log channel""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater\\InstallRefCount"", ""Description"": ""Splashtop Software Updater install reference count""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Network\\SplashtopRemoteService"", ""Description"": ""Splashtop Remote Service safe boot configuration""}, {""Path"": ""HKU\\.DEFAULT\\Software\\Splashtop Inc.\\*"", ""Description"": ""Default user Splashtop Inc. registry key""}, {""Path"": ""HKU\\SID\\Software\\Splashtop Inc.\\*"", ""Description"": ""User-specific Splashtop Inc. registry key""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\Splashtop PDF Remote Printer"", ""Description"": ""Splashtop PDF Remote Printer configuration""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\Splashtop Remote Server\\ClientInfo\\*"", ""Description"": ""Splashtop Remote Server client information""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.splashtop.com""], ""Ports"": [""N/A""]}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Splashtop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Splashtop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_files_sigma.yml"", ""Description"": ""Detects potential files activity of Splashtop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Splashtop RMM tool""}]",https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html,"[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}]"
+eHorus,,eHorus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,ehorus standalone.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""ehorus.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_network_sigma.yml"", ""Description"": ""Detects potential network activity of eHorus RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of eHorus RMM tool""}]",,[]
+CloudHQ,,CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+BeyondTrust (Bomgar),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"bomgar-scc.exe, bomgar-rdp.exe, bomgar-scc-*.exe, bomgar-pac-*.exe, bomgar-pac.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""bomgarcloud.com"", ""*.bomgarcloud.com"", ""*.beyondtrustcloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml"", ""Description"": ""Detects potential network activity of BeyondTrust (Bomgar) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeyondTrust (Bomgar) RMM tool""}]",https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm,[]
+OCS inventory,,OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"ocsinventory.exe, ocsservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ocsinventory-ng.org""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_network_sigma.yml"", ""Description"": ""Detects potential network activity of OCS inventory RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of OCS inventory RMM tool""}]",https://ocsinventory-ng.org/?page_id=878&lang=en,[]
+CentraStage (Now Datto),,CentraStage (Now Datto) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"CagService.exe, AEMAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.rmm.datto.com"", ""*cc.centrastage.net"", ""datto.com/au/products/rmm/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__network_sigma.yml"", ""Description"": ""Detects potential network activity of CentraStage (Now Datto) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CentraStage (Now Datto) RMM tool""}]",https://rmm.datto.com/help/de/Content/1INTRODUCTION/Requirements/AllowListRequirements.htm,[]
+XRDP,,XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+FleetDesk.io,,FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"fleetdeck_agent_svc.exe, fleetdeck_commander_svc.exe, fleetdeck_installer.exe, fleetdeck_agent.exe, fleetdeck_commander_launcher.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fleetdeck.io"", ""cognito-idp.us-west-2.amazonaws.com"", ""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDesk.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDesk.io RMM tool""}]",https://fleetdeck.io/faq/,[]
+Atera,,"Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransomware or facilitate command execution and lateral movement.
+",,2024/08/03,,https://www.atera.com/,AteraAgent.exe,AteraAgent.exe,AteraAgent,,SYSTEM,30 day trial,None,"Windows, MacOS, Linux","Integrated remote access with Splashtop and AnyDesk, Remote monitoring and management, Patch management, Network discovery, Backup and disaster recovery, Helpdesk and ticketing, Reporting and analytics, Billing and invoicing, Customer portal, Mobile app","CVE-2023-26078, CVE-2023-26077","*\AgentPackageNetworkDiscovery.exe, *\AgentPackageTaskScheduler.exe, *\ATERA Networks\AteraAgent\*, *\AteraAgent.exe, atera_agent.exe, atera_agent.exe, ateraagent.exe, C:\Program Files\ATERA Networks\AteraAgent\*, C:\Program Files\Atera Networks, C:\Program Files (x86)\Atera Networks, syncrosetup.exe","{""Disk"": [{""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageRunCommandInteractive\\log.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\*"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\AteraAgent.exe"", ""Description"": ""Atera service binary"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\Atera Networks\\AlphaAgent.exe"", ""Description"": ""Atera service binary"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageSTRemote\\AgentPackageSTRemote.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageMonitoring\\AgentPackageMonitoring.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageHeartbeat\\AgentPackageHeartbeat.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageFileExplorer\\AgentPackageFileExplorer.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageRunCommandInteractive\\AgentPackageRunCommandInteractive.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""AteraAgent"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\ATERA Networks\\\\AteraAgent\\\\AteraAgent.exe\"""", ""Description"": ""Service installation event as result of AteraAgent installation.""}, {""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""WinRing0_1_2_0"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\ATERA Networks\\\\AteraAgent\\\\Packages\\\\AgentPackageMonitoring\\\\OpenHardwareMonitorLib.sys\"""", ""Description"": ""Service installation event as result of Atera pakcage manager installation.""}, {""EventID"": 11707, ""ProviderName"": ""MsiInstaller"", ""LogFile"": ""Application.evtx"", ""Data"": ""Product: AteraAgent -- Installation completed successfully."", ""Description"": ""Service installation event as result of AteraAgent installation.""}, {""EventID"": 4688, ""ProviderName"": ""Microsoft-Security-Auditing"", ""LogFile"": ""Security.evtx"", ""CommandLine"": ""C:\\\\Program Files\\\\ATERA Networks\\\\AteraAgent\\\\Packages\\\\AgentPackageFileExplorer\\\\AgentPackageFileExplorer.exe XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX agent-api.atera.com/Production 443 [BASE64BLOB]"", ""Description"": ""Service installation event as result of AteraAgent installation.""}], ""Registry"": [{""Path"": ""HKLM\\SOFTWARE\\ATERA Networks\\AlphaAgent"", ""Description"": null}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\AteraAgent"", ""Description"": null}, {""Path"": ""KLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc."", ""Description"": null}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater"", ""Description"": null}, {""Path"": ""HKLM\\SYSTEM\\ControlSet\\Services\\EventLog\\Application\\AlphaAgent"", ""Description"": null}, {""Path"": ""HKLM\\SYSTEM\\ControlSet\\Services\\EventLog\\Application\\AteraAgent"", ""Description"": null}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Tracing\\AteraAgent_RASAPI32"", ""Description"": null}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Tracing\\AteraAgent_RASMANCS"", ""Description"": null}, {""Path"": ""HKLM\\SOFTWARE\\ATERA Networks\\*"", ""Description"": null}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""pubsub.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""pubsub.pubnub.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""agentreporting.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""getalphacontrol.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""app.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""agenthb.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""packagesstore.blob.core.windows.net""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""ps.pndsn.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""agent-api.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""cacerts.thawte.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""agentreportingstore.blob.core.windows.net""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""atera-agent-heartbeat.servicebus.windows.net""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""ps.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""atera.pubnubapi.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""appcdn.atera.com""], ""Ports"": [""N/A""]}]}","[{""Sigma"": ""https://github.com/The-DFIR-Report/Sigma-Rules/blob/d67407d357ad32b247e2a303abc5a38bb30fd576/rules/windows/process_creation/proc_creation_win_ateraagent_malicious_installations.yml"", ""Name"": ""AteraAgent malicious installations"", ""Description"": ""Detects AteraAgent installations with suspicious command line arguments.""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/builtin/application/msiinstaller/win_software_atera_rmm_agent_install.yml"", ""Name"": ""Atera Agent Installation"", ""Description"": ""Detects Atera Agent installation.""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Atera RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_network_sigma.yml"", ""Description"": ""Detects potential network activity of Atera RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_files_sigma.yml"", ""Description"": ""Detects potential files activity of Atera RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Atera RMM tool""}]","https://support.atera.com/hc/en-us/articles/360015461139-Firewall-Settings-for-Atera-s-Integrations, https://support.atera.com/hc/en-us/articles/215955967-Troubleshoot-Atera-s-Windows-agent, https://support.atera.com/hc/en-us/articles/115015619747-Release-Notes-February-2018, https://thedfirreport.com/?s=ateraagent","[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}, {""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}, {""Person"": ""Kostas"", ""Handle"": ""@kostastsale""}]"
+CuteFTP,,CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Globalscape\CuteFTP\*, *\Globalscape\CuteFTP\*, *\cuteftppro.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cuteftp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CuteFTP RMM tool""}]",,[]
+SuperPuTTY,,SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Downloads\SuperPuTTY\*, *Downloads\SuperPuTTY\*, *\superputty.exe, *\SuperPuTTY\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superputty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SuperPuTTY RMM tool""}]",,[]
+NoteOn-desktop sharing,,NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"nateon*.exe, nateon.exe, nateonmain.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/noteon-desktop_sharing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NoteOn-desktop sharing RMM tool""}]",,[]
+X2Go,,X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Cruz,,Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""resources.doradosoftware.com/cruz-rmm""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cruz_network_sigma.yml"", ""Description"": ""Detects potential network activity of Cruz RMM tool""}]",,[]
+GoToAssist,,GoToAssist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"gotoassist.exe, g2a*.exe, GoTo Assist Opener.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""goto.com"", ""*.getgo.com"", ""*.fastsupport.com"", ""*.gotoassist.com"", ""helpme.net"", ""*.gotoassist.me"", ""*.gotoassist.at"", ""*.desktopstreaming.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotoassist_network_sigma.yml"", ""Description"": ""Detects potential network activity of GoToAssist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotoassist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GoToAssist RMM tool""}]",https://help.gotoassist.com/remote-support/help/what-should-i-allow-on-my-firewall-for-gotoassist-remote-support-v5,[]
+Lite Manager,,Lite Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\LiteManager Pro – Viewer\*, *\LiteManager Pro – Viewer\*, *\LMNoIpServer.exe.","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
 DameWare,,DameWare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"SolarWinds-Dameware-DRS*.exe, DameWare Mini Remote Control*.exe, C:\Windows\dwrcs\*
  c:\Program File\SolarWinds\Dameware Mini Remote Control\*, dwrcs.exe, *\dwrcs\*, *\dwrcst.exe, DameWare Remote Support.exe, SolarWinds-Dameware-MRC*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DameWare RMM tool""}]",https://documentation.solarwinds.com/en/success_center/dameware/content/install-standalone-port-requirements.htm,[]
-Level,,Level is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""level.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level_network_sigma.yml"", ""Description"": ""Detects potential network activity of Level RMM tool""}]",,[]
+Total Software Deployment,,Total Software Deployment is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\ProgramData\Total Software Deployment\*, *\Total Software Deployment\*, *\tniwinagent.exe, *\Tsdservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/total_software_deployment_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Total Software Deployment RMM tool""}]",,[]
+Laplink Everywhere,,Laplink Everywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"laplink.exe, laplink-everywhere-setup*.exe, laplinkeverywhere.exe, llrcservice.exe, serverproxyservice.exe, OOSysAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""everywhere.laplink.com"", ""le.laplink.com"", ""atled.syspectr.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_everywhere_network_sigma.yml"", ""Description"": ""Detects potential network activity of Laplink Everywhere RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_everywhere_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Laplink Everywhere RMM tool""}]",https://everywhere.laplink.com/docs,[]
+FreeNX,,FreeNX is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\nxplayer.exe, *\nxplayer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freenx_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FreeNX RMM tool""}]",,[]
+SkyFex,,SkyFex is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Deskroll.exe, DeskRollUA.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""skyfex.com"", ""deskroll.com"", ""*.deskroll.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_network_sigma.yml"", ""Description"": ""Detects potential network activity of SkyFex RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SkyFex RMM tool""}]",https://skyfex.com/,[]
+AnyDesk,RMM,"AnyDesk is a popular remote desktop software that enables users to access and control a computer or device from a remote location. It was developed with the primary goal of facilitating remote work, technical support, and collaboration between individuals and teams.
+","Ali Alwashali, Nasreddine Bencherchali",2023-09-29,2024-08-02,https://anydesk.com/en,anydesk.exe,AnyDesk.exe,AnyDesk,AnyDesk,User,True,False,"Android, ChromeOS, IOS, Linux, Mac, Windows","File Transfer, File System Access, Remote Control, GUI Support, Command line Support",https://www.cvedetails.com/vulnerability-list/vendor_id-16953/product_id-40173/Anydesk-Anydesk.html,"C:\Program Files (x86)\AnyDesk\*, C:\Program Files\AnyDesk\*","{""Disk"": [{""File"": ""%programdata%\\AnyDesk\\ad_svc.trace"", ""Description"": ""AnyDesk service log file. As well as ad.trace, we can determine the IP address of the other participant and its AnyDesk ID when a connection is established."", ""OS"": ""Windows"", ""Example"": [""info 2022-08-23 10:20:11.969       gsvc   4628   3528    3                anynet.relay_conn - External address: 34.xx.xx.123:46798""]}, {""File"": ""%programdata%\\AnyDesk\\connection_trace.txt"", ""Description"": ""Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)"", ""OS"": ""Windows"", ""Example"": [""Incoming 2022-08-23, 10:23 Passwd 547911884 547911884"", ""Incoming 2022-09-28, 12:39 User 442226597 442226597""]}, {""File"": ""%APPDATA%\\AnyDesk\\connection_trace.txt"", ""Description"": ""Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)"", ""OS"": ""Windows"", ""Example"": [""Incoming 2022-08-23, 10:23 Passwd 547911884 547911884"", ""Incoming 2022-09-28, 12:39 User 442226597 442226597""]}, {""File"": ""%APPDATA%\\AnyDesk\\ad.trace"", ""Description"": ""AnyDesk user interface log file. In this log file, we can determine the IP address of the other participant and its AnyDesk ID. It is also possible to track events of file transfer. Below is the Client ID and external IP address of the remote participant."", ""OS"": ""Windows"", ""Example"": [""info 2022-09-28 12:39:26.845       lsvc   9952   9944   21                anynet.any_socket - Client-ID: 442226597 (FPR: 8e28a2a25b30)."", ""info 2022-09-28 12:39:26.845       lsvc   9952   9944   21                anynet.any_socket - Logged in from 12.xx.xx.21:59562 on relay 80e496c0.""]}, {""File"": ""%APPDATA%\\AnyDesk\\chat\\*.txt"", ""Description"": ""If the chat functionality is used, its entries will be printed in a text file in this folder."", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\AnyDesk\\user.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\AnyDesk\\service.conf"", ""Description"": ""Password can be set to auto-validate the session. The password will be saved in a salted hash format."", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\AnyDesk\\service.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\AnyDesk\\system.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\AnyDesk\\system.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\AnyDesk.lnk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\AnyDesk\\Uninstall AnyDesk.lnk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\Videos\\AnyDesk\\*.anydesk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\AnyDesk\\*"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""~/Library/Application Support/AnyDesk/Logs/"", ""Description"": ""N/A"", ""OS"": ""Mac""}, {""File"": ""~/.config/AnyDesk/Logs/"", ""Description"": ""N/A"", ""OS"": ""Linux""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""AnyDesk Service"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\AnyDesk\\\\AnyDesk.exe\"" --service"", ""Description"": ""Service installation event as result of AnyDesk installation.""}], ""Registry"": [{""Path"": ""HKLM\\SOFTWARE\\Clients\\Media\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Classes\\.anydesk\\shell\\open\\command"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Classes\\AnyDesk\\shell\\open\\command"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\AnyDesk Printer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\USBPRINT\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\WSDPRINT\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AnyDesk"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""During setup the boot.net.anydesk.com domain is request over port 443"", ""Domains"": [""boot.net.anydesk.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""relay-[a-f0-9]{8}.net.anydesk.com:443""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.anydesk.com""], ""Ports"": [443]}], ""Other"": [{""Type"": ""User-Agent"", ""Value"": ""AnyDesk/*""}, {""Type"": ""NamedPipe"", ""Value"": ""adprinterpipe""}]}","[{""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/builtin/system/service_control_manager/win_system_service_install_anydesk.yml"", ""Description"": ""Anydesk Remote Access Software Service Installation""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/file/file_event/file_event_win_anydesk_artefact.yml"", ""Description"": ""N/A""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk.yml"", ""Description"": ""N/A""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk_silent_install.yml"", ""Description"": ""Remote Access Tool - AnyDesk Silent Installation""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of AnyDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of AnyDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_files_sigma.yml"", ""Description"": ""Detects potential files activity of AnyDesk RMM tool""}]","https://support.anydesk.com/knowledge/firewall, https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html, https://github.com/mthcht/awesome-lists/tree/79ced75eebe53bcabf1235b3c17eb11788875482/Lists/RMM/anydesk, https://ruler-project.github.io/ruler-project/RULER/remote/AnyDesk/","[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}, {""Person"": ""Ali Alwashali"", ""Handle"": ""@ali_alwashali""}, {""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]"
+ManageEngine RMM Central,,ManageEngine RMM Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""manageengine.com/remote-monitoring-management/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_rmm_central_network_sigma.yml"", ""Description"": ""Detects potential network activity of ManageEngine RMM Central RMM tool""}]",,[]
+Ocamlfuse,,Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Koofr,,Koofr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
 Insync,,Insync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\USERNAME\AppData\Roaming\Insync\App\Insync.exe, *Users\*\AppData\Roaming\Insync\App\Insync.exe, *\Insync.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/insync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Insync RMM tool""}]",,[]
-Bomgar - Now BeyondTrust,,Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-ISL Online,,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"*\ISLLight.exe, isllight.exe, ISLLightClient.exe, C:\Program Files (x86)\ISL Online\ISL Light*, *\ISL Online\ISL Light*, ISLLight.exe, isllightservice.exe, islalwaysonmonitor.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.islonline.com"", ""*.islonline.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml"", ""Description"": ""Detects potential network activity of ISL Online RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ISL Online RMM tool""}]",https://help.islonline.com/19818/165940,[]
-Remote.it,,Remote.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"remote-it-installer.exe, remote.it.exe, remoteit.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""auth.api.remote.it"", ""api.remote.it"", ""remote.it""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote.it RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote.it RMM tool""}]",https://docs.remote.it/introduction/get-started,[]
-Core FTP,,Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\coreftplite.exe, *\coreftplite.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/core_ftp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Core FTP RMM tool""}]",,[]
-Netreo,,Netreo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""charon.netreo.net"", ""activation.netreo.net"", ""*.api.netreo.com"", ""netreo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netreo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Netreo RMM tool""}]",https://solutions.netreo.com/docs/firewall-requirements,[]
-CuteFTP,,CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Globalscape\CuteFTP\*, *\Globalscape\CuteFTP\*, *\cuteftppro.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cuteftp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CuteFTP RMM tool""}]",,[]
-CloudBuckIt,,CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\CloudBuckIt\*, *\CloudBuckIt\*, *\CloudBuckIt*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudbuckit_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudBuckIt RMM tool""}]",,[]
-NoteOn-desktop sharing,,NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"nateon*.exe, nateon.exe, nateonmain.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/noteon-desktop_sharing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NoteOn-desktop sharing RMM tool""}]",,[]
-Royal TS,,Royal TS is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,royalts.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""royalapps.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal TS RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Royal TS RMM tool""}]",,[]
-DeskNets,,DeskNets is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://www.desknets.com/en/download.html,[]
-QQ IM-remote assistance,,QQ IM-remote assistance is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"qq.exe, QQProtect.exe, qqpcmgr.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.mdt.qq.com"", ""*.desktop.qq.com"", ""upload_data.qq.com"", ""qq-messenger.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_network_sigma.yml"", ""Description"": ""Detects potential network activity of QQ IM-remote assistance RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of QQ IM-remote assistance RMM tool""}]",https://en.wikipedia.org/wiki/Tencent_QQ,[]
-PuTTY Tray,,PuTTY Tray is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\puttytray.exe, *\puttytray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/putty_tray_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PuTTY Tray RMM tool""}]",,[]
-FileZilla,,FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\FileZilla FTP Client\*, *\FileZilla FTP Client\*, *\FileZilla.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/filezilla_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FileZilla RMM tool""}]",,[]
-XRDP,,XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-FastViewer,,FastViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"fastclient.exe, fastmaster.exe, FastViewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fastviewer.com"", ""fastviewer.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of FastViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FastViewer RMM tool""}]",https://fastviewer.com/demo/EN_FastViewer_Server%20Installation%20Configuration.pdf,[]
-Jump Desktop,,Jump Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"jumpclient.exe, jumpdesktop.exe, jumpservice.exe, jumpconnect.exe, jumpupdater.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.jumpdesktop.com"", ""jumpdesktop.com"", ""jumpto.me"", ""*.jumpto.me""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Jump Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Jump Desktop RMM tool""}]",https://support.jumpdesktop.com/hc/en-us/articles/360042490351-Administrators-Guide-For-Jump-Desktop-Connect,[]
+Neturo,,Neturo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"neturo*.exe, ntrntservice.exe, neturo.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""neturo.uplus.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/neturo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Neturo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/neturo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Neturo RMM tool""}]","Obscure, located an older copy here: http://www.iconpos.com/pos/home/iconpos/bbs.php?id=file&q=view&uid=2",[]
+Naverisk,,Naverisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,AgentSetup-*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""naverisk.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/naverisk_network_sigma.yml"", ""Description"": ""Detects potential network activity of Naverisk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/naverisk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Naverisk RMM tool""}]",http://kb.naverisk.com/en/articles/2811223-deploying-naverisk-agents,[]
+ISL Light,,ISL Light is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"islalwaysonmonitor.exe, isllight.exe, isllightservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""islonline.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_network_sigma.yml"", ""Description"": ""Detects potential network activity of ISL Light RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ISL Light RMM tool""}]",,[]
+Pocket Controller,,Pocket Controller is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"pocketcontroller.exe, pocketcloudservice.exe, wysebrowser.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""soti.net/products/soti-pocket-controller""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pocket Controller RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pocket Controller RMM tool""}]",,[]
+Encapto,,Encapto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""encapto.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/encapto_network_sigma.yml"", ""Description"": ""Detects potential network activity of Encapto RMM tool""}]",https://www.encapto.com - used to manage Cisco services,[]
+BeyondTrust,,BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Amazon (Cloud) Drive,,Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Local\Amazon\Cloud Drive\*, *\AppData\Local\Amazon\Cloud Drive\*, *\AmazonCloudDrive.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/amazon__cloud__drive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Amazon (Cloud) Drive RMM tool""}]",,[]
+N-ABLE Remote Access Software,,N-ABLE Remote Access Software is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""n-able.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_remote_access_software_network_sigma.yml"", ""Description"": ""Detects potential network activity of N-ABLE Remote Access Software RMM tool""}]",,[]
+Guacamole,,Guacamole is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,guacd.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""guacamole.apache.org""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_network_sigma.yml"", ""Description"": ""Detects potential network activity of Guacamole RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Guacamole RMM tool""}]",guacamole.apache.org,[]
+Microsoft RDP,,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"termsrv.exe, mstsc.exe, Microsoft Remote Desktop","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft RDP RMM tool""}]",https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows,[]
+Royal Apps,,Royal Apps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"royalserver.exe, royalts.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal Apps RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Royal Apps RMM tool""}]",https://www.royalapps.com/ts/win/download,[]
+Proton Drive,,Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+ConnectWise,,ConnectWise is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\ScreenConnect Client (<string ID>)\*, *\ScreenConnect*Client*\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+RustDesk,,RustDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rustdesk*.exe, rustdesk.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""rustdesk.com"", ""user_managed"", ""web.rustdesk.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of RustDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RustDesk RMM tool""}]",https://rustdesk.com/docs/en/,[]
+RealVNC,,RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+GoToAssist Agent Desktop Console,,GoToAssist Agent Desktop Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\G2RDesktopConsole-x64.msi, *\G2RDesktopConsole-x64.msi","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+RES Automation Manager,,RES Automation Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"wisshell*.exe, wmc.exe, wmc_deployer.exe, wmcsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ivanti.com/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_network_sigma.yml"", ""Description"": ""Detects potential network activity of RES Automation Manager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RES Automation Manager RMM tool""}]",https://forums.ivanti.com/s/article/INFO-Which-ports-does-Ivanti-Automation-use?language=en_US&ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1,[]
+Zoho Assist,,Zoho Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"zaservice.exe, ZMAgent.exe, C:\*\ZA_Access.exe, ZohoMeeting.exe, Zohours.exe, zohotray.exe, ZohoURSService.exe, *\ZA_Access.exe, Zaservice.exe, za_connect.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.zoho.com.au"", ""*.zohoassist.jp"", ""assist.zoho.com"", ""zoho.com/assist/"", ""*.zoho.in"", ""downloads.zohodl.com.cn"", ""*.zohoassist.com"", ""downloads.zohocdn.com"", ""gateway.zohoassist.com"", ""*.zohoassist.com.cn"", ""*.zoho.com.cn"", ""*.zoho.com"", ""*.zoho.eu""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Zoho Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Zoho Assist RMM tool""}]",https://www.zoho.com/assist/kb/firewall-configuration.html,[]
+Weezo,,Weezo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"weezohttpd.exe, weezo.exe, weezo setup*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.weezo.me"", ""weezo.net"", ""*.weezo.net"", ""weezo.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Weezo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Weezo RMM tool""}]",weezo.en.softonic.com,[]
+Microsoft RDP,,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,mstsc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft RDP RMM tool""}]",https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows,[]
+NinjaRMM,,NinjaRMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"ninjarmmagent.exe, NinjaRMMAgent.exe, NinjaRMMAgenPatcher.exe, ninjarmm-cli.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ninjarmm.com"", ""*.ninjaone.com"", ""resources.ninjarmm.com"", ""ninjaone.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_network_sigma.yml"", ""Description"": ""Detects potential network activity of NinjaRMM RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NinjaRMM RMM tool""}]",https://www.ninjaone.com/faq/,[]
+FixMe.it,,FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"FixMeit Unattended Access Setup.exe, TiExpertStandalone.exe, FixMeitClient*.exe, FixMeit Client.exe, FixMeit Expert Setup.exe, TiExpertCore.exe, fixmeitclient.exe, TiClientCore.exe, TiClientHelper*.exe, no installation required | recommend blocking fixme[.]it SaaS portal, no installation required | recommend blocking fixme[.]it SaaS portal, 9380CC75B872221A7425D7503565B67580407F60","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fixme.it"", ""*.techinline.net"", ""fixme.it"", ""*set.me"", ""*setme.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_network_sigma.yml"", ""Description"": ""Detects potential network activity of FixMe.it RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FixMe.it RMM tool""}]",https://docs.fixme.it/general-questions/which-ports-and-servers-does-fixme-it-use,[]
 pCloud,,pCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\pCloud Drive\, *\pCloud Drive\, *\pCloud.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcloud_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of pCloud RMM tool""}]",,[]
 Ivanti Remote Control,,Ivanti Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"IvantiRemoteControl.exe, ArcUI.exe, AgentlessRC.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ivanticloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ivanti_remote_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of Ivanti Remote Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ivanti_remote_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ivanti Remote Control RMM tool""}]",https://rc1.ivanticloud.com/,[]
-BeInSync,,BeInSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,Beinsync*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.beinsync.net"", ""*.beinsync.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_network_sigma.yml"", ""Description"": ""Detects potential network activity of BeInSync RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeInSync RMM tool""}]",https://en.wikipedia.org/wiki/Phoenix_Technologies,[]
-NateOn-desktop sharing,,NateOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nateon*.exe, nateon.exe, nateonmain.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.nate.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_network_sigma.yml"", ""Description"": ""Detects potential network activity of NateOn-desktop sharing RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NateOn-desktop sharing RMM tool""}]",http://rsupport.nate.com/rview/r8/main/index.aspx,[]
-Xeox,,Xeox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"xeox-agent_x64.exe, xeox_service_windows.exe, xeox-agent_*.exe, xeox-agent_x86.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.xeox.com"", ""xeox.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_network_sigma.yml"", ""Description"": ""Detects potential network activity of Xeox RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Xeox RMM tool""}]",https://help.xeox.com/knowledge-base/gSuyNfDH6u79M82utnswf2/firewall-settings-xeox-agent-and-integrations/47T7S9tZJ2L1Z2W5gwuXoW,[]
-WinSCP,,WinSCP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\IEUser\Downloads\WinSCP-5.21.6-Portable\*, *\WinSCP*Portable\*, *\WinSCP.exe, *\WinSCP\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/winscp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of WinSCP RMM tool""}]",,[]
-Desktop Central,,Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,dcagentservice.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""desktopcentral.manageengine.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml"", ""Description"": ""Detects potential network activity of Desktop Central RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Desktop Central RMM tool""}]",,[]
-DW Service,,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"dwagsvc.exe, dwagent.exe, dwagsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.dwservice.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml"", ""Description"": ""Detects potential network activity of DW Service RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DW Service RMM tool""}]",https://news.dwservice.net/dwservice-security-infrastructure/,[]
-NTR Remote,,NTR Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,NTRsupportPro_EN.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ntrsupport.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_network_sigma.yml"", ""Description"": ""Detects potential network activity of NTR Remote RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NTR Remote RMM tool""}]",DOA as of 2024,[]
-aws-cli,,aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Amazon\AWSCLI\*, *\Amazon\AWSCLI\*, *\AWSCLIV*.msi, *\AWSCLISetup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aws-cli_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of aws-cli RMM tool""}]",,[]
-TurboMeeting,,TurboMeeting is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"pcstarter.exe, turbomeeting.exe, turbomeetingstarter.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""acceo.com/turbomeeting/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_network_sigma.yml"", ""Description"": ""Detects potential network activity of TurboMeeting RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TurboMeeting RMM tool""}]",http://sourcing.rhubcom.com/v5/faqs.html#collapsetwentysix2-topdiv,[]
-RemoteUtilities,,RemoteUtilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"rutview.exe, *\Remote Manipulator System - Server\*, C:\Program Files\Remote Utilities\*, *\Remote Utilities\*, rutserv.exe, *\rutserv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""remoteutilities.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemoteUtilities RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemoteUtilities RMM tool""}]",,[]
-BeyondTrust (Bomgar),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"bomgar-scc.exe, bomgar-rdp.exe, bomgar-scc-*.exe, bomgar-pac-*.exe, bomgar-pac.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""bomgarcloud.com"", ""*.bomgarcloud.com"", ""*.beyondtrustcloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml"", ""Description"": ""Detects potential network activity of BeyondTrust (Bomgar) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeyondTrust (Bomgar) RMM tool""}]",https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm,[]
-Pulseway,,Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"PCMonitorManager.exe, pcmonitorsrv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""pulseway.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pulseway RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pulseway RMM tool""}]",https://intercom.help/pulseway/en/,[]
-Panorama9,,Panorama9 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,p9agent*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""trusted.panorama9.com"", ""changes.panorama9.com"", ""panorama9.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_network_sigma.yml"", ""Description"": ""Detects potential network activity of Panorama9 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Panorama9 RMM tool""}]",https://support.panorama9.com/en/articles/1859605-what-ports-and-hosts-does-the-p9-agent-communicate-with,[]
-Atera,,"Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransomware or facilitate command execution and lateral movement.
-",,2024/08/03,,https://www.atera.com/,AteraAgent.exe,AteraAgent.exe,AteraAgent,,SYSTEM,30 day trial,None,"Windows, MacOS, Linux","Integrated remote access with Splashtop and AnyDesk, Remote monitoring and management, Patch management, Network discovery, Backup and disaster recovery, Helpdesk and ticketing, Reporting and analytics, Billing and invoicing, Customer portal, Mobile app","CVE-2023-26078, CVE-2023-26077","*\AgentPackageNetworkDiscovery.exe, *\AgentPackageTaskScheduler.exe, *\ATERA Networks\AteraAgent\*, *\AteraAgent.exe, atera_agent.exe, atera_agent.exe, ateraagent.exe, C:\Program Files\ATERA Networks\AteraAgent\*, C:\Program Files\Atera Networks, C:\Program Files (x86)\Atera Networks, syncrosetup.exe","{""Disk"": [{""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageRunCommandInteractive\\log.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\*"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\AteraAgent.exe"", ""Description"": ""Atera service binary"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\Atera Networks\\AlphaAgent.exe"", ""Description"": ""Atera service binary"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageSTRemote\\AgentPackageSTRemote.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageMonitoring\\AgentPackageMonitoring.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageHeartbeat\\AgentPackageHeartbeat.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageFileExplorer\\AgentPackageFileExplorer.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageRunCommandInteractive\\AgentPackageRunCommandInteractive.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""AteraAgent"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\ATERA Networks\\\\AteraAgent\\\\AteraAgent.exe\"""", ""Description"": ""Service installation event as result of AteraAgent installation.""}, {""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""WinRing0_1_2_0"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\ATERA Networks\\\\AteraAgent\\\\Packages\\\\AgentPackageMonitoring\\\\OpenHardwareMonitorLib.sys\"""", ""Description"": ""Service installation event as result of Atera pakcage manager installation.""}, {""EventID"": 11707, ""ProviderName"": ""MsiInstaller"", ""LogFile"": ""Application.evtx"", ""Data"": ""Product: AteraAgent -- Installation completed successfully."", ""Description"": ""Service installation event as result of AteraAgent installation.""}, {""EventID"": 4688, ""ProviderName"": ""Microsoft-Security-Auditing"", ""LogFile"": ""Security.evtx"", ""CommandLine"": ""C:\\\\Program Files\\\\ATERA Networks\\\\AteraAgent\\\\Packages\\\\AgentPackageFileExplorer\\\\AgentPackageFileExplorer.exe XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX agent-api.atera.com/Production 443 [BASE64BLOB]"", ""Description"": ""Service installation event as result of AteraAgent installation.""}], ""Registry"": [{""Path"": ""HKLM\\SOFTWARE\\ATERA Networks\\AlphaAgent"", ""Description"": null}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\AteraAgent"", ""Description"": null}, {""Path"": ""KLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc."", ""Description"": null}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater"", ""Description"": null}, {""Path"": ""HKLM\\SYSTEM\\ControlSet\\Services\\EventLog\\Application\\AlphaAgent"", ""Description"": null}, {""Path"": ""HKLM\\SYSTEM\\ControlSet\\Services\\EventLog\\Application\\AteraAgent"", ""Description"": null}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Tracing\\AteraAgent_RASAPI32"", ""Description"": null}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Tracing\\AteraAgent_RASMANCS"", ""Description"": null}, {""Path"": ""HKLM\\SOFTWARE\\ATERA Networks\\*"", ""Description"": null}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""pubsub.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""pubsub.pubnub.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""agentreporting.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""getalphacontrol.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""app.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""agenthb.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""packagesstore.blob.core.windows.net""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""ps.pndsn.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""agent-api.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""cacerts.thawte.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""agentreportingstore.blob.core.windows.net""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""atera-agent-heartbeat.servicebus.windows.net""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""ps.atera.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""atera.pubnubapi.com""], ""Ports"": [""N/A""]}, {""Description"": ""N/A"", ""Domains"": [""appcdn.atera.com""], ""Ports"": [""N/A""]}]}","[{""Sigma"": ""https://github.com/The-DFIR-Report/Sigma-Rules/blob/d67407d357ad32b247e2a303abc5a38bb30fd576/rules/windows/process_creation/proc_creation_win_ateraagent_malicious_installations.yml"", ""Name"": ""AteraAgent malicious installations"", ""Description"": ""Detects AteraAgent installations with suspicious command line arguments.""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/builtin/application/msiinstaller/win_software_atera_rmm_agent_install.yml"", ""Name"": ""Atera Agent Installation"", ""Description"": ""Detects Atera Agent installation.""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Atera RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_network_sigma.yml"", ""Description"": ""Detects potential network activity of Atera RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_files_sigma.yml"", ""Description"": ""Detects potential files activity of Atera RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Atera RMM tool""}]","https://support.atera.com/hc/en-us/articles/360015461139-Firewall-Settings-for-Atera-s-Integrations, https://support.atera.com/hc/en-us/articles/215955967-Troubleshoot-Atera-s-Windows-agent, https://support.atera.com/hc/en-us/articles/115015619747-Release-Notes-February-2018, https://thedfirreport.com/?s=ateraagent","[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}, {""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}, {""Person"": ""Kostas"", ""Handle"": ""@kostastsale""}]"
-JollysFastVNC,,JollysFastVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-RunSmart,,RunSmart is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""runsmart.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/runsmart_network_sigma.yml"", ""Description"": ""Detects potential network activity of RunSmart RMM tool""}]",,[]
-Chrome Remote Desktop,,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"remote_host.exe, remoting_host.exe, C:\Program Files (x86)\Google\Chrome Remote Desktop\*, *\Google\Chrome Remote Desktop\*, *\remoting_host.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*remotedesktop.google.com"", ""*remotedesktop-pa.googleapis.com"", ""remotedesktop.google.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Chrome Remote Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Chrome Remote Desktop RMM tool""}]",https://support.google.com/chrome/a/answer/2799701?hl=en,[]
+rdpwrap,,rdpwrap is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"RDPWInst.exe, RDPCheck.exe, RDPConf.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""github.com/stascorp/rdpwrap""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_network_sigma.yml"", ""Description"": ""Detects potential network activity of rdpwrap RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of rdpwrap RMM tool""}]",github.com/stascorp/rdpwrap,[]
+LabTech RMM (Now ConnectWise Automate),,LabTech RMM (Now ConnectWise Automate) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"ltsvc.exe, ltsvcmon.exe, lttray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""connectwise.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/labtech_rmm__now_connectwise_automate__network_sigma.yml"", ""Description"": ""Detects potential network activity of LabTech RMM (Now ConnectWise Automate) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/labtech_rmm__now_connectwise_automate__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LabTech RMM (Now ConnectWise Automate) RMM tool""}]",,[]
+Connectwise Automate (LabTech),,Connectwise Automate (LabTech) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"ltsvc.exe, ltsvcmon.exe, lttray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.hostedrmm.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__network_sigma.yml"", ""Description"": ""Detects potential network activity of Connectwise Automate (LabTech) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Connectwise Automate (LabTech) RMM tool""}]",https://www.connectwise.com/company/announcements/labtech-now-connectwise-automate,[]
+N-Able Advanced Monitoring Agent,,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"BASupSrvc.exe, winagent.exe, BASupApp.exe, BASupTSHelper.exe, Agent_*_RW.exe, BASEClient.exe, BASupSrvcCnfg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.beanywhere.com "", ""systemmonitor.co.uk"", ""*system-monitor.com"", ""cloudbackup.management"", ""*systemmonitor.co.uk"", ""n-able.com"", ""systemmonitor.us"", ""*systemmonitor.eu.com"", ""*.logicnow.com"", ""*.swi-tc.com"", ""*remote.management"", ""systemmonitor.us.cdn.cloudflare.net"", ""*cloudbackup.management"", ""remote.management"", ""logicnow.com"", ""system-monitor.com"", ""*systemmonitor.us"", ""systemmonitor.eu.com"", ""*.n-able.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_network_sigma.yml"", ""Description"": ""Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool""}]",https://documentation.n-able.com/takecontrol/troubleshooting/Content/kb/Take-Control-Standalone-Ports-and-Domains-Firewall-and-AV-Exclusions.htm,[]
+Synergy,,Synergy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/synergy_network_sigma.yml"", ""Description"": ""Detects potential network activity of Synergy RMM tool""}]",https://symless.com/synergy,[]
+LogMeIn rescue,,LogMeIn rescue is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"support-logmeinrescue*.exe, support-logmeinrescue.exe, lmi_rescue.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.logmeinrescue.com"", ""*.logmeinrescue.eu"", ""logmeinrescue.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_network_sigma.yml"", ""Description"": ""Detects potential network activity of LogMeIn rescue RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LogMeIn rescue RMM tool""}]",https://support.logmeinrescue.com/rescue/help/allowlisting-and-rescue,[]
+VNC,,VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"winvnc*.exe, vncserver.exe, winwvc.exe, winvncsc.exe, vncserverui.exe, vncviewer.exe, winvnc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""realvnc.com/en/connect/download/vnc""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of VNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of VNC RMM tool""}]",https://realvnc.com/en/connect/download/vnc,[]
+pcAnywhere,,pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"awhost32.exe, awrem32.exe, pcaquickconnect.exe, winaw32.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_network_sigma.yml"", ""Description"": ""Detects potential network activity of pcAnywhere RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of pcAnywhere RMM tool""}]",https://en.wikipedia.org/wiki/PcAnywhere,[]
+Access Remote PC,,Access Remote PC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"rpcgrab.exe, rpcsetup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/access_remote_pc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Access Remote PC RMM tool""}]",,[]
+GatherPlace-desktop sharing,,GatherPlace-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"gp3.exe, gp4.exe, gp5.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.gatherplace.com"", ""*.gatherplace.net"", ""gatherplace.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_network_sigma.yml"", ""Description"": ""Detects potential network activity of GatherPlace-desktop sharing RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GatherPlace-desktop sharing RMM tool""}]",https://www.gatherplace.com/kb?id=136377,[]
+ODrive,,ODrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\current\, *Users\*\.odrive, *\Odriveapp.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/odrive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ODrive RMM tool""}]",,[]
+Remote Desktop Manager (Devolutions),,Remote Desktop Manager (Devolutions) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+RDPView,,RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,dwrcs.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""systemmanager.ru/dntu.en/rdp_view.htm""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_network_sigma.yml"", ""Description"": ""Detects potential network activity of RDPView RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RDPView RMM tool""}]",systemmanager.ru/dntu.en/rdp_view.htm - Same as Damware,[]
+DragonDisk,,DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Almageste\DragonDisk\*, *\Almageste\DragonDisk\*, *\DragonDisk.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dragondisk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DragonDisk RMM tool""}]",,[]
+Seetrol,,Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"seetrolcenter.exe, seetrolclient.exe, seetrolmyservice.exe, seetrolremote.exe, seetrolsetting.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""seetrol.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_network_sigma.yml"", ""Description"": ""Detects potential network activity of Seetrol RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Seetrol RMM tool""}]",http://www.seetrol.com/en/features/features3.php,[]
 Netviewer (GoToMeet),,Netviewer (GoToMeet) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nvClient.exe, netviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer__gotomeet__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Netviewer (GoToMeet) RMM tool""}]",Obsolute - found copy here: https://www.enviolet.com/en/service/online-consultant.html,[]
+CarotDAV,,CarotDAV is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Rei Software\CarotDAV\*, *\Rei Software\CarotDAV\*, *\CarotDAV.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/carotdav_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CarotDAV RMM tool""}]",,[]
+Duplicati,,Duplicati is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"c:\Program Files\*\Duplicati.Server.exe, *\*\Duplicati.Server.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/duplicati_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Duplicati RMM tool""}]",,[]
+Netop Remote Control (aka Impero Connect),,Netop Remote Control (aka Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"nhostsvc.exe, nhstw32.exe, nldrw32.exe, rmserverconsolemediator.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""imperosoftware.com/impero-connect/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__aka_impero_connect__network_sigma.yml"", ""Description"": ""Detects potential network activity of Netop Remote Control (aka Impero Connect) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__aka_impero_connect__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Netop Remote Control (aka Impero Connect) RMM tool""}]",,[]
+Onionshare,,Onionshare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\OnionShare\*, *\OnionShare\*, *\onionshare*.exe, OnionShare-win*.msi","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/onionshare_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Onionshare RMM tool""}]",,[]
+SecureCRT,,SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\SecureCRT.EXE, *\SecureCRT.EXE, *\VanDyke Software\ClientPack\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/securecrt_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SecureCRT RMM tool""}]",,[]
+GetScreen,,GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"GetScreen.exe, getscreen.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""getscreen.me"", ""GetScreen.me"", ""*.getscreen.me""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_network_sigma.yml"", ""Description"": ""Detects potential network activity of GetScreen RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GetScreen RMM tool""}]",https://docs.getscreen.me/self-hosted/system-requirements/,[]
+Pandora RC (eHorus),,Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"ehorus standalone.exe, ehorus_agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""portal.ehorus.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__network_sigma.yml"", ""Description"": ""Detects potential network activity of Pandora RC (eHorus) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pandora RC (eHorus) RMM tool""}]",https://pandorafms.com/manual/!current/en/documentation/09_pandora_rc/01_pandora_rc_introduction,[]
+Rapid7,,Rapid7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"ir_agent.exe, rapid7_agent_core.exe, rapid7_endpoint_broker.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.analytics.insight.rapid7.com"", ""*.endpoint.ingress.rapid7.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_network_sigma.yml"", ""Description"": ""Detects potential network activity of Rapid7 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Rapid7 RMM tool""}]",https://docs.rapid7.com/insightvm/configure-communications-with-the-insight-platform/,[]
+aws-cli,,aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Amazon\AWSCLI\*, *\Amazon\AWSCLI\*, *\AWSCLIV*.msi, *\AWSCLISetup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aws-cli_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of aws-cli RMM tool""}]",,[]
+Electric AI (Kaseya),,Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://www.electric.ai/product/device-management-solutions - Usess Kaseya/jamf,[]
+Basecamp,,Basecamp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""basecamp.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/basecamp_network_sigma.yml"", ""Description"": ""Detects potential network activity of Basecamp RMM tool""}]",basecamp.com - No specific RMM tool listed,[]
+Ultra VNC,,Ultra VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\uvnc bvba\UltraVNC\*, *\uvnc bvba\UltraVNC\*, *\UVNC_Launch.exe, *\winvnc.exe, *\vncviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultra_vnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ultra VNC RMM tool""}]",,[]
+BeamYourScreen,,BeamYourScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"beamyourscreen.exe, beamyourscreen-host.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""beamyourscreen.com"", ""*.beamyourscreen.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_network_sigma.yml"", ""Description"": ""Detects potential network activity of BeamYourScreen RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeamYourScreen RMM tool""}]",beamyourscreen redirects to https://www.mikogo.com/,[]
+Quick Assist,,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.support.services.microsoft.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Quick Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Quick Assist RMM tool""}]",,[]
 Netviewer,,Netviewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"netviewer*.exe, netviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""download.cnet.com/Net-Viewer/3000-2370_4-10034828.html""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of Netviewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Netviewer RMM tool""}]",,[]
-ConnectWise Control,,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"connectwisechat-customer.exe, connectwisecontrol.client.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""control.connectwise.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of ConnectWise Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ConnectWise Control RMM tool""}]",,[]
-ExtraPuTTY,,ExtraPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\ExtraPuTTY-0.30-2016-01-28-installer.exe, *Users\*\ExtraPuTTY-0.30-2016-01-28-installer.exe, *\ExtraPuTTY-0.30-2016-01-28-installer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/extraputty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ExtraPuTTY RMM tool""}]",,[]
-FleetDeck,,FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,fleetdeck_agent_svc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDeck RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDeck RMM tool""}]",,[]
-HelpU,,HelpU is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"helpu_install.exe, HelpuUpdater.exe, HelpuManager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""helpu.co.kr"", ""*.helpu.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_network_sigma.yml"", ""Description"": ""Detects potential network activity of HelpU RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of HelpU RMM tool""}]",https://helpu.co.kr/,[]
-ESET Remote Administrator,,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"einstaller.exe, era.exe, ERAAgent.exe, ezhelp*.exe, eratool.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""eset.com/me/business/remote-management/remote-administrator/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_network_sigma.yml"", ""Description"": ""Detects potential network activity of ESET Remote Administrator RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ESET Remote Administrator RMM tool""}]",eset.com/me/business/remote-management/remote-administrator/,[]
+RemoteCall,,RemoteCall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rcengmgru.exe, rcmgrsvc.exe, rxstartsupport.exe, rcstartsupport.exe, raautoup.exe, agentu.exe, remotesupportplayeru.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.remotecall.com"", ""*.startsupport.com"", ""remotecall.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotecall_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemoteCall RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotecall_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemoteCall RMM tool""}]",https://help.remotecall.com/hc/en-us/articles/360005128814--RemoteCall-Server-List-For-Firewall,[]
+ISL Online,,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"*\ISLLight.exe, isllight.exe, ISLLightClient.exe, C:\Program Files (x86)\ISL Online\ISL Light*, *\ISL Online\ISL Light*, ISLLight.exe, isllightservice.exe, islalwaysonmonitor.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.islonline.com"", ""*.islonline.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml"", ""Description"": ""Detects potential network activity of ISL Online RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ISL Online RMM tool""}]",https://help.islonline.com/19818/165940,[]
+Kabuto,,Kabuto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,Kabuto.App.Runner.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.kabuto.io"", ""repairtechsolutions.com/kabuto/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kabuto_network_sigma.yml"", ""Description"": ""Detects potential network activity of Kabuto RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kabuto_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Kabuto RMM tool""}]",https://www.repairtechsolutions.com/documentation/kabuto/,[]
+N-Able Advanced Monitoring Agent,,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Agent_*_RW.exe, BASEClient.exe, BASupApp.exe, BASupSrvc.exe, BASupSrvcCnfg.exe, BASupTSHelper.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*remote.management"", ""*.logicnow.com"", ""*systemmonitor.us"", ""*systemmonitor.eu.com"", ""*system-monitor.com"", ""systemmonitor.us.cdn.cloudflare.net"", ""*cloudbackup.management"", ""*systemmonitor.co.uk"", ""*.n-able.com"", ""*.beanywhere.com "", ""*.swi-tc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_network_sigma.yml"", ""Description"": ""Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool""}]",https://documentation.n-able.com/takecontrol/troubleshooting/Content/kb/Take-Control-Standalone-Ports-and-Domains-Firewall-and-AV-Exclusions.htm,[]
+GoTo Opener,,GoTo Opener is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\GoTo Opener, *\GoTo Opener","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Remcos,,Remcos is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,remcos*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remcos_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remcos RMM tool""}]",,[]
+HelpBeam,,HelpBeam is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,helpbeam*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""helpbeam.software.informer.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpbeam_network_sigma.yml"", ""Description"": ""Detects potential network activity of HelpBeam RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpbeam_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of HelpBeam RMM tool""}]",https://www.helpbeam.com domain for sale in 2024,[]
+LiteManager,,LiteManager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"lmnoipserver.exe, ROMFUSClient.exe, romfusclient.exe, romviewer.exe, romserver.exe, ROMServer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.litemanager.ru"", ""*.litemanager.com"", ""litemanager.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_network_sigma.yml"", ""Description"": ""Detects potential network activity of LiteManager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LiteManager RMM tool""}]",https://www.litemanager.com/articles/LiteManager_remote_access_to_a_desktop_via_the_Internet_or_LAN/,[]
+Alpemix,,"Alpemix is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.
+",Nasreddine Bencherchali,2024-08-05,2024-08-05,https://www.alpemix.com/en/Home,Alpemix.exe,Alpemix,Alpemix,Alpemix,,,,"Windows, Linux, Android, Mac, IOS","5 Different Solutions for Remote Support, Access to Unattended Computers, Access to User Account Control (UAC) Screens, Add Your Own Logo, Auto Sizing, Automatic Update, Clipboard Transfer, Computer Independent Licensing, Contact List and Groups, Encrypted Communication, External Communication Barrier, File Transfer, Instant Messaging, Multi-Platform Support, Multiple Chat, Multiple Connections, No Port Forwarding Required, Peer to Peer Connection (p2p), Receiving Offline Message, Remote Restart, ReportingRestricting The Authority, Screen Sharing, Sending Announcement Message, Sharing a certain part of the screen, Video Recording, Voice Communication, Who is currently supporting?, Working in Black Screen Mode",,"C:\AlpemixService.exe, C:\AlpemixSrvc\","{""Disk"": [{""File"": ""%localappdata%\\Alpemix\\Alpemix.ini"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""AlpemixSrvc"", ""ImagePath"": ""*\\Alpemix.exe servicestartxxx"", ""Description"": ""Service installation event as result of Alpemix installation.""}], ""Registry"": [{""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\AlpemixSrvcx"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.alpemix.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.teknopars.com""], ""Ports"": [80]}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Alpemix RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_network_sigma.yml"", ""Description"": ""Detects potential network activity of Alpemix RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_files_sigma.yml"", ""Description"": ""Detects potential files activity of Alpemix RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Alpemix RMM tool""}]",https://www.alpemix.com/en/remote-access,"[{""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]"
+Xpra,,Xpra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Xpra\*, *\Xpra\*, *\Xpra-Launcher.exe, *\Xpra-x86_64_Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xpra_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Xpra RMM tool""}]",,[]
+CloudMounter,,CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\CloudMounter\*, *\CloudMounter\*, *\CloudMounter\*, *\cloudmounter.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudmounter_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudMounter RMM tool""}]",,[]
+Panorama9,,Panorama9 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,p9agent*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""trusted.panorama9.com"", ""changes.panorama9.com"", ""panorama9.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_network_sigma.yml"", ""Description"": ""Detects potential network activity of Panorama9 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Panorama9 RMM tool""}]",https://support.panorama9.com/en/articles/1859605-what-ports-and-hosts-does-the-p9-agent-communicate-with,[]
+Any Support,,Any Support is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/27/2024,,,,,,,,,,,,ManualLauncher.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.anysupport.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_network_sigma.yml"", ""Description"": ""Detects potential network activity of Any Support RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Any Support RMM tool""}]",https://www.anysupport.net/introduce_howto.php,[]
+Remobo,,Remobo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"remobo.exe, remobo_client.exe, remobo_tracker.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""remobo.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remobo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remobo RMM tool""}]",https://www.remobo.com - DOA as of 2024,[]
+CloudBerry Explorer,,CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\CloudBerryLab\CloudBerry Drive\*, *\CloudBerryLab\CloudBerry Drive\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+KickIdler,,KickIdler is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"grabberEM.*msi, grabberTT*.msi","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""kickidler.com"", ""my.kickidler.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kickidler_network_sigma.yml"", ""Description"": ""Detects potential network activity of KickIdler RMM tool""}]",https://www.kickidler.com/for-it/faq/,[]
+Rocket Remote Desktop,,Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"RDConsole.exe, RocketRemoteDesktop_Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rocket_remote_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Rocket Remote Desktop RMM tool""}]",,[]
+DW Service,,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"dwagent.exe, dwagsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.dwservice.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml"", ""Description"": ""Detects potential network activity of DW Service RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DW Service RMM tool""}]",https://news.dwservice.net/dwservice-security-infrastructure/,[]
+Terminals,,Terminals is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Core FTP,,Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\coreftplite.exe, *\coreftplite.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/core_ftp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Core FTP RMM tool""}]",,[]
+Echoware,,Echoware is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"echoserver*.exe, echoware.dll","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/echoware_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Echoware RMM tool""}]",,[]
 ToDesk,,ToDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"todesk.exe, ToDesk_Service.exe, ToDesk_Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""todesk.com"", ""*.todesk.com"", ""*.todesk.com"", ""todesktop.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/todesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of ToDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/todesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ToDesk RMM tool""}]",https://www.todesk.com/,[]
-Distant Desktop,,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"ddsystem.exe, dd.exe, distant-desktop.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.distantdesktop.com"", ""*signalserver.xyz""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Distant Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Distant Desktop RMM tool""}]",https://www.distantdesktop.com/manual/first-start.htm,[]
-RAdmin,,"RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.
-",Nasreddine Bencherchali,2024-08-05,2024-08-05,https://www.radmin.com/,RServer3.exe,RServer3.exe,Radmin Server,Radmin Server,,,,Windows,,,"C:\Program Files (x86)\Radmin Viewer 3\Radmin.exe, C:\Windows\SysWOW64\rserver30\rserver3.exe, C:\Windows\SysWOW64\rserver30\FamItrfc, C:\Windows\SysWOW64\rserver30\FamItrf2","{""Disk"": [{""File"": ""C:\\Windows\\SysWOW64\\rserver30\\Radm_log.htm"", ""Description"": ""RAdmin log file (32-bit)"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\System32\\rserver30\\Radm_log.htm"", ""Description"": ""RAdmin log file (64-bit)"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\System32\\rserver30\\CHATLOGS\\*\\*.htm"", ""Description"": ""RAdmin chat logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\Documents\\ChatLogs\\*\\*.htm"", ""Description"": ""RAdmin user chat logs"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [{""Path"": ""HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Radmin\\v3.0\\Server\\Parameters\\Radmin Security"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""radmin.com""], ""Ports"": [443]}]}","[{""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_pua_radmin.yml"", ""Description"": ""PUA - Radmin Viewer Utility Execution""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_registry_enumeration_for_credentials_cli.yml"", ""Description"": ""Enumeration for 3rd Party Creds From CLI""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of RAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_network_sigma.yml"", ""Description"": ""Detects potential network activity of RAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_files_sigma.yml"", ""Description"": ""Detects potential files activity of RAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RAdmin RMM tool""}]","https://radmin-club.com/radmin/how-to-establish-a-connection-outside-of-lan/, https://helpdesk.radmin.com/radmin3help/, https://helpdesk.radmin.com/radmin3help/files/viewercmd.htm, https://helpdesk.radmin.com/radmin3help/files/cmd.htm","[{""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]"
+aria2,,aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\ProgramData\CentraStage\AEMAgent\*, *ProgramData\CentraStage\AEMAgent\*, *\Steinberg\Download Assistant\3rd Party\optional\aria2\*, *\aria2c.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aria2_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of aria2 RMM tool""}]",,[]
+mstsc,,mstsc is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Windows\System32\mstsc.exe, *Windows\System32\mstsc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mstsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of mstsc RMM tool""}]",,[]
+RemotePC,,RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"C:\Program Files (x86)\RemotePC\*, Idrive.File-Transfer, *\RemotePC\*, remotepcservice.exe, RemotePC.exe, remotepchost.exe, idrive.RemotePCAgent, rpcsuite.exe, *\RemotePCService.exe, RemotePCService.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.remotedesktop.com"", ""*.remotepc.com"", ""www.remotepc.com"", ""remotepc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemotePC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemotePC RMM tool""}]",https://www.remotedesktop.com/helpdesk/faq-firewall,[]
+Raidrive,,Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\OpenBoxLab\RaiDrive\*, *\OpenBoxLab\RaiDrive\*, service = raidrive_*, Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenBoxLab\RaiDrive\Drives","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+UltraViewer,,UltraViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"UltraViewer_Service.exe, UltraViewer_setup*, UltraViewer_Desktop.exe, ultraviewer.exe, C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe, *\UltraViewer\, *\UltraViewer_Desktop.exe, ultraviewer_desktop.exe, ultraviewer_service.exe, UltraViewer_Desktop.exe, UltraViewer_setup*, UltraViewer_Service.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""* .ultraviewer.net"", ""ultraviewer.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of UltraViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of UltraViewer RMM tool""}]",https://www.ultraviewer.net/en/200000026-summary-of-ultraviewer-s-security-information.html,[]
+ManageEngine,,ManageEngine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"InstallShield Setup.exe, ManageEngine_Remote_Access_Plus.exe, *\dcagentservice.exe, C:\Program Files (x86)\DesktopCentral_Agent\bin\*, *\DesktopCentral_Agent\bin\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ManageEngine RMM tool""}]",,[]
+Anyplace Control,,Anyplace Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,apc_host.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""anyplace-control.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of Anyplace Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Anyplace Control RMM tool""}]",http://www.anyplace-control.com/anyplace-control/help/faq.htm,[]
+Microsoft Quick Assist,,Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Microsoft Quick Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft Quick Assist RMM tool""}]",https://support.microsoft.com/en-us/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca,[]
 CrossLoop,,CrossLoop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"crossloopservice.exe, CrossLoopConnect.exe, WinVNCStub.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.crossloop.com"", ""crossloop.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crossloop_network_sigma.yml"", ""Description"": ""Detects potential network activity of CrossLoop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crossloop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CrossLoop RMM tool""}]",www.CrossLoop.com -> redirects to avast.com,[]
-Centurion,,Centurion is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,ctiserv.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""centuriontech.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centurion_network_sigma.yml"", ""Description"": ""Detects potential network activity of Centurion RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centurion_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Centurion RMM tool""}]",https://data443.atlassian.net/servicedesk/customer/portal/20,[]
-KickIdler,,KickIdler is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"grabberEM.*msi, grabberTT*.msi","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""kickidler.com"", ""my.kickidler.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kickidler_network_sigma.yml"", ""Description"": ""Detects potential network activity of KickIdler RMM tool""}]",https://www.kickidler.com/for-it/faq/,[]
-Syncro,,Syncro is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/13/2024,,,,,,,,,,,,"Syncro.Installer.exe, Kabuto.App.Runner.exe, Syncro.Overmind.Service.exe, Kabuto.Installer.exe, KabutoSetup.exe, Syncro.Service.exe, Kabuto.Service.Runner.exe, Syncro.App.Runner.exe, SyncroLive.Service.exe, SyncroLive.Agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""kabuto.io"", ""*.syncromsp.com"", ""*.syncroapi.com"", ""syncromsp.com"", ""servably.com"", ""ld.aurelius.host"", ""app.kabuto.io "", ""*.kabutoservices.com"", ""repairshopr.com"", ""kabutoservices.com"", ""attachments.servably.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncro_network_sigma.yml"", ""Description"": ""Detects potential network activity of Syncro RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncro_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Syncro RMM tool""}]",https://community.syncromsp.com/t/syncro-exceptions-and-allowlists/2004,[]
-AweRay,,AweRay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"aweray_remote*.exe, AweSun.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""asapi*.aweray.net"", ""client-api.aweray.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray_network_sigma.yml"", ""Description"": ""Detects potential network activity of AweRay RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AweRay RMM tool""}]",https://sun.aweray.com/help,[]
-SunLogin,,SunLogin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"OrayRemoteShell.exe, OrayRemoteService.exe, sunlogin*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""sunlogin.oray.com"", ""client.oray.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sunlogin_network_sigma.yml"", ""Description"": ""Detects potential network activity of SunLogin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sunlogin_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SunLogin RMM tool""}]",https://sunlogin.oray.com/en/embed/software.html,[]
-Koofr,,Koofr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-SysAid,,SysAid is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\SysAidServer\*, *\SysAidServer\*, *\SysAid\*, *\IliAS.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sysaid_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SysAid RMM tool""}]",,[]
-Neturo,,Neturo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"neturo*.exe, ntrntservice.exe, neturo.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""neturo.uplus.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/neturo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Neturo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/neturo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Neturo RMM tool""}]","Obscure, located an older copy here: http://www.iconpos.com/pos/home/iconpos/bbs.php?id=file&q=view&uid=2",[]
-SmarTTY,,SmarTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"c:\Program Files (x86)\Sysprogs\SmarTTY\*, *\Sysprogs\SmarTTY\*, *\SmarTTY.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/smartty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SmarTTY RMM tool""}]",,[]
-Impero Connect,,Impero Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,ImperoClientSVC.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""imperosoftware.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of Impero Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Impero Connect RMM tool""}]",,[]
 247ithelp.com (ConnectWise),,247ithelp.com (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,Remote Workforce Client.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.247ithelp.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/247ithelp.com__connectwise__network_sigma.yml"", ""Description"": ""Detects potential network activity of 247ithelp.com (ConnectWise) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/247ithelp.com__connectwise__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of 247ithelp.com (ConnectWise) RMM tool""}]",Similar / replaced by ScreenConnect,[]
-Remobo,,Remobo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"remobo.exe, remobo_client.exe, remobo_tracker.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""remobo.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remobo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remobo RMM tool""}]",https://www.remobo.com - DOA as of 2024,[]
-CloudFuze,,CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Quick Assist,,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Quick Assist RMM tool""}]",,[]
+GoodSync,,GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"installation requires paid version of GoodSync Server, installation requires paid version of GoodSync Server, GoodSync-vsub-Setup.exe, A40B81B36CDC2D24910FC58816E50DCDE21BD1A9","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goodsync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GoodSync RMM tool""}]",,[]
+FastViewer,,FastViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"fastclient.exe, fastmaster.exe, FastViewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fastviewer.com"", ""fastviewer.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of FastViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FastViewer RMM tool""}]",https://fastviewer.com/demo/EN_FastViewer_Server%20Installation%20Configuration.pdf,[]
+SmarTTY,,SmarTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"c:\Program Files (x86)\Sysprogs\SmarTTY\*, *\Sysprogs\SmarTTY\*, *\SmarTTY.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/smartty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SmarTTY RMM tool""}]",,[]
+ConnectWise Control,,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"screenconnect.clientservice.exe, connectwisecontrol.client.exe, screenconnect.windowsclient.exe, connectwisechat-customer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""live.screenconnect.com"", ""control.connectwise.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of ConnectWise Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ConnectWise Control RMM tool""}]",,[]
+CloudBuckIt,,CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\CloudBuckIt\*, *\CloudBuckIt\*, *\CloudBuckIt*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudbuckit_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudBuckIt RMM tool""}]",,[]
+OptiTune,,OptiTune is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"OTService.exe, OTPowerShell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.optitune.us"", ""*.opti-tune.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/optitune_network_sigma.yml"", ""Description"": ""Detects potential network activity of OptiTune RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/optitune_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of OptiTune RMM tool""}]",https://www.bravurasoftware.com/optitune/support/faq.aspx,[]
+Visual Studio Dev Tunnel,,Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""global.rel.tunnels.api.visualstudio.com"", ""*.rel.tunnels.api.visualstudio.com"", ""*.devtunnels.ms""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/visual_studio_dev_tunnel_network_sigma.yml"", ""Description"": ""Detects potential network activity of Visual Studio Dev Tunnel RMM tool""}]",https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/security,[]
+Devolutions Remote Desktop Manager,,Devolutions Remote Desktop Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Sorillus,,Sorillus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Sorillus-Launcher*.exe, Sorillus Launcher.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.sorillus.com"", ""sorillus.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_network_sigma.yml"", ""Description"": ""Detects potential network activity of Sorillus RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Sorillus RMM tool""}]",https://sorillus.com/,[]
+BeInSync,,BeInSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,Beinsync*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.beinsync.net"", ""*.beinsync.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_network_sigma.yml"", ""Description"": ""Detects potential network activity of BeInSync RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeInSync RMM tool""}]",https://en.wikipedia.org/wiki/Phoenix_Technologies,[]
 Free Tools Launcher,,Free Tools Launcher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\ManageEngine\ManageEngine Free Tools\Launcher\*, *\ManageEngine\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Echoware,,Echoware is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"echoserver*.exe, echoware.dll","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/echoware_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Echoware RMM tool""}]",,[]
-Zoho Assist,,Zoho Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"zaservice.exe, ZMAgent.exe, C:\*\ZA_Access.exe, ZohoMeeting.exe, Zohours.exe, zohotray.exe, ZohoURSService.exe, *\ZA_Access.exe, Zaservice.exe, za_connect.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.zoho.com.au"", ""*.zohoassist.jp"", ""assist.zoho.com"", ""zoho.com/assist/"", ""*.zoho.in"", ""downloads.zohodl.com.cn"", ""*.zohoassist.com"", ""downloads.zohocdn.com"", ""gateway.zohoassist.com"", ""*.zohoassist.com.cn"", ""*.zoho.com.cn"", ""*.zoho.com"", ""*.zoho.eu""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Zoho Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Zoho Assist RMM tool""}]",https://www.zoho.com/assist/kb/firewall-configuration.html,[]
-KiTTY,,KiTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\kitty.exe, *\kitty.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kitty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of KiTTY RMM tool""}]",,[]
-Proton Drive,,Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-SimpleHelp,,SimpleHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"simplehelpcustomer.exe, simpleservice.exe, simplegatewayservice.exe, remote access.exe, windowslauncher.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""simple-help.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_network_sigma.yml"", ""Description"": ""Detects potential network activity of SimpleHelp RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SimpleHelp RMM tool""}]",https://simple-help.com/remote-support,[]
-CloudFlare Tunnel,,CloudFlare Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,cloudflared.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""cloudflare.com/products/tunnel/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_network_sigma.yml"", ""Description"": ""Detects potential network activity of CloudFlare Tunnel RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudFlare Tunnel RMM tool""}]",cloudflare.com/products/tunnel/,[]
-GoTo Opener,,GoTo Opener is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\GoTo Opener, *\GoTo Opener","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Pcvisit,,Pcvisit is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pcvisit.exe, pcvisit_client.exe, pcvisit-easysupport.exe, pcvisit_service_client.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.pcvisit.de"", ""pcvisit.de""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pcvisit RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pcvisit RMM tool""}]",https://www.pcvisit.de/,[]
-Mocha VNC Lite,,Mocha VNC Lite is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"This installs a modified VNC and cannot be blocked by path separate from VNC, This installs a modified VNC and cannot be blocked by path separate from VNC, *\RealVNC\VNC4\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Laplink Gold,,Laplink Gold is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"tsircusr.exe, laplink.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""wen.laplink.com/product/laplink-gold""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_network_sigma.yml"", ""Description"": ""Detects potential network activity of Laplink Gold RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Laplink Gold RMM tool""}]",wen.laplink.com/product/laplink-gold,[]
-Cyberduck,,Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Cyberduck\*, *\Cyberduck\*, *\Cyberduck.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cyberduck_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Cyberduck RMM tool""}]",,[]
-Iperius Remote,,Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"iperius.exe, iperiusremote.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.iperiusremote.com"", ""*.iperius.com"", ""*.iperius-rs.com"", ""iperiusremote.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_network_sigma.yml"", ""Description"": ""Detects potential network activity of Iperius Remote RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Iperius Remote RMM tool""}]",https://www.iperiusremote.com/download-iperius-remote-desktop-windows.aspx,[]
-BeamYourScreen,,BeamYourScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"beamyourscreen.exe, beamyourscreen-host.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""beamyourscreen.com"", ""*.beamyourscreen.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_network_sigma.yml"", ""Description"": ""Detects potential network activity of BeamYourScreen RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeamYourScreen RMM tool""}]",beamyourscreen redirects to https://www.mikogo.com/,[]
-TeleDesktop,,TeleDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"pstlaunch.exe, ptdskclient.exe, ptdskhost.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""tele-desk.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of TeleDesktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TeleDesktop RMM tool""}]",http://potomacsoft.com/ - DOA as of 2024,[]
-Parallels Access,,Parallels Access is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"parallelsaccess-*.exe, TSClient.exe, prl_deskctl_agent.exe, prl_deskctl_wizard.exe, prl_pm_service.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.parallels.com"", ""parallels.com/products/ras/try""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_network_sigma.yml"", ""Description"": ""Detects potential network activity of Parallels Access RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Parallels Access RMM tool""}]",https://kb.parallels.com/en/129097,[]
-Basecamp,,Basecamp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""basecamp.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/basecamp_network_sigma.yml"", ""Description"": ""Detects potential network activity of Basecamp RMM tool""}]",basecamp.com - No specific RMM tool listed,[]
-Weezo,,Weezo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"weezohttpd.exe, weezo.exe, weezo setup*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.weezo.me"", ""weezo.net"", ""*.weezo.net"", ""weezo.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Weezo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Weezo RMM tool""}]",weezo.en.softonic.com,[]
-X2Go,,X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Centurion,,Centurion is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,ctiserv.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""centuriontech.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centurion_network_sigma.yml"", ""Description"": ""Detects potential network activity of Centurion RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centurion_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Centurion RMM tool""}]",https://data443.atlassian.net/servicedesk/customer/portal/20,[]
 DriveMaker,,DriveMaker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\DriveMaker.exe, *\DriveMaker.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/drivemaker_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DriveMaker RMM tool""}]",,[]
-Dev Tunnels (aka Visual Studio Dev Tunnel),,Dev Tunnels (aka Visual Studio Dev Tunnel) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.yml"", ""Description"": ""Detects potential network activity of Dev Tunnels (aka Visual Studio Dev Tunnel) RMM tool""}]",,[]
-Connectwise Automate (LabTech),,Connectwise Automate (LabTech) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"ltsvc.exe, ltsvcmon.exe, lttray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.hostedrmm.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__network_sigma.yml"", ""Description"": ""Detects potential network activity of Connectwise Automate (LabTech) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Connectwise Automate (LabTech) RMM tool""}]",https://www.connectwise.com/company/announcements/labtech-now-connectwise-automate,[]
-Splashtop (Beta),,Splashtop (Beta) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"SRServer.exe, SplashtopSOS.exe, Splashtop_Streamer_Windows*.exe, SRManager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""splashtop.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__network_sigma.yml"", ""Description"": ""Detects potential network activity of Splashtop (Beta) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Splashtop (Beta) RMM tool""}]",,[]
-Google Drive,,Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Google\Drive File Stream\*, *\Google\Drive File Stream\*, *Users\*\AppData\*\Google\DriveFS*, G:\My Drive*, *\GoogleDriveFS.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/google_drive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Google Drive RMM tool""}]",,[]
-Netop,,Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Danware Data\NetOp Packn Deploy\*, *\Danware Data\NetOp Packn Deploy\*, *\Netop Remote Control\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Kaseya (VSA),,"Kaseya (VSA) aka Unigma is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.
-",Nasreddine Bencherchali,2024-08-05,2024-08-05,,agentmon.exe,,,,,,,,,,"C:\Program Files (x86)\Kaseya\, C:\ProgramData\Kaseya\","{""Disk"": [{""File"": ""%localappdata%\\Kaseya\\Log\\KaseyaLiveConnect\\*"", ""Description"": ""Kaseya Live Connect logs"", ""OS"": ""Windows""}, {""File"": ""~/Library/Logs/com.kaseya/KaseyaLiveConnect/*"", ""Description"": ""Kaseya Live Connect logs"", ""OS"": ""MacOS""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\Endpoint\\*"", ""Description"": ""Kaseya Endpoint logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files*\\Kaseya\\*\\agentmon.log"", ""Description"": ""Kaseya Agent Monitor log""}, {""File"": ""/var/log/system.log"", ""Description"": ""Kaseya Agent Monitor log"", ""OS"": ""MacOS 32bit""}, {""File"": "" ~/opt/kaseya/*/logs*"", ""Description"": ""Kaseya Agent Monitor log"", ""OS"": ""MacOS 64bit""}, {""File"": ""C:\\Users\\*\\AppData\\Local\\Temp\\KASetup.log"", ""Description"": ""Kaseya Setup log in user temp directory"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Temp\\KASetup.log"", ""Description"": ""Kaseya Setup log in Windows temp directory"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\KaseyaEdgeServices\\*"", ""Description"": ""Kaseya Edge Services logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\api\\v1.0\\logs\\"", ""Description"": ""Kaseya API logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\api\\v1.5\\endpoint\\logs"", ""Description"": ""Kaseya API logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\api\\v1.5\\endpoints\\logs"", ""Description"": ""Kaseya API logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Kaseya\\Log\\MakeSelfSignedCert.exe\\"", ""Description"": ""Certificate creation"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\WebPages\\install\\makecert.txt"", ""Description"": ""Certificate creation"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\KaseyaEndpoint*"", ""Description"": ""Endpoint service logs"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\Session_*"", ""Description"": ""Session logs"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""deploy01.kaseya.com"", ""*managedsupport.kaseya.net"", ""*.kaseya.net"", ""kaseya.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__network_sigma.yml"", ""Description"": ""Detects potential network activity of Kaseya (VSA) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__files_sigma.yml"", ""Description"": ""Detects potential files activity of Kaseya (VSA) RMM tool""}]","https://helpdesk.kaseya.com/hc/en-gb/articles/229012608-Software-Deployment-URL-Port-Requirements, https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations, https://ruler-project.github.io/ruler-project/RULER/remote/Kaseya/, https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations",[]
-HelpBeam,,HelpBeam is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,helpbeam*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""helpbeam.software.informer.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpbeam_network_sigma.yml"", ""Description"": ""Detects potential network activity of HelpBeam RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpbeam_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of HelpBeam RMM tool""}]",https://www.helpbeam.com domain for sale in 2024,[]
-Quest KACE Agent (formerly Dell KACE),,Quest KACE Agent (formerly Dell KACE) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,konea.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.kace.com"", ""www.quest.com/kace/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quest_kace_agent__formerly_dell_kace__network_sigma.yml"", ""Description"": ""Detects potential network activity of Quest KACE Agent (formerly Dell KACE) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quest_kace_agent__formerly_dell_kace__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Quest KACE Agent (formerly Dell KACE) RMM tool""}]",https://support.quest.com/kb/4211365/which-network-ports-and-urls-are-required-for-the-kace-sma-appliance-to-function,[]
-DeskShare,,DeskShare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"TeamTaskManager.exe, DSGuest.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskshare_network_sigma.yml"", ""Description"": ""Detects potential network activity of DeskShare RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskshare_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DeskShare RMM tool""}]",https://www.deskshare.com/help/fml/Active-and-Passive-connection-mode.aspx,[]
-rdpwrap,,rdpwrap is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"RDPWInst.exe, RDPCheck.exe, RDPConf.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""github.com/stascorp/rdpwrap""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_network_sigma.yml"", ""Description"": ""Detects potential network activity of rdpwrap RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of rdpwrap RMM tool""}]",github.com/stascorp/rdpwrap,[]
-Total Software Deployment,,Total Software Deployment is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\ProgramData\Total Software Deployment\*, *\Total Software Deployment\*, *\tniwinagent.exe, *\Tsdservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/total_software_deployment_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Total Software Deployment RMM tool""}]",,[]
-PuTTY,,PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-FixMe.it,,FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"FixMeit Unattended Access Setup.exe, TiExpertStandalone.exe, FixMeitClient*.exe, FixMeit Client.exe, FixMeit Expert Setup.exe, TiExpertCore.exe, fixmeitclient.exe, TiClientCore.exe, TiClientHelper*.exe, no installation required | recommend blocking fixme[.]it SaaS portal, no installation required | recommend blocking fixme[.]it SaaS portal, 9380CC75B872221A7425D7503565B67580407F60","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fixme.it"", ""*.techinline.net"", ""fixme.it"", ""*set.me"", ""*setme.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_network_sigma.yml"", ""Description"": ""Detects potential network activity of FixMe.it RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FixMe.it RMM tool""}]",https://docs.fixme.it/general-questions/which-ports-and-servers-does-fixme-it-use,[]
-RDPView,,RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,dwrcs.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""systemmanager.ru/dntu.en/rdp_view.htm""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_network_sigma.yml"", ""Description"": ""Detects potential network activity of RDPView RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RDPView RMM tool""}]",systemmanager.ru/dntu.en/rdp_view.htm - Same as Damware,[]
-Fortra,,Fortra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fortra.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fortra_network_sigma.yml"", ""Description"": ""Detects potential network activity of Fortra RMM tool""}]",https://www.fortra.com - No free/cloud RMM softwars listed,[]
-ISL Light,,ISL Light is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"islalwaysonmonitor.exe, isllight.exe, isllightservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""islonline.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_network_sigma.yml"", ""Description"": ""Detects potential network activity of ISL Light RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ISL Light RMM tool""}]",,[]
-Pocket Controller (Soti Xsight),,Pocket Controller (Soti Xsight) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pocketcontroller.exe, wysebrowser.exe, XSightService.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*soti.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__network_sigma.yml"", ""Description"": ""Detects potential network activity of Pocket Controller (Soti Xsight) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pocket Controller (Soti Xsight) RMM tool""}]",https://pulse.soti.net/support/soti-xsight/help/,[]
-GatherPlace-desktop sharing,,GatherPlace-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"gp3.exe, gp4.exe, gp5.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.gatherplace.com"", ""*.gatherplace.net"", ""gatherplace.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_network_sigma.yml"", ""Description"": ""Detects potential network activity of GatherPlace-desktop sharing RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GatherPlace-desktop sharing RMM tool""}]",https://www.gatherplace.com/kb?id=136377,[]
-Electric,,Electric is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""electric.ai""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml"", ""Description"": ""Detects potential network activity of Electric RMM tool""}]",,[]
-Site24x7,,Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/13/2024,,,,,,,,,,,,"MEAgentHelper.exe, MonitoringAgent.exe, Site24x7WindowsAgentTrayIcon.exe, Site24x7PluginAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""plus*.site24x7.com"", ""plus*.site24x7.eu"", ""plus*.site24x7.in"", ""plus*.site24x7.cn"", ""plus*.site24x7.net.au"", ""site24x7.com/msp""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_network_sigma.yml"", ""Description"": ""Detects potential network activity of Site24x7 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Site24x7 RMM tool""}]",https://support.site24x7.com/portal/en/kb/articles/which-ports-do-i-need-to-allow-access-in-my-firewall-to-use-site24x7-agent,[]
-MeshCentral,,MeshCentral is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"meshcentral*.exe, mesh*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""meshcentral.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_network_sigma.yml"", ""Description"": ""Detects potential network activity of MeshCentral RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MeshCentral RMM tool""}]",https://ylianst.github.io/MeshCentral/meshcentral/,[]
-MSP360,,MSP360 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Online Backup.exe, CBBackupPlan.exe, Cloud.Backup.Scheduler.exe, Cloud.Backup.RM.Service.exe, cbb.exe, CloudRaService.exe, CloudRaSd.exe, CloudRaCmd.exe, CloudRaUtilities.exe, Remote Desktop.exe, Connect.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.cloudberrylab.com"", ""*.msp360.com"", ""*.mspbackups.com"", ""msp360.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_network_sigma.yml"", ""Description"": ""Detects potential network activity of MSP360 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MSP360 RMM tool""}]",https://kb.msp360.com/managed-backup-service/mbs-tcp-ports-configuration#,[]
-ScreenConnect,,ScreenConnect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,"Ali Alwashali, Nasreddine Bencherchali",2023-10-01,2024-08-03,https://www.connectwise.com,,,,,,14-Days Free Trial,,"Android, IOS, Linux, Mac, Windows","Command Line Support, File Transfer, Install Windows updates, Receive notification when user performs a predefined event, Remote Command Line, Remote Control, Sound Capture, Start / Stop services, View event logs",,"C:\Program Files (x86)\ScreenConnect Client (Random)\ScreenConnect.ClientService.exe, Remote Workforce Client.exe, *\*\ScreenConnect.ClientService.exe, C:\Program Files (x86)\ScreenConnect Client (<string ID>)\*, *\ScreenConnect Client*\*, *\*\ScreenConnect.WindowsClient.exe, screenconnect*.exe, screenconnect.windowsclient.exe, Remote Workforce Client.exe, screenconnect*.exe, ConnectWiseControl*.exe, connectwise*.exe, screenconnect.windowsclient.exe, screenconnect.clientservice.exe","{""Disk"": [{""File"": ""C:\\Program Files*\\ScreenConnect\\App_Data\\Session.db"", ""Description"": ""ScreenConnect session database"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files*\\ScreenConnect\\App_Data\\User.xml"", ""Description"": ""ScreenConnect user configuration"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\ScreenConnect Client*\\user.config"", ""Description"": ""ScreenConnect client user configuration"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""control.connectwise.com"", ""*.connectwise.com"", ""*.screenconnect.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_network_sigma.yml"", ""Description"": ""Detects potential network activity of ScreenConnect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_files_sigma.yml"", ""Description"": ""Detects potential files activity of ScreenConnect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ScreenConnect RMM tool""}]",https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,[]
-Microsoft TSC,,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,termsrv.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft TSC RMM tool""}]",https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application,[]
-Tanium,,Tanium is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"TaniumClient.exe, TaniumCX.exe, TaniumExecWrapper.exe, TaniumFileInfo.exe, TPowerShell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""cloud.tanium.com"", ""*.cloud.tanium.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tanium RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Tanium RMM tool""}]",https://help.tanium.com/bundle/ug_client_cloud/page/client/platform_connections.html,[]
-Ultra VNC,,Ultra VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\uvnc bvba\UltraVNC\*, *\uvnc bvba\UltraVNC\*, *\UVNC_Launch.exe, *\winvnc.exe, *\vncviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultra_vnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ultra VNC RMM tool""}]",,[]
-Remote Manipulator System,,Remote Manipulator System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rfusclient.exe, rutserv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.internetid.ru"", ""rmansys.ru""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote Manipulator System RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote Manipulator System RMM tool""}]",https://rmansys.ru/files/,[]
-Domotz,,Domotz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"domotz.exe, Domotz Pro Desktop App.exe, domotz_bash.exe, domotz*.exe, Domotz Pro Desktop App Setup*.exe, domotz-windows*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.domotz.co"", ""domotz.com"", ""*cell-1.domotz.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_network_sigma.yml"", ""Description"": ""Detects potential network activity of Domotz RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Domotz RMM tool""}]",https://help.domotz.com/tips-tricks/unblock-outgoing-connections-on-firewall/,[]
-FixMe,,FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"FixMeit Client.exe, TiExpertStandalone.exe, FixMeitClient*.exe, TiExpertCore.exe, FixMeit Unattended Access Setup.exe, FixMeit Expert Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fixme.it""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_network_sigma.yml"", ""Description"": ""Detects potential network activity of FixMe RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FixMe RMM tool""}]",,[]
-rclone,,rclone is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"portable tool. No install path, portable tool. No install path, rclone*.zip, *\rclone.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rclone_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of rclone RMM tool""}]",,[]
-Tanium Deploy,,Tanium Deploy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""tanium.com/products/tanium-deploy""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_deploy_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tanium Deploy RMM tool""}]",,[]
-N-ABLE Remote Access Software,,N-ABLE Remote Access Software is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""n-able.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_remote_access_software_network_sigma.yml"", ""Description"": ""Detects potential network activity of N-ABLE Remote Access Software RMM tool""}]",,[]
-Quick Assist,,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.support.services.microsoft.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Quick Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Quick Assist RMM tool""}]",,[]
+SmartCode Web VNC,,SmartCode Web VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\TightVNC\*, *\TightVNC\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+TightVNC,,TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"tvnviewer.exe, TightVNCViewerPortable*.exe, tvnserver.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""tightvnc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of TightVNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TightVNC RMM tool""}]",https://www.tightvnc.com/doc/win/TightVNC_for_Windows-Installation_and_Getting_Started.pdf,[]
+Free Ping Tool,,Free Ping Tool is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"can't find this one, can't find this one","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Parallels Access,,Parallels Access is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"parallelsaccess-*.exe, TSClient.exe, prl_deskctl_agent.exe, prl_deskctl_wizard.exe, prl_pm_service.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.parallels.com"", ""parallels.com/products/ras/try""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_network_sigma.yml"", ""Description"": ""Detects potential network activity of Parallels Access RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Parallels Access RMM tool""}]",https://kb.parallels.com/en/129097,[]
 AnyViewer,,"AnyViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.
 ",@kostastsale,2024-08-03,2024-08-03,https://www.anyviewer.com/,AnyViewer.exe,AnyViewer,Splash Window,,System,up to 10 devices,None,Windows,"Remote desktop, Remote file transfer, Remote monitoring and management, Remote shell open",,C:\Program Files (x86)\AnyViewer\*,"{""Disk"": [], ""EventLog"": [{""EventID"": 4688, ""ProviderName"": ""Microsoft-Security-Auditing"", ""LogFile"": ""Security.evtx"", ""CommandLine"": ""\""C:\\\\Program Files (x86)\\\\AnyViewer\\\\AVCore.exe\"" -d"", ""Description"": ""Taking actions on the remote machine such as opening a command prompt.""}, {""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""RCService"", ""ImagePath"": ""C:\\\\Program Files (x86)\\\\AnyViewer\\\\RCService.exe"", ""Description"": ""AnyViewer service installation service.""}], ""Registry"": [], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.anyviewer.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.aomeisoftware.com""], ""Ports"": [443]}]}","[{""Name"": ""Arbitrary code execution and remote sessions via Action1 RMM"", ""Description"": ""Threat hunting rule for detecting the execution of arbitrary code and remote sessions via Action1 RMM"", ""author"": ""@kostastsale"", ""Link"": ""https://github.com/tsale/Sigma_rules/blob/main/Threat%20Hunting%20Queries/Anyviewer.yml""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of AnyViewer RMM tool""}]","https://www.anyviewer.com/how-to/how-to-open-firewall-ports-for-remote-desktop-0427-gc.html, https://www.anyviewer.com/help/remote-technical-support.html","[{""Person"": ""Kostas"", ""Handle"": ""@kostastsale""}]"
-Naverisk,,Naverisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,AgentSetup-*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""naverisk.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/naverisk_network_sigma.yml"", ""Description"": ""Detects potential network activity of Naverisk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/naverisk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Naverisk RMM tool""}]",http://kb.naverisk.com/en/articles/2811223-deploying-naverisk-agents,[]
-Addigy,,Addigy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/27/2024,,,,,,,,,,,,addigy-*.pkg,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""prod.addigy.com"", ""grtmprod.addigy.com"", ""agents.addigy.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/addigy_network_sigma.yml"", ""Description"": ""Detects potential network activity of Addigy RMM tool""}]",https://addigy.com/,[]
-Action1,,"Action1 is a powerful Remote Monitoring and Management(RMM) tool that enables users to execute commands, scripts, and binaries. 
-Through the web interface of action1, the administrator must create a new policy or an app to establish remote execution and then points that the agent is installed.
-",@kostastsale,2024-08-03,2024-08-03,https://www.action1.com/,action1_connector.exe,,,,SYSTEM,Yes,Corporate email required although temporary email services are accepted,Windows,"Backup and disaster recovery, Billing and invoicing, Customer portal, HelpDesk and ticketing, Mobile app, Network discovery, Patch management, Remote monitoring and management, Reporting and analytics",,C:\Windows\Action1\*,"{""Disk"": [{""File"": ""C:\\Windows\\Action1\\action1_agent.exe"", ""Description"": ""Action1 service binary"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Action1\\*"", ""Description"": ""Multiple files and binaries related to Action1 installation"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Action1\\scripts\\*"", ""Description"": ""Multiple scripts related to Action1 installation"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Action1\\rule_data\\*"", ""Description"": ""Files related to Action1 rules"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Action1\\action1_log_*.log"", ""Description"": ""Contains history, errors, system notifications. Incoming and outgoing connections."", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""Action1 Agent"", ""ImagePath"": ""\""C:\\\\Windows\\\\Action1\\\\action1_agent.exe\"""", ""Description"": ""Service installation event as result of Action1 installation.""}, {""EventID"": 4688, ""ProviderName"": ""Microsoft-Security-Auditing"", ""LogFile"": ""Security.evtx"", ""CommandLine"": ""C:\\Windows\\Action1\\action1_agent.exe service"", ""Description"": ""Service installation event as result of Action1 installation.""}, {""EventID"": 4688, ""ProviderName"": ""Microsoft-Security-Auditing"", ""LogFile"": ""Security.evtx"", ""CommandLine"": ""C:\\Windows\\Action1\\action1_agent.exe loggedonuser"", ""Description"": ""Executing command to get logged on user.""}], ""Registry"": [{""Path"": ""HKLM\\System\\CurrentControlSet\\Services\\A1Agent"", ""Description"": ""Service installation event as result of Action1 installation.""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps\\action1_agent.exe"", ""Description"": ""Ensures that detailed crash information is available for analysis, which aids in maintaining the stability and reliability of the software.""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Action1"", ""Description"": ""Storing its configuration settings and other relevant information""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.action1.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""a1-backend-packages.s3.amazonaws.com""], ""Ports"": [443]}]}","[{""Name"": ""Arbitrary code execution and remote sessions via Action1 RMM"", ""Description"": ""Threat hunting rule for detecting the execution of arbitrary code and remote sessions via Action1 RMM"", ""author"": ""@kostastsale"", ""Link"": ""https://github.com/tsale/Sigma_rules/blob/ea87e4fc851207ca0f002ec043624f2b3bf1b2da/Threat%20Hunting%20Queries/Action1_RMM.yml""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Action1 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_network_sigma.yml"", ""Description"": ""Detects potential network activity of Action1 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_files_sigma.yml"", ""Description"": ""Detects potential files activity of Action1 RMM tool""}]","https://www.action1.com/documentation/firewall-configuration/, https://www.action1.com/documentation/, https://twitter.com/Kostastsale/status/1646256901506605063?s=20, https://ruler-project.github.io/ruler-project/RULER/remote/Action1/","[{""Person"": ""Kostas"", ""Handle"": ""@kostastsale""}]"
-AliWangWang-remote-control,,AliWangWang-remote-control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,alitask.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""wangwang.taobao.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aliwangwang-remote-control_network_sigma.yml"", ""Description"": ""Detects potential network activity of AliWangWang-remote-control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aliwangwang-remote-control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AliWangWang-remote-control RMM tool""}]",https://github.com/KKomarov/AliWangWangEng/blob/master/chs.locale,[]
-FreeRDP,,FreeRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+LANDesk,,LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"issuser.exe, landeskagentbootstrap.exe, LANDeskPortalManager.exe, ldinv32.exe, ldsensors.exe, C:\Program Files (x86)\LANDesk\*, *\LANDesk\*, *\issuser.exe, *\softmon.exe, *\tmcsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ivanticloud.com"", ""*.ivanti.com"", ""ivanti.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of LANDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LANDesk RMM tool""}]",https://forums.ivanti.com/s/article/URL-exception-list-for-Ivanti-Security-Controls?language=en_US,[]
+Datto,,Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""datto.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/datto_network_sigma.yml"", ""Description"": ""Detects potential network activity of Datto RMM tool""}]",,[]
+ngrok,,ngrok is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"ngrok.exe, C:\*\ngrok.zip, *\ngrok*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ngrok.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_network_sigma.yml"", ""Description"": ""Detects potential network activity of ngrok RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ngrok RMM tool""}]",https://ngrok.com/docs/guides/running-behind-firewalls/,[]
+Chrome Remote Desktop,,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"remote_host.exe, remoting_host.exe, C:\Program Files (x86)\Google\Chrome Remote Desktop\*, *\Google\Chrome Remote Desktop\*, *\remoting_host.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*remotedesktop-pa.googleapis.com"", ""*remotedesktop.google.com"", ""remotedesktop.google.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Chrome Remote Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Chrome Remote Desktop RMM tool""}]",https://support.google.com/chrome/a/answer/2799701?hl=en,[]
+PuTTY,,PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Google Drive,,Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Google\Drive File Stream\*, *\Google\Drive File Stream\*, *Users\*\AppData\*\Google\DriveFS*, G:\My Drive*, *\GoogleDriveFS.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/google_drive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Google Drive RMM tool""}]",,[]
+SysAid,,SysAid is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\SysAidServer\*, *\SysAidServer\*, *\SysAid\*, *\IliAS.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sysaid_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SysAid RMM tool""}]",,[]
+ITSupport247 (ConnectWise),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,saazapsc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.itsupport247.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__network_sigma.yml"", ""Description"": ""Detects potential network activity of ITSupport247 (ConnectWise) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool""}]",https://control.itsupport247.net/,[]
+Cloud Explorer,,Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+ZOC,,ZOC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\ZOC8\*, *\ZOC?\*, *\zoc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ZOC RMM tool""}]",,[]
+Cloudsfer,,Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Pcvisit,,Pcvisit is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pcvisit.exe, pcvisit_client.exe, pcvisit-easysupport.exe, pcvisit_service_client.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.pcvisit.de"", ""pcvisit.de""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pcvisit RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pcvisit RMM tool""}]",https://www.pcvisit.de/,[]
+Instant Housecall,,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"hsloader.exe, ihcserver.exe, instanthousecall.exe, instanthousecall.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.instanthousecall.com"", ""*.instanthousecall.net"", ""instanthousecall.com"", ""secure.instanthousecall.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_network_sigma.yml"", ""Description"": ""Detects potential network activity of Instant Housecall RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Instant Housecall RMM tool""}]",https://instanthousecall.com/features/,[]
 MioNet (Also known as WD Anywhere Access),,MioNet (Also known as WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"mionet.exe, mionetmanager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mionet__also_known_as_wd_anywhere_access__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MioNet (Also known as WD Anywhere Access) RMM tool""}]",,[]
-SmartCode Web VNC,,SmartCode Web VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\TightVNC\*, *\TightVNC\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Onionshare,,Onionshare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\OnionShare\*, *\OnionShare\*, *\onionshare*.exe, OnionShare-win*.msi","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/onionshare_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Onionshare RMM tool""}]",,[]
-Air Live Drive,,Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\AirLiveDrive\*, *\AirLiveDrive\*, *\AirLiveDrive.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_live_drive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Air Live Drive RMM tool""}]",,[]
-Rocket Remote Desktop,,Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"RDConsole.exe, RocketRemoteDesktop_Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rocket_remote_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Rocket Remote Desktop RMM tool""}]",,[]
-WebRDP,,WebRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,webrdp.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""github.com/Mikej81/WebRDP""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_network_sigma.yml"", ""Description"": ""Detects potential network activity of WebRDP RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of WebRDP RMM tool""}]",github.com/Mikej81/WebRDP,[]
-BeyondTrust,,BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-SuperOps,,SuperOps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"superopsticket.exe, superops.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.superopsbeta.com"", ""superops.ai"", ""serv.superopsalpha.com"", ""*.superops.ai"", ""*.superopsalpha.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superops_network_sigma.yml"", ""Description"": ""Detects potential network activity of SuperOps RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superops_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SuperOps RMM tool""}]",https://support.superops.com/en/articles/6632028-how-to-download-and-deploy-the-agent,[]
-RemotePass,,RemotePass is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"remotepass-access.exe, rpaccess.exe, rpwhostscr.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""remotepass.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepass_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemotePass RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepass_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemotePass RMM tool""}]",https://www.remotepass.com/rpaccess.html - DOA as of 2024,[]
-Itarian,,Itarian is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"ITSMAgent.exe, RViewer.exe, ItsmRsp.exe, RAccess.exe, RmmService.exe, ITarianRemoteAccessSetup.exe, RDesktop.exe, ComodoRemoteControl.exe, ITSMService.exe, RHost.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""mdmsupport.comodo.com"", ""*.itsm-us1.comodo.com"", ""*.cmdm.comodo.com"", ""remoteaccess.itarian.com"", ""servicedesk.itarian.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itarian_network_sigma.yml"", ""Description"": ""Detects potential network activity of Itarian RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itarian_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Itarian RMM tool""}]","https://help.itarian.com/topic-459-1-1005-14776-Appendix-1b---Endpoint-Manager-Services---IP-Nos,-Host-Names-and-Port-Details---US-Customers.html",[]
-PSEXEC,,PSEXEC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"psexec.exe, psexecsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec_network_sigma.yml"", ""Description"": ""Detects potential network activity of PSEXEC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PSEXEC RMM tool""}]",https://learn.microsoft.com/en-us/sysinternals/downloads/psexec,[]
+rdp2tcp,,rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"tdp2tcp.exe, rdp2tcp.py","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""github.com/V-E-O/rdp2tcp""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_network_sigma.yml"", ""Description"": ""Detects potential network activity of rdp2tcp RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of rdp2tcp RMM tool""}]",github.com/V-E-O/rdp2tcp,[]
+RunSmart,,RunSmart is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""runsmart.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/runsmart_network_sigma.yml"", ""Description"": ""Detects potential network activity of RunSmart RMM tool""}]",,[]
+Fortra,,Fortra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fortra.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fortra_network_sigma.yml"", ""Description"": ""Detects potential network activity of Fortra RMM tool""}]",https://www.fortra.com - No free/cloud RMM softwars listed,[]
+RemoteUtilities,,RemoteUtilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"rutview.exe, *\Remote Manipulator System - Server\*, C:\Program Files\Remote Utilities\*, *\Remote Utilities\*, rutserv.exe, *\rutserv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""remoteutilities.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemoteUtilities RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemoteUtilities RMM tool""}]",,[]
+rclone,,rclone is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"portable tool. No install path, portable tool. No install path, rclone*.zip, *\rclone.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rclone_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of rclone RMM tool""}]",,[]
 Level.io,,Level.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"level-windows-amd64.exe, level.exe, level-remote-control-ffmpeg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""level.io"", ""*.level.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of Level.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Level.io RMM tool""}]",https://docs.level.io/1.0/admin-guides/troubleshooting-agent-issues,[]
-ezHelp,,ezHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"ezhelpclientmanager.exe, ezHelpManager.exe, ezhelpclient.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ezhelp.co.kr"", ""ezhelp.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ezhelp_network_sigma.yml"", ""Description"": ""Detects potential network activity of ezHelp RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ezhelp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ezHelp RMM tool""}]",https://www.exhelp.co.kr,[]
-Kabuto,,Kabuto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,Kabuto.App.Runner.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.kabuto.io"", ""repairtechsolutions.com/kabuto/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kabuto_network_sigma.yml"", ""Description"": ""Detects potential network activity of Kabuto RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kabuto_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Kabuto RMM tool""}]",https://www.repairtechsolutions.com/documentation/kabuto/,[]
-Synergy,,Synergy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/synergy_network_sigma.yml"", ""Description"": ""Detects potential network activity of Synergy RMM tool""}]",https://symless.com/synergy,[]
-ConnectWise,,ConnectWise is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\ScreenConnect Client (<string ID>)\*, *\ScreenConnect*Client*\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-TigerVNC,,TigerVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"tigervnc*.exe, winvnc4.exe, C:\Program Files\TightVNC\*, *\TightVNC\*, *\tvnserver.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tigervnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of TigerVNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tigervnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TigerVNC RMM tool""}]",https://github.com/TigerVNC/tigervnc/releases,[]
+Jump Cloud,,Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,JumpCloud*.exe ,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.api.jumpcloud.com"", ""*.assist.jumpcloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_cloud_network_sigma.yml"", ""Description"": ""Detects potential network activity of Jump Cloud RMM tool""}]",https://jumpcloud.com/support/understand-remote-assist-agent,[]
+Royal TS,,Royal TS is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,royalts.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""royalapps.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal TS RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Royal TS RMM tool""}]",,[]
+MioNet (WD Anywhere Access),,MioNet (WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"mionet.exe, mionetmanager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mionet__wd_anywhere_access__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MioNet (WD Anywhere Access) RMM tool""}]",https://en.wikipedia.org/wiki/WD_Anywhere_Access - DOA as of 2016,[]
+SpyAnywhere,,SpyAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,sysdiag.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.spytech-web.com"", ""spyanywhere.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_network_sigma.yml"", ""Description"": ""Detects potential network activity of SpyAnywhere RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SpyAnywhere RMM tool""}]",https://www.spyanywhere.com/support.shtml,[]
+FreeFileSync,,FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\FreeFileSync\*, *\FreeFileSync\*, *\FreeFileSync.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freefilesync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FreeFileSync RMM tool""}]",,[]
+Ericom AccessNow,,Ericom AccessNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"accessserver*.exe, accessserver.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ericom.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_network_sigma.yml"", ""Description"": ""Detects potential network activity of Ericom AccessNow RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ericom AccessNow RMM tool""}]",https://www.ericom.com/connect-accessnow/,[]
+ExpanDrive,,ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\ExpanDrive.exe, *\ExpanDrive.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/expandrive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ExpanDrive RMM tool""}]",,[]
+Level.io,,Level.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"level-windows-amd64.exe, level.exe, level-remote-control-ffmpeg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""level.io"", ""*.level.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of Level.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Level.io RMM tool""}]",https://docs.level.io/1.0/admin-guides/troubleshooting-agent-issues,[]
+MultCloud,,MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"requires sign up, requires sign up","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Auvik,,Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"auvik.engine.exe, auvik.agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.my.auvik.com"", ""*.auvik.com"", ""auvik.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_network_sigma.yml"", ""Description"": ""Detects potential network activity of Auvik RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Auvik RMM tool""}]",https://support.auvik.com/hc/en-us/articles/204315700-What-protocols-and-ports-does-the-Auvik-collector-use,[]
+Goverlan,,Goverlan is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"goverrmc.exe, govsrv*.exe, GovAgentInstallHelper.exe, GovAgentx64.exe, GovReachClient.exe, C:\Program Files (x86)\PJ Technologies\GOVsrv\*, *\PJ Technologies\GOVsrv\*, *\GovSrv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""goverlan.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_network_sigma.yml"", ""Description"": ""Detects potential network activity of Goverlan RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Goverlan RMM tool""}]",https://www.goverlan.com/pdf/Goverlan-Remote-Control-Software.pdf,[]
+Pcnow,,Pcnow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"mwcliun.exe, pcnmgr.exe, webexpcnow.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""au.pcmag.com/utilities/21470/webex-pcnow""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pcnow RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pcnow RMM tool""}]",http://pcnow.webex.com/ - DOA as of 2024,[]
+DeskShare,,DeskShare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"TeamTaskManager.exe, DSGuest.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskshare_network_sigma.yml"", ""Description"": ""Detects potential network activity of DeskShare RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskshare_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DeskShare RMM tool""}]",https://www.deskshare.com/help/fml/Active-and-Passive-connection-mode.aspx,[]
+MyGreenPC,,MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,mygreenpc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*mygreenpc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_network_sigma.yml"", ""Description"": ""Detects potential network activity of MyGreenPC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MyGreenPC RMM tool""}]",http://www.mygreenpc.com/,[]
 GoToMyPC,,"GoToMyPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.
 ",Nasreddine Bencherchali,2024-08-05,2024-08-05,,AppCore.exe,,,,,,,,,,C:\Program Files (x86)\GoToMyPC\*,"{""Disk"": [{""File"": ""%AppData%\\GoTo\\Logs\\goto.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [{""Path"": ""HKEY_LOCAL_MACHINE\\WOW6432Node\\Citrix\\GoToMyPc"", ""Description"": ""Configuration settings including registration email""}, {""Path"": ""HKEY_LOCAL_MACHINE\\WOW6432Node\\Citrix\\GoToMyPc\\GuestInvite"", ""Description"": ""Guest invites send to connect""}, {""Path"": ""HKEY_CURRENT_USER\\SOFTWARE\\Citrix\\GoToMyPc\\FileTransfer\\history"", ""Description"": ""hostname of the computer making connections and location of transferred files""}, {""Path"": ""HKEY_USERS\\<SID>\\SOFTWARE\\Citrix\\GoToMyPc\\FileTransfer\\history"", ""Description"": ""hostname of the computer making connections and location of transferred files""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.GoToMyPC.com""], ""Ports"": [""N/A""]}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotomypc_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of GoToMyPC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotomypc_network_sigma.yml"", ""Description"": ""Detects potential network activity of GoToMyPC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotomypc_files_sigma.yml"", ""Description"": ""Detects potential files activity of GoToMyPC RMM tool""}]","https://support.logmeininc.com/gotomypc/help/what-are-the-optimal-firewall-configurations#, https://support.goto.com/training/help/how-do-i-configure-gototraining-to-work-with-firewalls, https://ruler-project.github.io/ruler-project/RULER/remote/Citrix%20GoToMyPC/","[{""Person"": ""Phill Moore"", ""Handle"": ""@phillmoore""}]"
-Laplink Everywhere,,Laplink Everywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"laplink.exe, laplink-everywhere-setup*.exe, laplinkeverywhere.exe, llrcservice.exe, serverproxyservice.exe, OOSysAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""everywhere.laplink.com"", ""le.laplink.com"", ""atled.syspectr.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_everywhere_network_sigma.yml"", ""Description"": ""Detects potential network activity of Laplink Everywhere RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_everywhere_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Laplink Everywhere RMM tool""}]",https://everywhere.laplink.com/docs,[]
-Syspectr,,Syspectr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"oo-syspectr*.exe, OOSysAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""atled.syspectr.com"", ""app.syspectr.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syspectr_network_sigma.yml"", ""Description"": ""Detects potential network activity of Syspectr RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syspectr_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Syspectr RMM tool""}]",https://www.syspectr.com/en/installation-in-a-network,[]
-Remote Utilities,,Remote Utilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rutview.exe, rutserv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.internetid.ru""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_utilities_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote Utilities RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_utilities_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote Utilities RMM tool""}]",https://www.remoteutilities.com/download/,[]
-Remcos,,Remcos is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,remcos*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remcos_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remcos RMM tool""}]",,[]
-ISL Online,,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"islalwaysonmonitor.exe, isllight.exe, isllightservice.exe, ISLLightClient.exe, C:\Program Files (x86)\ISL Online\ISL Light*, *\ISL Online\ISL Light*, *\ISLLight.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.islonline.com"", ""*.islonline.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml"", ""Description"": ""Detects potential network activity of ISL Online RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ISL Online RMM tool""}]",https://help.islonline.com/19818/165940,[]
-DragonDisk,,DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Almageste\DragonDisk\*, *\Almageste\DragonDisk\*, *\DragonDisk.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dragondisk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DragonDisk RMM tool""}]",,[]
-FleetDeck.io,,FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"fleetdeck_agent_svc.exe, fleetdeck_commander_svc.exe, fleetdeck_installer.exe, fleetdeck_commander_launcher.exe, fleetdeck_agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDeck.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDeck.io RMM tool""}]",,[]
-Chrome Remote Desktop,,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"remote_host.exe, remoting_host.exe, C:\Program Files (x86)\Google\Chrome Remote Desktop\*, *\Google\Chrome Remote Desktop\*, *\remoting_host.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*remotedesktop-pa.googleapis.com"", ""*remotedesktop.google.com"", ""remotedesktop.google.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Chrome Remote Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Chrome Remote Desktop RMM tool""}]",https://support.google.com/chrome/a/answer/2799701?hl=en,[]
-RealVNC,,RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-rsync,,rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Datto,,Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""datto.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/datto_network_sigma.yml"", ""Description"": ""Detects potential network activity of Datto RMM tool""}]",,[]
-CloudExplorer,,CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Supremo,,Supremo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/13/2024,,,,,,,,,,,,"supremo.exe, supremoservice.exe, supremosystem.exe, supremohelper.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""supremocontrol.com"", ""*.supremocontrol.com"", ""* .nanosystems.it""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Supremo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Supremo RMM tool""}]",https://www.supremocontrol.com/frequently-asked-questions/,[]
-GoToAssist Agent Desktop Console,,GoToAssist Agent Desktop Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\G2RDesktopConsole-x64.msi, *\G2RDesktopConsole-x64.msi","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-ConnectWise Control,,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"screenconnect.clientservice.exe, connectwisecontrol.client.exe, screenconnect.windowsclient.exe, connectwisechat-customer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""live.screenconnect.com"", ""control.connectwise.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of ConnectWise Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ConnectWise Control RMM tool""}]",,[]
-RemoteView,,RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"remoteview.exe, rv.exe, rvagent.exe, rvagtray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*content.rview.com"", ""*.rview.com"", ""content.rview.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemoteView RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemoteView RMM tool""}]",https://help.rview.com/hc/en-us/articles/360005175994--RemoteView-Server-list-for-firewall,[]
-VNC Connect,,VNC Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\RealVNC\VNC Server\*, *\RealVNC\VNC Server\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Syncthing,,Syncthing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Roaming\SyncTrayzor\*, *Users\*\AppData\Roaming\SyncTrayzor\*, *\Syncthing.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncthing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Syncthing RMM tool""}]",,[]
-KHelpDesk,,KHelpDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,KHelpDesk.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.khelpdesk.com.br""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of KHelpDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of KHelpDesk RMM tool""}]",https://www.khelpdesk.com.br/en-us,[]
-Netop Remote Control (Impero Connect),,Netop Remote Control (Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nhostsvc.exe, nhstw32.exe, ngstw32.exe, Netop Ondemand.exe, nldrw32.exe, rmserverconsolemediator.exe, ImperoInit.exe, Connect.Backdrop.cloud*.exe, ImperoClientSVC.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.connect.backdrop.cloud"", ""*.netop.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__network_sigma.yml"", ""Description"": ""Detects potential network activity of Netop Remote Control (Impero Connect) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Netop Remote Control (Impero Connect) RMM tool""}]",https://kb.netop.com/article/firewall-and-proxy-server-considerations-when-using-netop-portal-communication-373.html,[]
-Bitvise SSH Server,,Bitvise SSH Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Bitvise SSH Server\*, *\Bitvise SSH Server\*, *\BvSshServer-Inst.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_server_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Bitvise SSH Server RMM tool""}]",,[]
-Cloud Turtle,,Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Genie9\*, *\Genie9\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Apple Remote Desktop,,Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/24/2024,,,,,,,,,,,,ARDAgent.app,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/apple_remote_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Apple Remote Desktop RMM tool""}]",https://support.apple.com/guide/remote-desktop/install-and-set-up-remote-desktop-apdf49e03a4/mac,[]
-Chrome SSH Extension,,Chrome SSH Extension is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodihamcpbpeioajjeobimgagajmlibd*, *Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodihamcpbpeioajjeobimgagajmlibd*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-CloudGopher,,CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+Jump Desktop,,Jump Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"jumpclient.exe, jumpdesktop.exe, jumpservice.exe, jumpconnect.exe, jumpupdater.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.jumpdesktop.com"", ""jumpdesktop.com"", ""jumpto.me"", ""*.jumpto.me""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Jump Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Jump Desktop RMM tool""}]",https://support.jumpdesktop.com/hc/en-us/articles/360042490351-Administrators-Guide-For-Jump-Desktop-Connect,[]
+Splashtop Remote,,Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"strwinclt.exe, Splashtop_Streamer_Windows*.exe, SplashtopSOS.exe, sragent.exe, srmanager.exe, srserver.exe, srservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""splashtop.com"", ""*.api.splashtop.com"", ""*.relay.splashtop.com"", ""*.api.splashtop.eu""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_network_sigma.yml"", ""Description"": ""Detects potential network activity of Splashtop Remote RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Splashtop Remote RMM tool""}]",https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/115001811966-What-are-the-Firewall-Exceptions-and-IP-addresses-of-Splashtop-servers-Services,[]
+Distant Desktop,,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"distant-desktop.exe, dd.exe, ddsystem.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.distantdesktop.com"", ""*signalserver.xyz""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Distant Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Distant Desktop RMM tool""}]",https://www.distantdesktop.com/manual/first-start.htm,[]
 NetSupport Manager,,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pcictlui.exe, client32.exe, pcicfgui.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""geo.netsupportsoftware.com"", ""netsupportmanager.com"", ""*.netsupportmanager.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_network_sigma.yml"", ""Description"": ""Detects potential network activity of NetSupport Manager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NetSupport Manager RMM tool""}]",https://www.netsupportmanager.com/resources/,[]
 ESET Remote Administrator,,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"era.exe, einstaller.exe, ezhelp*.exe, eratool.exe, ERAAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""eset.com/me/business/remote-management/remote-administrator/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_network_sigma.yml"", ""Description"": ""Detects potential network activity of ESET Remote Administrator RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ESET Remote Administrator RMM tool""}]",eset.com/me/business/remote-management/remote-administrator/,[]
-Yandex.Disk,,Yandex.Disk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Yandex\*, *\Yandex\*, *\YandexDisk2.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/yandex.disk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Yandex.Disk RMM tool""}]",,[]
-N-Able Advanced Monitoring Agent,,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"BASupSrvc.exe, winagent.exe, BASupApp.exe, BASupTSHelper.exe, Agent_*_RW.exe, BASEClient.exe, BASupSrvcCnfg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.beanywhere.com "", ""systemmonitor.co.uk"", ""*system-monitor.com"", ""cloudbackup.management"", ""*systemmonitor.co.uk"", ""n-able.com"", ""systemmonitor.us"", ""*systemmonitor.eu.com"", ""*.logicnow.com"", ""*.swi-tc.com"", ""*remote.management"", ""systemmonitor.us.cdn.cloudflare.net"", ""*cloudbackup.management"", ""remote.management"", ""logicnow.com"", ""system-monitor.com"", ""*systemmonitor.us"", ""systemmonitor.eu.com"", ""*.n-able.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_network_sigma.yml"", ""Description"": ""Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool""}]",https://documentation.n-able.com/takecontrol/troubleshooting/Content/kb/Take-Control-Standalone-Ports-and-Domains-Firewall-and-AV-Exclusions.htm,[]
-MyIVO,,MyIVO is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"myivomgr.exe, myivomanager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""myivo-server.software.informer.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_network_sigma.yml"", ""Description"": ""Detects potential network activity of MyIVO RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MyIVO RMM tool""}]",myivo.com - DOA as of 2024,[]
-FreeFileSync,,FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\FreeFileSync\*, *\FreeFileSync\*, *\FreeFileSync.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freefilesync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FreeFileSync RMM tool""}]",,[]
-ITSupport247 (ConnectWise),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,saazapsc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.itsupport247.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__network_sigma.yml"", ""Description"": ""Detects potential network activity of ITSupport247 (ConnectWise) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool""}]",https://control.itsupport247.net/,[]
-VNC,,VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"winvnc*.exe, vncserver.exe, winwvc.exe, winvncsc.exe, vncserverui.exe, vncviewer.exe, winvnc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""realvnc.com/en/connect/download/vnc""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of VNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of VNC RMM tool""}]",https://realvnc.com/en/connect/download/vnc,[]
-ServerEye,,ServerEye is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"servereye*.exe, ServiceProxyLocalSys.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.server-eye.de""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_network_sigma.yml"", ""Description"": ""Detects potential network activity of ServerEye RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ServerEye RMM tool""}]",https://www.servereye.de/wp-content/uploads/Anleitung-zur-Erstinstallation_aktuell.pdf,[]
-Rapid7,,Rapid7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"ir_agent.exe, rapid7_agent_core.exe, rapid7_endpoint_broker.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.analytics.insight.rapid7.com"", ""*.endpoint.ingress.rapid7.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_network_sigma.yml"", ""Description"": ""Detects potential network activity of Rapid7 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Rapid7 RMM tool""}]",https://docs.rapid7.com/insightvm/configure-communications-with-the-insight-platform/,[]
+ZeroTier,,ZeroTier is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"zerotier*.msi, zerotier*.exe, zero-powershell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""zerotier.com"", ""*.zerotier.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_network_sigma.yml"", ""Description"": ""Detects potential network activity of ZeroTier RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ZeroTier RMM tool""}]",https://my.zerotier.com/,[]
+QQ IM-remote assistance,,QQ IM-remote assistance is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"qq.exe, QQProtect.exe, qqpcmgr.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.mdt.qq.com"", ""*.desktop.qq.com"", ""upload_data.qq.com"", ""qq-messenger.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_network_sigma.yml"", ""Description"": ""Detects potential network activity of QQ IM-remote assistance RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of QQ IM-remote assistance RMM tool""}]",https://en.wikipedia.org/wiki/Tencent_QQ,[]
+ExtraPuTTY,,ExtraPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\ExtraPuTTY-0.30-2016-01-28-installer.exe, *Users\*\ExtraPuTTY-0.30-2016-01-28-installer.exe, *\ExtraPuTTY-0.30-2016-01-28-installer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/extraputty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ExtraPuTTY RMM tool""}]",,[]
 GoToAssist (GoTo Resolve),,GoToAssist (GoTo Resolve) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\ProgramFiles*\GoTo Machine Installer\*, *\GoTo Machine Installer\*, *\GoTo\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-Ocamlfuse,,Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
-GetScreen,,GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"GetScreen.exe, getscreen.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""getscreen.me"", ""GetScreen.me"", ""*.getscreen.me""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_network_sigma.yml"", ""Description"": ""Detects potential network activity of GetScreen RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GetScreen RMM tool""}]",https://docs.getscreen.me/self-hosted/system-requirements/,[]
-MobaXterm,,MobaXterm is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\MobaXterm_installer_12.1.msi, *\MobaXterm_installer_*.msi, *\Mobatek\MobaXterm\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[]
+TurboMeeting,,TurboMeeting is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"pcstarter.exe, turbomeeting.exe, turbomeetingstarter.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""acceo.com/turbomeeting/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_network_sigma.yml"", ""Description"": ""Detects potential network activity of TurboMeeting RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TurboMeeting RMM tool""}]",http://sourcing.rhubcom.com/v5/faqs.html#collapsetwentysix2-topdiv,[]
+Chrome Remote Desktop,,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"remote_host.exe, remoting_host.exe, C:\Program Files (x86)\Google\Chrome Remote Desktop\*, *\Google\Chrome Remote Desktop\*, *\remoting_host.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*remotedesktop.google.com"", ""*remotedesktop-pa.googleapis.com"", ""remotedesktop.google.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Chrome Remote Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Chrome Remote Desktop RMM tool""}]",https://support.google.com/chrome/a/answer/2799701?hl=en,[]
+SimpleHelp,,SimpleHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"simplehelpcustomer.exe, simpleservice.exe, simplegatewayservice.exe, remote access.exe, windowslauncher.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""simple-help.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_network_sigma.yml"", ""Description"": ""Detects potential network activity of SimpleHelp RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SimpleHelp RMM tool""}]",https://simple-help.com/remote-support,[]
+Level,,Level is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""level.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level_network_sigma.yml"", ""Description"": ""Detects potential network activity of Level RMM tool""}]",,[]
 CrossTec Remote Control,,CrossTec Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"PCIVIDEO.EXE, supporttool.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""crosstecsoftware.com/remotecontrol""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crosstec_remote_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of CrossTec Remote Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crosstec_remote_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CrossTec Remote Control RMM tool""}]",www.crosstecsoftware.com/supporthome.html - domain DOA 2/1/2024,[]
+TeamViewer,,"TeamViewer is a remote monitoring and management (RMM) tool.
+","Nasreddine Bencherchali, Michael Haag",2024-08-02,2024-08-02,https://www.teamviewer.com/en,TeamViewer.exe,,,TeamViewer,user,True,False,"Android, ChromeOS, IOS, Linux, Mac, Windows",,https://www.cvedetails.com/vulnerability-list/vendor_id-11100/product_id-19942/Teamviewer-Teamviewer.html,"C:\Program Files\TeamViewer\, teamviewer_desktop.exe, teamviewer_service.exe, teamviewerhost","{""Disk"": [{""File"": ""C:\\Users\\<username>\\AppData\\Local\\Temp\\TeamViewer\\TV15Install.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""TeamViewer\\d\\d_Logfile\\.log"", ""Description"": ""N/A"", ""OS"": ""Windows"", ""Type"": ""Regex""}, {""File"": ""C:\\Program Files\\TeamViewer\\Connections_incoming.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\TeamViewer\\TVNetwork.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%LOCALAPPDATA%\\Temp\\TeamViewer\\TV15Install.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\\\TeamViewer\\\\TeamViewer\\d\\d_Logfile\\.log"", ""Description"": ""N/A"", ""OS"": ""Windows"", ""Type"": ""Regex""}, {""File"": ""teamviewerqs.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""tv_w32.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""tv_w64.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""tv_x64.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""teamviewer.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""teamviewer_service.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%LOCALAPPDATA%\\TeamViewer\\Database\\tvchatfilecache.db"", ""Description"": ""SQlite 3 database storing cache about TeamViewer chat"", ""OS"": ""Windows""}, {""File"": ""%LOCALAPPDATA%\\TeamViewer\\RemotePrinting\\tvprint.db"", ""Description"": ""SQlite 3 database storing TeamViewer print jobs"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\TeamViewer.lnk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files*\\TeamViewer\\connections*.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\AppData\\Roaming\\TeamViewer\\MRU\\RemoteSupport\\*tvc"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""TeamViewer"", ""ImagePath"": ""\""C:\\\\Program Files\\\\TeamViewer\\\\TeamViewer_Service.exe\"""", ""Description"": ""Service installation event as result of TeamViewer installation.""}], ""Registry"": [{""Path"": ""HKLM\\SOFTWARE\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKU\\<SID>\\SOFTWARE\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MainWindowHandle"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImage"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePath"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePosition"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MinimizeToTray"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedCapturingEndpoint"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioSendingVolumeV2"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedRenderingEndpoint"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindow_Mode"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindowPositions"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.teamviewer.com""], ""Ports"": []}, {""Description"": ""N/A"", ""Domains"": [""router15.teamviewer.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""client.teamviewer.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""taf.teamviewer.com""], ""Ports"": [443]}], ""Other"": [{""Type"": ""Mutex"", ""Value"": ""TeamViewer_LogMutex""}, {""Type"": ""Mutex"", ""Value"": ""TeamViewerHooks_DynamicMemMutex""}, {""Type"": ""Mutex"", ""Value"": ""TeamViewer3_Win32_Instance_Mutex""}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of TeamViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of TeamViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_files_sigma.yml"", ""Description"": ""Detects potential files activity of TeamViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TeamViewer RMM tool""}]","https://community.teamviewer.com/English/kb/articles/4139-ports-used-by-teamviewer, https://arista.my.site.com/AristaCommunity/s/article/Security-Analysis-TeamViewer#, https://www.teamviewer.com/en/global/support/knowledge-base/teamviewer-classic/troubleshooting/log-file-reading-incoming-connection/, https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html, https://github.com/Purp1eW0lf/Blue-Team-Notes","[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}]"
+Itarian,,Itarian is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"ITSMAgent.exe, RViewer.exe, ItsmRsp.exe, RAccess.exe, RmmService.exe, ITarianRemoteAccessSetup.exe, RDesktop.exe, ComodoRemoteControl.exe, ITSMService.exe, RHost.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""mdmsupport.comodo.com"", ""*.itsm-us1.comodo.com"", ""*.cmdm.comodo.com"", ""remoteaccess.itarian.com"", ""servicedesk.itarian.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itarian_network_sigma.yml"", ""Description"": ""Detects potential network activity of Itarian RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itarian_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Itarian RMM tool""}]","https://help.itarian.com/topic-459-1-1005-14776-Appendix-1b---Endpoint-Manager-Services---IP-Nos,-Host-Names-and-Port-Details---US-Customers.html",[]
+Bomgar,,Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,bomgar-scc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""beyondtrust.com/brand/bomgar""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_network_sigma.yml"", ""Description"": ""Detects potential network activity of Bomgar RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Bomgar RMM tool""}]",,[]
 Absolute (Computrace),,Absolute (Computrace) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,6/18/2024,,,,,,,,,,,,"rpcnet.exe, ctes.exe, ctespersitence.exe, cteshostsvc.exe, rpcld.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*search.namequery.com"", ""*server.absolute.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/absolute__computrace__network_sigma.yml"", ""Description"": ""Detects potential network activity of Absolute (Computrace) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/absolute__computrace__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Absolute (Computrace) RMM tool""}]",https://community.absolute.com/s/article/Understanding-Absolutes-Endpoint-Agents-Rpcnet-CTES-and-search-namequery-com,[]
-Xshell,,Xshell is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\NetSarang\xShell\*, *\NetSarang\xShell\*, *\xShell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xshell_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Xshell RMM tool""}]",,[]
-Amazon (Cloud) Drive,,Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Local\Amazon\Cloud Drive\*, *\AppData\Local\Amazon\Cloud Drive\*, *\AmazonCloudDrive.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/amazon__cloud__drive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Amazon (Cloud) Drive RMM tool""}]",,[]
-MyGreenPC,,MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,mygreenpc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*mygreenpc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_network_sigma.yml"", ""Description"": ""Detects potential network activity of MyGreenPC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MyGreenPC RMM tool""}]",http://www.mygreenpc.com/,[]
-Level.io,,Level.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"level-windows-amd64.exe, level.exe, level-remote-control-ffmpeg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""level.io"", ""*.level.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of Level.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Level.io RMM tool""}]",https://docs.level.io/1.0/admin-guides/troubleshooting-agent-issues,[]
-Microsoft Quick Assist,,Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Microsoft Quick Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft Quick Assist RMM tool""}]",https://support.microsoft.com/en-us/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca,[]
-Manage Engine (Desktop Central),,Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"dcagentservice.exe, dcagentregister.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""desktopcentral.manageengine.com"", ""desktopcentral.manageengine.com.eu"", ""desktopcentral.manageengine.cn"", ""*.dms.zoho.com"", ""*.dms.zoho.com.eu"", ""*.-dms.zoho.com.cn""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__network_sigma.yml"", ""Description"": ""Detects potential network activity of Manage Engine (Desktop Central) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Manage Engine (Desktop Central) RMM tool""}]",https://www.manageengine.com/products/desktop-central/help/domains-required-for-agent-communication.html,[]
+Air Live Drive,,Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\AirLiveDrive\*, *\AirLiveDrive\*, *\AirLiveDrive.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_live_drive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Air Live Drive RMM tool""}]",,[]
+ESET Remote Administrator,,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"einstaller.exe, era.exe, ERAAgent.exe, ezhelp*.exe, eratool.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""eset.com/me/business/remote-management/remote-administrator/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_network_sigma.yml"", ""Description"": ""Detects potential network activity of ESET Remote Administrator RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ESET Remote Administrator RMM tool""}]",eset.com/me/business/remote-management/remote-administrator/,[]
diff --git a/website/public/api/rmm_tools.json b/website/public/api/rmm_tools.json
index c033b16b..bb9fc4e4 100644
--- a/website/public/api/rmm_tools.json
+++ b/website/public/api/rmm_tools.json
@@ -1,4 +1,63 @@
 [
+    {
+        "Name": "Domotz",
+        "Description": "Domotz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/7/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "domotz.exe",
+                "Domotz Pro Desktop App.exe",
+                "domotz_bash.exe",
+                "domotz*.exe",
+                "Domotz Pro Desktop App Setup*.exe",
+                "domotz-windows*.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.domotz.co",
+                        "domotz.com",
+                        "*cell-1.domotz.com"
+                    ],
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_network_sigma.yml",
+                "Description": "Detects potential network activity of Domotz RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Domotz RMM tool"
+            }
+        ],
+        "References": [
+            "https://help.domotz.com/tips-tricks/unblock-outgoing-connections-on-firewall/"
+        ],
+        "Acknowledgement": []
+    },
     {
         "Name": "LabTeach (Connectwise Automate)",
         "Description": "LabTeach (Connectwise Automate) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
@@ -38,11 +97,11 @@
         "Acknowledgement": []
     },
     {
-        "Name": "Zabbix Agent",
-        "Description": "Zabbix Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ServerEye",
+        "Description": "ServerEye is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -57,7 +116,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "zabbix_agent*.exe"
+                "servereye*.exe",
+                "ServiceProxyLocalSys.exe"
             ]
         },
         "Artifacts": {
@@ -68,8 +128,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "zabbix.com"
+                        "*.server-eye.de"
                     ],
                     "Ports": []
                 }
@@ -77,22 +136,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zabbix_agent_network_sigma.yml",
-                "Description": "Detects potential network activity of Zabbix Agent RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_network_sigma.yml",
+                "Description": "Detects potential network activity of ServerEye RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zabbix_agent_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Zabbix Agent RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ServerEye RMM tool"
             }
         ],
         "References": [
-            "https://www.zabbix.com/documentation/current/en/manual/appendix/install/windows_agent"
+            "https://www.servereye.de/wp-content/uploads/Anleitung-zur-Erstinstallation_aktuell.pdf"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Senso.cloud",
-        "Description": "Senso.cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RPort",
+        "Description": "RPort is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/9/2024",
@@ -110,9 +169,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "SensoClient.exe",
-                "SensoService.exe",
-                "aadg.exe"
+                "rport.exe"
             ]
         },
         "Artifacts": {
@@ -123,8 +180,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.senso.cloud",
-                        "senso.cloud"
+                        "user_managed",
+                        "rport.io"
                     ],
                     "Ports": []
                 }
@@ -132,25 +189,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_network_sigma.yml",
-                "Description": "Detects potential network activity of Senso.cloud RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rport_network_sigma.yml",
+                "Description": "Detects potential network activity of RPort RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Senso.cloud RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rport_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RPort RMM tool"
             }
         ],
         "References": [
-            "https://support.senso.cloud/support/solutions/articles/79000116305-firewall-and-content-filter-configuration"
+            "https://kb.rport.io/using-the-remote-access"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "I'm InTouch",
-        "Description": "I'm InTouch is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Azure Storage Explorer",
+        "Description": "Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -165,44 +222,29 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "iit.exe",
-                "intouch.exe",
-                "I'm InTouch Go Installer.exe"
+                "C:\\Program Files (x86)\\Microsoft Azure Storage Explorer\\*",
+                "*\\Microsoft Azure Storage Explorer\\*",
+                "*\\StorageExplorer.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.01com.com",
-                        "01com.com/imintouch-remote-pc-desktop"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_network_sigma.yml",
-                "Description": "Detects potential network activity of I'm InTouch RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_processes_sigma.yml",
-                "Description": "Detects potential processes activity of I'm InTouch RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/azure_storage_explorer_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Azure Storage Explorer RMM tool"
             }
         ],
-        "References": [
-            "https://www.01com.com/mobile/imintouch-remote-pc-desktop/faqs/remote-access/"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "RustDesk",
-        "Description": "RustDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "PSEXEC (Clone)",
+        "Description": "PSEXEC (Clone) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/9/2024",
@@ -220,8 +262,13 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "rustdesk*.exe",
-                "rustdesk.exe"
+                "paexec.exe",
+                "PAExec-*.exe",
+                "csexec.exe ",
+                "remcom.exe",
+                "remcomsvc.exe",
+                "xcmd.exe",
+                "xcmdsvc.exe"
             ]
         },
         "Artifacts": {
@@ -232,9 +279,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "rustdesk.com",
-                        "user_managed",
-                        "web.rustdesk.com"
+                        "user_managed"
                     ],
                     "Ports": []
                 }
@@ -242,25 +287,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_network_sigma.yml",
-                "Description": "Detects potential network activity of RustDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__network_sigma.yml",
+                "Description": "Detects potential network activity of PSEXEC (Clone) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RustDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__processes_sigma.yml",
+                "Description": "Detects potential processes activity of PSEXEC (Clone) RMM tool"
             }
         ],
         "References": [
-            "https://rustdesk.com/docs/en/"
+            "https://www.poweradmin.com/paexec/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Electric AI (Kaseya)",
-        "Description": "Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "NoMachine",
+        "Description": "NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -274,23 +319,45 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "nomachine*.exe",
+                "nxservice*.ese",
+                "nxd.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "user_managed",
+                        "nomachine.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_network_sigma.yml",
+                "Description": "Detects potential network activity of NoMachine RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_processes_sigma.yml",
+                "Description": "Detects potential processes activity of NoMachine RMM tool"
+            }
+        ],
         "References": [
-            "https://www.electric.ai/product/device-management-solutions - Usess Kaseya/jamf"
+            "https://kb.nomachine.com/AR04S01122"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "ZOC",
-        "Description": "ZOC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Microsoft OneDrive",
+        "Description": "Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -307,11 +374,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files\\ZOC8\\*",
-                "*\\ZOC?\\*",
-                "*\\zoc.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -319,21 +382,16 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ZOC RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Any Support",
-        "Description": "Any Support is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Xeox",
+        "Description": "Xeox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/27/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -348,7 +406,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ManualLauncher.exe"
+                "xeox-agent_x64.exe",
+                "xeox_service_windows.exe",
+                "xeox-agent_*.exe",
+                "xeox-agent_x86.exe"
             ]
         },
         "Artifacts": {
@@ -359,7 +420,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.anysupport.net"
+                        "*.xeox.com",
+                        "xeox.com"
                     ],
                     "Ports": []
                 }
@@ -367,25 +429,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_network_sigma.yml",
-                "Description": "Detects potential network activity of Any Support RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_network_sigma.yml",
+                "Description": "Detects potential network activity of Xeox RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Any Support RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Xeox RMM tool"
             }
         ],
         "References": [
-            "https://www.anysupport.net/introduce_howto.php"
+            "https://help.xeox.com/knowledge-base/gSuyNfDH6u79M82utnswf2/firewall-settings-xeox-agent-and-integrations/47T7S9tZJ2L1Z2W5gwuXoW"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "PDQ Connect",
-        "Description": "PDQ Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Netop",
+        "Description": "Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -400,45 +462,27 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "pdq-connect*.exe"
+                "C:\\Program Files\\Danware Data\\NetOp Packn Deploy\\*",
+                "*\\Danware Data\\NetOp Packn Deploy\\*",
+                "*\\Netop Remote Control\\*"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "app.pdq.com",
-                        "cfcdn.pdq.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_network_sigma.yml",
-                "Description": "Detects potential network activity of PDQ Connect RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_processes_sigma.yml",
-                "Description": "Detects potential processes activity of PDQ Connect RMM tool"
-            }
-        ],
-        "References": [
-            "https://connect.pdq.com/hc/en-us/articles/9518992071707-Network-Requirements"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Pcnow",
-        "Description": "Pcnow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "KHelpDesk",
+        "Description": "KHelpDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -453,9 +497,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "mwcliun.exe",
-                "pcnmgr.exe",
-                "webexpcnow.exe"
+                "KHelpDesk.exe"
             ]
         },
         "Artifacts": {
@@ -466,7 +508,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "au.pcmag.com/utilities/21470/webex-pcnow"
+                        "*.khelpdesk.com.br"
                     ],
                     "Ports": []
                 }
@@ -474,22 +516,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_network_sigma.yml",
-                "Description": "Detects potential network activity of Pcnow RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_network_sigma.yml",
+                "Description": "Detects potential network activity of KHelpDesk RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Pcnow RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_processes_sigma.yml",
+                "Description": "Detects potential processes activity of KHelpDesk RMM tool"
             }
         ],
         "References": [
-            "http://pcnow.webex.com/ - DOA as of 2024"
+            "https://www.khelpdesk.com.br/en-us"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Quick Assist",
-        "Description": "Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Box",
+        "Description": "Box is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -507,7 +549,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "quickassist.exe"
+                "C:\\Program Files\\Box\\Box\\*",
+                "*\\Box\\Box\\*",
+                "*\\Box.exe"
             ]
         },
         "Artifacts": {
@@ -518,19 +562,50 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Quick Assist RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/box_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Box RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Seetrol",
-        "Description": "Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Bomgar - Now BeyondTrust",
+        "Description": "Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": []
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Apple Remote Desktop",
+        "Description": "Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/24/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -545,11 +620,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "seetrolcenter.exe",
-                "seetrolclient.exe",
-                "seetrolmyservice.exe",
-                "seetrolremote.exe",
-                "seetrolsetting.exe"
+                "ARDAgent.app"
             ]
         },
         "Artifacts": {
@@ -560,7 +631,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "seetrol.co.kr"
+                        "user_managed"
                     ],
                     "Ports": []
                 }
@@ -568,22 +639,18 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_network_sigma.yml",
-                "Description": "Detects potential network activity of Seetrol RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Seetrol RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/apple_remote_desktop_network_sigma.yml",
+                "Description": "Detects potential network activity of Apple Remote Desktop RMM tool"
             }
         ],
         "References": [
-            "http://www.seetrol.com/en/features/features3.php"
+            "https://support.apple.com/guide/remote-desktop/install-and-set-up-remote-desktop-apdf49e03a4/mac"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "CarotDAV",
-        "Description": "CarotDAV is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Royal Server",
+        "Description": "Royal Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -600,33 +667,37 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\Rei Software\\CarotDAV\\*",
-                "*\\Rei Software\\CarotDAV\\*",
-                "*\\CarotDAV.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "royalapps.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/carotdav_processes_sigma.yml",
-                "Description": "Detects potential processes activity of CarotDAV RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_server_network_sigma.yml",
+                "Description": "Detects potential network activity of Royal Server RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Goverlan",
-        "Description": "Goverlan is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FleetDeck.io",
+        "Description": "FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -641,14 +712,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "goverrmc.exe",
-                "govsrv*.exe",
-                "GovAgentInstallHelper.exe",
-                "GovAgentx64.exe",
-                "GovReachClient.exe",
-                "C:\\Program Files (x86)\\PJ Technologies\\GOVsrv\\*",
-                "*\\PJ Technologies\\GOVsrv\\*",
-                "*\\GovSrv.exe"
+                "fleetdeck_agent_svc.exe",
+                "fleetdeck_commander_svc.exe",
+                "fleetdeck_installer.exe",
+                "fleetdeck_commander_launcher.exe",
+                "fleetdeck_agent.exe"
             ]
         },
         "Artifacts": {
@@ -659,8 +727,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "goverlan.com"
+                        "fleetdeck.io"
                     ],
                     "Ports": []
                 }
@@ -668,25 +735,23 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_network_sigma.yml",
-                "Description": "Detects potential network activity of Goverlan RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_network_sigma.yml",
+                "Description": "Detects potential network activity of FleetDeck.io RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Goverlan RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_processes_sigma.yml",
+                "Description": "Detects potential processes activity of FleetDeck.io RMM tool"
             }
         ],
-        "References": [
-            "https://www.goverlan.com/pdf/Goverlan-Remote-Control-Software.pdf"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "OptiTune",
-        "Description": "OptiTune is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "rsync",
+        "Description": "rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -700,47 +765,24 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "OTService.exe",
-                "OTPowerShell.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.optitune.us",
-                        "*.opti-tune.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/optitune_network_sigma.yml",
-                "Description": "Detects potential network activity of OptiTune RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/optitune_processes_sigma.yml",
-                "Description": "Detects potential processes activity of OptiTune RMM tool"
-            }
-        ],
-        "References": [
-            "https://www.bravurasoftware.com/optitune/support/faq.aspx"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "EMCO Remote Console",
-        "Description": "EMCO Remote Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ISL Online",
+        "Description": "ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -755,7 +797,13 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "remoteconsole.exe"
+                "islalwaysonmonitor.exe",
+                "isllight.exe",
+                "isllightservice.exe",
+                "ISLLightClient.exe",
+                "C:\\Program Files (x86)\\ISL Online\\ISL Light*",
+                "*\\ISL Online\\ISL Light*",
+                "*\\ISLLight.exe"
             ]
         },
         "Artifacts": {
@@ -766,8 +814,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "emcosoftware.com"
+                        "*.islonline.com",
+                        "*.islonline.net"
                     ],
                     "Ports": []
                 }
@@ -775,23 +823,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/emco_remote_console_network_sigma.yml",
-                "Description": "Detects potential network activity of EMCO Remote Console RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml",
+                "Description": "Detects potential network activity of ISL Online RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/emco_remote_console_processes_sigma.yml",
-                "Description": "Detects potential processes activity of EMCO Remote Console RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ISL Online RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://help.islonline.com/19818/165940"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "N-Able Advanced Monitoring Agent",
-        "Description": "N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "NTR Remote",
+        "Description": "NTR Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -806,12 +856,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "Agent_*_RW.exe",
-                "BASEClient.exe",
-                "BASupApp.exe",
-                "BASupSrvc.exe",
-                "BASupSrvcCnfg.exe",
-                "BASupTSHelper.exe"
+                "NTRsupportPro_EN.exe"
             ]
         },
         "Artifacts": {
@@ -822,17 +867,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*remote.management",
-                        "*.logicnow.com",
-                        "*systemmonitor.us",
-                        "*systemmonitor.eu.com",
-                        "*system-monitor.com",
-                        "systemmonitor.us.cdn.cloudflare.net",
-                        "*cloudbackup.management",
-                        "*systemmonitor.co.uk",
-                        "*.n-able.com",
-                        "*.beanywhere.com ",
-                        "*.swi-tc.com"
+                        "*.ntrsupport.com"
                     ],
                     "Ports": []
                 }
@@ -840,25 +875,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_network_sigma.yml",
-                "Description": "Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_network_sigma.yml",
+                "Description": "Detects potential network activity of NTR Remote RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_processes_sigma.yml",
-                "Description": "Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_processes_sigma.yml",
+                "Description": "Detects potential processes activity of NTR Remote RMM tool"
             }
         ],
         "References": [
-            "https://documentation.n-able.com/takecontrol/troubleshooting/Content/kb/Take-Control-Standalone-Ports-and-Domains-Firewall-and-AV-Exclusions.htm"
+            "DOA as of 2024"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Tailscale",
-        "Description": "Tailscale is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "MeshCentral",
+        "Description": "MeshCentral is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -873,9 +908,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "tailscale-*.exe",
-                "tailscaled.exe",
-                "tailscale-ipn.exe"
+                "meshcentral*.exe",
+                "mesh*.exe"
             ]
         },
         "Artifacts": {
@@ -886,9 +920,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.tailscale.com",
-                        "*.tailscale.io",
-                        "tailscale.com"
+                        "user_managed",
+                        "meshcentral.com"
                     ],
                     "Ports": []
                 }
@@ -896,25 +929,56 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tailscale_network_sigma.yml",
-                "Description": "Detects potential network activity of Tailscale RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_network_sigma.yml",
+                "Description": "Detects potential network activity of MeshCentral RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tailscale_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Tailscale RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_processes_sigma.yml",
+                "Description": "Detects potential processes activity of MeshCentral RMM tool"
             }
         ],
         "References": [
-            "https://tailscale.com/kb/1023/troubleshooting"
+            "https://ylianst.github.io/MeshCentral/meshcentral/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Pilixo",
-        "Description": "Pilixo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "JollysFastVNC",
+        "Description": "JollysFastVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": []
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "PuTTY Tray",
+        "Description": "PuTTY Tray is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -929,44 +993,138 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "rdp.exe",
-                "Pilixo_Installer*.exe"
+                "C:\\*\\puttytray.exe",
+                "*\\puttytray.exe"
             ]
         },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/putty_tray_processes_sigma.yml",
+                "Description": "Detects potential processes activity of PuTTY Tray RMM tool"
+            }
+        ],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "LogMeIn",
+        "Description": "LogMeIn is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
+        "Author": "Nasreddine Bencherchali",
+        "Created": "2024-08-05",
+        "LastModified": "2024-08-05",
+        "Details": {
+            "Website": "https://www.logmein.com/",
+            "PEMetadata": [
+                {
+                    "Filename": "lmiguardiansvc.exe"
+                },
+                {
+                    "Filename": "lmiignition.exe"
+                },
+                {
+                    "Filename": "logmeinsystray.exe"
+                },
+                {
+                    "Filename": "logmein.exe",
+                    "OriginalFileName": "",
+                    "Company": "LogMeIn, Inc.",
+                    "Description": "LMIGuardianSvc",
+                    "Product": "LMIGuardianSvc"
+                }
+            ],
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": null
+        },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
             "Network": [
                 {
-                    "Description": "Known remote domains",
+                    "Description": "N/A",
                     "Domains": [
-                        "pilixo.com",
-                        "download.pilixo.com",
-                        "*.pilixo.com"
+                        "logmein-gateway.com"
                     ],
-                    "Ports": []
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "*.logmein.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "*.logmein.eu"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "logmeinrescue.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "*.logmeininc.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pilixo_network_sigma.yml",
-                "Description": "Detects potential network activity of Pilixo RMM tool"
+                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/dns_query/dns_query_win_remote_access_software_domains_non_browsers.yml",
+                "Description": "DNS Query To Remote Access Software Domain From Non-Browser App"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pilixo_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Pilixo RMM tool"
+                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_remote_access_tools_logmein.yml",
+                "Description": "Remote Access Tool - LogMeIn Execution"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_network_sigma.yml",
+                "Description": "Detects potential network activity of LogMeIn RMM tool"
             }
         ],
         "References": [
-            "https://pilixo.freshdesk.com/support/solutions/articles/9000141879-device-connectivity-and-firewalls"
+            "https://support.logmeininc.com/central/help/allowlisting-and-firewall-configuration"
         ],
-        "Acknowledgement": []
+        "Acknowledgement": [
+            {
+                "Person": "Nasreddine Bencherchali",
+                "Handle": "@nas_bench"
+            }
+        ]
     },
     {
-        "Name": "Remote Desktop Manager (Devolutions)",
-        "Description": "Remote Desktop Manager (Devolutions) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Electric",
+        "Description": "Electric is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -989,15 +1147,28 @@
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "electric.ai"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml",
+                "Description": "Detects potential network activity of Electric RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "BeyondTrust (Bomgar)",
-        "Description": "BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CruzControl",
+        "Description": "CruzControl is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/7/2024",
@@ -1014,187 +1185,75 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "bomgar-scc-*.exe",
-                "bomgar-scc.exe",
-                "bomgar-pac-*.exe",
-                "bomgar-pac.exe",
-                "bomgar-rdp.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.beyondtrustcloud.com",
-                        "*.bomgarcloud.com",
-                        "bomgarcloud.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml",
-                "Description": "Detects potential network activity of BeyondTrust (Bomgar) RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml",
-                "Description": "Detects potential processes activity of BeyondTrust (Bomgar) RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [
-            "https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm"
+            "https://resources.doradosoftware.com/cruz-rmm"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Alpemix",
-        "Description": "Alpemix is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
-        "Author": "Nasreddine Bencherchali",
-        "Created": "2024-08-05",
-        "LastModified": "2024-08-05",
+        "Name": "Netreo",
+        "Description": "Netreo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/9/2024",
         "Details": {
-            "Website": "https://www.alpemix.com/en/Home",
-            "PEMetadata": [
-                {
-                    "Filename": "Alpemix.exe",
-                    "OriginalFileName": "Alpemix",
-                    "Description": "Alpemix",
-                    "Product": "Alpemix",
-                    "InternalName": "Alpemix"
-                }
-            ],
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
             "Privileges": "",
             "Free": "",
             "Verification": "",
-            "SupportedOS": [
-                "Windows",
-                "Linux",
-                "Android",
-                "Mac",
-                "IOS"
-            ],
-            "Capabilities": [
-                "5 Different Solutions for Remote Support",
-                "Access to Unattended Computers",
-                "Access to User Account Control (UAC) Screens",
-                "Add Your Own Logo",
-                "Auto Sizing",
-                "Automatic Update",
-                "Clipboard Transfer",
-                "Computer Independent Licensing",
-                "Contact List and Groups",
-                "Encrypted Communication",
-                "External Communication Barrier",
-                "File Transfer",
-                "Instant Messaging",
-                "Multi-Platform Support",
-                "Multiple Chat",
-                "Multiple Connections",
-                "No Port Forwarding Required",
-                "Peer to Peer Connection (p2p)",
-                "Receiving Offline Message",
-                "Remote Restart",
-                "ReportingRestricting The Authority",
-                "Screen Sharing",
-                "Sending Announcement Message",
-                "Sharing a certain part of the screen",
-                "Video Recording",
-                "Voice Communication",
-                "Who is currently supporting?",
-                "Working in Black Screen Mode"
-            ],
+            "SupportedOS": [],
+            "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\AlpemixService.exe",
-                "C:\\AlpemixSrvc\\"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
-            "Disk": [
-                {
-                    "File": "%localappdata%\\Alpemix\\Alpemix.ini",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                }
-            ],
-            "EventLog": [
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "AlpemixSrvc",
-                    "ImagePath": "*\\Alpemix.exe servicestartxxx",
-                    "Description": "Service installation event as result of Alpemix installation."
-                }
-            ],
-            "Registry": [
-                {
-                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\AlpemixSrvcx",
-                    "Description": "N/A"
-                }
-            ],
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
             "Network": [
                 {
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "*.alpemix.com"
-                    ],
-                    "Ports": [
-                        443
-                    ],
-                    "Description": "N/A"
-                },
-                {
-                    "Domains": [
-                        "*.teknopars.com"
-                    ],
-                    "Ports": [
-                        80
+                        "charon.netreo.net",
+                        "activation.netreo.net",
+                        "*.api.netreo.com",
+                        "netreo.com"
                     ],
-                    "Description": "N/A"
+                    "Ports": []
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_registry_sigma.yml",
-                "Description": "Detects potential registry activity of Alpemix RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_network_sigma.yml",
-                "Description": "Detects potential network activity of Alpemix RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_files_sigma.yml",
-                "Description": "Detects potential files activity of Alpemix RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Alpemix RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netreo_network_sigma.yml",
+                "Description": "Detects potential network activity of Netreo RMM tool"
             }
         ],
         "References": [
-            "https://www.alpemix.com/en/remote-access"
+            "https://solutions.netreo.com/docs/firewall-requirements"
         ],
-        "Acknowledgement": [
-            {
-                "Person": "Nasreddine Bencherchali",
-                "Handle": "@nas_bench"
-            }
-        ]
+        "Acknowledgement": []
     },
     {
-        "Name": "CloudBerry Explorer",
-        "Description": "CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "DW Service",
+        "Description": "DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1209,26 +1268,46 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\CloudBerryLab\\CloudBerry Drive\\*",
-                "*\\CloudBerryLab\\CloudBerry Drive\\*"
+                "dwagsvc.exe",
+                "dwagent.exe",
+                "dwagsvc.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.dwservice.net"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml",
+                "Description": "Detects potential network activity of DW Service RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml",
+                "Description": "Detects potential processes activity of DW Service RMM tool"
+            }
+        ],
+        "References": [
+            "https://news.dwservice.net/dwservice-security-infrastructure/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Auvik",
-        "Description": "Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Remote.it",
+        "Description": "Remote.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1243,8 +1322,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "auvik.engine.exe",
-                "auvik.agent.exe"
+                "remote-it-installer.exe",
+                "remote.it.exe",
+                "remoteit.exe"
             ]
         },
         "Artifacts": {
@@ -1255,9 +1335,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.my.auvik.com",
-                        "*.auvik.com",
-                        "auvik.com"
+                        "auth.api.remote.it",
+                        "api.remote.it",
+                        "remote.it"
                     ],
                     "Ports": []
                 }
@@ -1265,25 +1345,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_network_sigma.yml",
-                "Description": "Detects potential network activity of Auvik RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_network_sigma.yml",
+                "Description": "Detects potential network activity of Remote.it RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Auvik RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Remote.it RMM tool"
             }
         ],
         "References": [
-            "https://support.auvik.com/hc/en-us/articles/204315700-What-protocols-and-ports-does-the-Auvik-collector-use"
+            "https://docs.remote.it/introduction/get-started"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Microsoft RDP",
-        "Description": "Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FileZilla",
+        "Description": "FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1298,9 +1378,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "termsrv.exe",
-                "mstsc.exe",
-                "Microsoft Remote Desktop"
+                "C:\\Program Files\\FileZilla FTP Client\\*",
+                "*\\FileZilla FTP Client\\*",
+                "*\\FileZilla.exe"
             ]
         },
         "Artifacts": {
@@ -1311,21 +1391,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Microsoft RDP RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/filezilla_processes_sigma.yml",
+                "Description": "Detects potential processes activity of FileZilla RMM tool"
             }
         ],
-        "References": [
-            "https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Microsoft OneDrive",
-        "Description": "Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "DeskNets",
+        "Description": "DeskNets is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1348,15 +1426,17 @@
             "Network": []
         },
         "Detections": [],
-        "References": [],
+        "References": [
+            "https://www.desknets.com/en/download.html"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Tactical RMM",
-        "Description": "Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "MEGAsync",
+        "Description": "MEGAsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1371,47 +1451,35 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "tacticalrmm.exe",
-                "tacticalrmm.exe"
+                "C:\\Users\\*\\AppData\\Local\\MEGAsync\\*",
+                "*Users\\*\\AppData\\Local\\MEGAsync\\*",
+                "*Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*",
+                "*ProgramData\\MEGAsync\\*",
+                "*\\MEGAsyncSetup64.exe",
+                "*\\MEGAupdater.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "login.tailscale.com",
-                        "login.tailscale.com",
-                        "docs.tacticalrmm.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_network_sigma.yml",
-                "Description": "Detects potential network activity of Tactical RMM RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Tactical RMM RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/megasync_processes_sigma.yml",
+                "Description": "Detects potential processes activity of MEGAsync RMM tool"
             }
         ],
-        "References": [
-            "docs.tacticalrmm.com"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "MioNet (WD Anywhere Access)",
-        "Description": "MioNet (WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Bitvise SSH Client",
+        "Description": "Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1426,8 +1494,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "mionet.exe",
-                "mionetmanager.exe"
+                "C:\\Program Files (x86)\\Bitvise SSH Client\\*",
+                "*\\Bitvise SSH Client\\*",
+                "*\\BvSshClient-Inst.exe"
             ]
         },
         "Artifacts": {
@@ -1438,21 +1507,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mionet__wd_anywhere_access__processes_sigma.yml",
-                "Description": "Detects potential processes activity of MioNet (WD Anywhere Access) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_client_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Bitvise SSH Client RMM tool"
             }
         ],
-        "References": [
-            "https://en.wikipedia.org/wiki/WD_Anywhere_Access - DOA as of 2016"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Comodo RMM",
-        "Description": "Comodo RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Netop Remote Control (Impero Connect)",
+        "Description": "Netop Remote Control (Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1467,8 +1534,15 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "itsmagent.exe",
-                "rviewer.exe"
+                "nhostsvc.exe",
+                "nhstw32.exe",
+                "ngstw32.exe",
+                "Netop Ondemand.exe",
+                "nldrw32.exe",
+                "rmserverconsolemediator.exe",
+                "ImperoInit.exe",
+                "Connect.Backdrop.cloud*.exe",
+                "ImperoClientSVC.exe"
             ]
         },
         "Artifacts": {
@@ -1479,9 +1553,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.itsm-us1.comodo.com",
-                        "*mdmsupport.comodo.com",
-                        "one.comodo.com"
+                        "*.connect.backdrop.cloud",
+                        "*.netop.com"
                     ],
                     "Ports": []
                 }
@@ -1489,22 +1562,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_network_sigma.yml",
-                "Description": "Detects potential network activity of Comodo RMM RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__network_sigma.yml",
+                "Description": "Detects potential network activity of Netop Remote Control (Impero Connect) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Comodo RMM RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Netop Remote Control (Impero Connect) RMM tool"
             }
         ],
         "References": [
-            "https://help.itarian.com/topic-459-1-1005-14776-Appendix-1b---Endpoint-Manager-Services---IP-Nos,-Host-Names-and-Port-Details---US-Customers.html"
+            "https://kb.netop.com/article/firewall-and-proxy-server-considerations-when-using-netop-portal-communication-373.html"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Pocket Controller",
-        "Description": "Pocket Controller is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RemotePass",
+        "Description": "RemotePass is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -1522,9 +1595,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "pocketcontroller.exe",
-                "pocketcloudservice.exe",
-                "wysebrowser.exe"
+                "remotepass-access.exe",
+                "rpaccess.exe",
+                "rpwhostscr.exe"
             ]
         },
         "Artifacts": {
@@ -1535,7 +1608,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "soti.net/products/soti-pocket-controller"
+                        "remotepass.com"
                     ],
                     "Ports": []
                 }
@@ -1543,54 +1616,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_network_sigma.yml",
-                "Description": "Detects potential network activity of Pocket Controller RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepass_network_sigma.yml",
+                "Description": "Detects potential network activity of RemotePass RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Pocket Controller RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepass_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RemotePass RMM tool"
             }
         ],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "NordLocker",
-        "Description": "NordLocker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": []
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
+        "References": [
+            "https://www.remotepass.com/rpaccess.html - DOA as of 2024"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "ExpanDrive",
-        "Description": "ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Addigy",
+        "Description": "Addigy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/27/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1605,31 +1649,42 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Users\\*\\ExpanDrive.exe",
-                "*\\ExpanDrive.exe"
+                "addigy-*.pkg"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "prod.addigy.com",
+                        "grtmprod.addigy.com",
+                        "agents.addigy.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/expandrive_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ExpanDrive RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/addigy_network_sigma.yml",
+                "Description": "Detects potential network activity of Addigy RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://addigy.com/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "OCS inventory",
-        "Description": "OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Syncro",
+        "Description": "Syncro is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/13/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1644,8 +1699,16 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ocsinventory.exe",
-                "ocsservice.exe"
+                "Syncro.Installer.exe",
+                "Kabuto.App.Runner.exe",
+                "Syncro.Overmind.Service.exe",
+                "Kabuto.Installer.exe",
+                "KabutoSetup.exe",
+                "Syncro.Service.exe",
+                "Kabuto.Service.Runner.exe",
+                "Syncro.App.Runner.exe",
+                "SyncroLive.Service.exe",
+                "SyncroLive.Agent.exe"
             ]
         },
         "Artifacts": {
@@ -1656,8 +1719,17 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "ocsinventory-ng.org"
+                        "kabuto.io",
+                        "*.syncromsp.com",
+                        "*.syncroapi.com",
+                        "syncromsp.com",
+                        "servably.com",
+                        "ld.aurelius.host",
+                        "app.kabuto.io ",
+                        "*.kabutoservices.com",
+                        "repairshopr.com",
+                        "kabutoservices.com",
+                        "attachments.servably.com"
                     ],
                     "Ports": []
                 }
@@ -1665,22 +1737,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_network_sigma.yml",
-                "Description": "Detects potential network activity of OCS inventory RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncro_network_sigma.yml",
+                "Description": "Detects potential network activity of Syncro RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_processes_sigma.yml",
-                "Description": "Detects potential processes activity of OCS inventory RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncro_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Syncro RMM tool"
             }
         ],
         "References": [
-            "https://ocsinventory-ng.org/?page_id=878&lang=en"
+            "https://community.syncromsp.com/t/syncro-exceptions-and-allowlists/2004"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "GotoHTTP",
-        "Description": "GotoHTTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "IntelliAdmin Remote Control",
+        "Description": "IntelliAdmin Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/8/2024",
@@ -1698,9 +1770,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "GotoHTTP_x64.exe",
-                "gotohttp.exe",
-                "GotoHTTP*.exe"
+                "iadmin.exe",
+                "intelliadmin.exe",
+                "agent32.exe",
+                "agent64.exe",
+                "agent_setup_5.exe"
             ]
         },
         "Artifacts": {
@@ -1711,8 +1785,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.gotohttp.com",
-                        "gotohttp.com"
+                        "user_managed",
+                        "*.intelliadmin.com",
+                        "intelliadmin.com/remote-control"
                     ],
                     "Ports": []
                 }
@@ -1720,22 +1795,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_network_sigma.yml",
-                "Description": "Detects potential network activity of GotoHTTP RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_network_sigma.yml",
+                "Description": "Detects potential network activity of IntelliAdmin Remote Control RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of GotoHTTP RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_processes_sigma.yml",
+                "Description": "Detects potential processes activity of IntelliAdmin Remote Control RMM tool"
             }
         ],
         "References": [
-            "https://gotohttp.com/goto/help.12x"
+            "intelliadmin.com/remote-control"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "CloudXplorer",
-        "Description": "CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Tanium Deploy",
+        "Description": "Tanium Deploy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -1752,33 +1827,37 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files\\ClumsyLeaf Software\\CloudXplorer\\*",
-                "*\\ClumsyLeaf Software\\CloudXplorer\\*",
-                "*\\clumsyleaf.cloudxplorer*.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "tanium.com/products/tanium-deploy"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudxplorer_processes_sigma.yml",
-                "Description": "Detects potential processes activity of CloudXplorer RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_deploy_network_sigma.yml",
+                "Description": "Detects potential network activity of Tanium Deploy RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Terminals",
-        "Description": "Terminals is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "AweRay",
+        "Description": "AweRay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1792,24 +1871,47 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "aweray_remote*.exe",
+                "AweSun.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "asapi*.aweray.net",
+                        "client-api.aweray.com"
+                    ],
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray_network_sigma.yml",
+                "Description": "Detects potential network activity of AweRay RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray_processes_sigma.yml",
+                "Description": "Detects potential processes activity of AweRay RMM tool"
+            }
+        ],
+        "References": [
+            "https://sun.aweray.com/help"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "RPort",
-        "Description": "RPort is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "UltraVNC",
+        "Description": "UltraVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1824,7 +1926,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "rport.exe"
+                "UltraVNC*.exe"
             ]
         },
         "Artifacts": {
@@ -1835,8 +1937,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "rport.io"
+                        "ultravnc.com",
+                        "user_managed"
                     ],
                     "Ports": []
                 }
@@ -1844,25 +1946,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rport_network_sigma.yml",
-                "Description": "Detects potential network activity of RPort RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_network_sigma.yml",
+                "Description": "Detects potential network activity of UltraVNC RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rport_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RPort RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of UltraVNC RMM tool"
             }
         ],
         "References": [
-            "https://kb.rport.io/using-the-remote-access"
+            "https://uvnc.com/docs/uvnc-server/49-UltraVNC-server-configuration.html"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "CentraStage (Now Datto)",
-        "Description": "CentraStage (Now Datto) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Site24x7",
+        "Description": "Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/13/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1877,8 +1979,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "CagService.exe",
-                "AEMAgent.exe"
+                "MEAgentHelper.exe",
+                "MonitoringAgent.exe",
+                "Site24x7WindowsAgentTrayIcon.exe",
+                "Site24x7PluginAgent.exe"
             ]
         },
         "Artifacts": {
@@ -1889,9 +1993,12 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.rmm.datto.com",
-                        "*cc.centrastage.net",
-                        "datto.com/au/products/rmm/"
+                        "plus*.site24x7.com",
+                        "plus*.site24x7.eu",
+                        "plus*.site24x7.in",
+                        "plus*.site24x7.cn",
+                        "plus*.site24x7.net.au",
+                        "site24x7.com/msp"
                     ],
                     "Ports": []
                 }
@@ -1899,32 +2006,40 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__network_sigma.yml",
-                "Description": "Detects potential network activity of CentraStage (Now Datto) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_network_sigma.yml",
+                "Description": "Detects potential network activity of Site24x7 RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__processes_sigma.yml",
-                "Description": "Detects potential processes activity of CentraStage (Now Datto) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Site24x7 RMM tool"
             }
         ],
         "References": [
-            "https://rmm.datto.com/help/de/Content/1INTRODUCTION/Requirements/AllowListRequirements.htm"
+            "https://support.site24x7.com/portal/en/kb/articles/which-ports-do-i-need-to-allow-access-in-my-firewall-to-use-site24x7-agent"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Instant Housecall",
-        "Description": "Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/8/2024",
+        "Name": "Kaseya (VSA)",
+        "Description": "Kaseya (VSA) aka Unigma is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
+        "Author": "Nasreddine Bencherchali",
+        "Created": "2024-08-05",
+        "LastModified": "2024-08-05",
         "Details": {
             "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
+            "PEMetadata": [
+                {
+                    "Filename": "agentmon.exe"
+                },
+                {
+                    "Filename": "KaUpdHlp.exe"
+                },
+                {
+                    "Filename": "KaUsrTsk.exe",
+                    "OriginalFileName": "",
+                    "Description": ""
+                }
+            ],
             "Privileges": "",
             "Free": "",
             "Verification": "",
@@ -1932,24 +2047,102 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "hsloader.exe",
-                "InstantHousecall.exe",
-                "ihcserver.exe",
-                "instanthousecall.exe"
+                "C:\\Program Files (x86)\\Kaseya\\",
+                "C:\\ProgramData\\Kaseya\\"
             ]
         },
         "Artifacts": {
-            "Disk": [],
+            "Disk": [
+                {
+                    "File": "%localappdata%\\Kaseya\\Log\\KaseyaLiveConnect\\*",
+                    "Description": "Kaseya Live Connect logs",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "~/Library/Logs/com.kaseya/KaseyaLiveConnect/*",
+                    "Description": "Kaseya Live Connect logs",
+                    "OS": "MacOS"
+                },
+                {
+                    "File": "C:\\ProgramData\\Kaseya\\Log\\Endpoint\\*",
+                    "Description": "Kaseya Endpoint logs",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files*\\Kaseya\\*\\agentmon.log",
+                    "Description": "Kaseya Agent Monitor log"
+                },
+                {
+                    "File": "/var/log/system.log",
+                    "Description": "Kaseya Agent Monitor log",
+                    "OS": "MacOS 32bit"
+                },
+                {
+                    "File": " ~/opt/kaseya/*/logs*",
+                    "Description": "Kaseya Agent Monitor log",
+                    "OS": "MacOS 64bit"
+                },
+                {
+                    "File": "C:\\Users\\*\\AppData\\Local\\Temp\\KASetup.log",
+                    "Description": "Kaseya Setup log in user temp directory",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Windows\\Temp\\KASetup.log",
+                    "Description": "Kaseya Setup log in Windows temp directory",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\ProgramData\\Kaseya\\Log\\KaseyaEdgeServices\\*",
+                    "Description": "Kaseya Edge Services logs",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Kaseya\\api\\v1.0\\logs\\",
+                    "Description": "Kaseya API logs",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Kaseya\\api\\v1.5\\endpoint\\logs",
+                    "Description": "Kaseya API logs",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Kaseya\\api\\v1.5\\endpoints\\logs",
+                    "Description": "Kaseya API logs",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Kaseya\\Log\\MakeSelfSignedCert.exe\\",
+                    "Description": "Certificate creation",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Kaseya\\WebPages\\install\\makecert.txt",
+                    "Description": "Certificate creation",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\KaseyaEndpoint*",
+                    "Description": "Endpoint service logs",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\Session_*",
+                    "Description": "Session logs",
+                    "OS": "Windows"
+                }
+            ],
             "EventLog": [],
             "Registry": [],
             "Network": [
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.instanthousecall.com",
-                        "secure.instanthousecall.com",
-                        "*.instanthousecall.net",
-                        "instanthousecall.com"
+                        "deploy01.kaseya.com",
+                        "*managedsupport.kaseya.net",
+                        "*.kaseya.net",
+                        "kaseya.com"
                     ],
                     "Ports": []
                 }
@@ -1957,25 +2150,28 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_network_sigma.yml",
-                "Description": "Detects potential network activity of Instant Housecall RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__network_sigma.yml",
+                "Description": "Detects potential network activity of Kaseya (VSA) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Instant Housecall RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__files_sigma.yml",
+                "Description": "Detects potential files activity of Kaseya (VSA) RMM tool"
             }
         ],
         "References": [
-            "https://instanthousecall.com/features/"
+            "https://helpdesk.kaseya.com/hc/en-gb/articles/229012608-Software-Deployment-URL-Port-Requirements",
+            "https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations",
+            "https://ruler-project.github.io/ruler-project/RULER/remote/Kaseya/",
+            "https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "CruzControl",
-        "Description": "CruzControl is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Cloud Turtle",
+        "Description": "Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -1989,7 +2185,10 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\Program Files (x86)\\Genie9\\*",
+                "*\\Genie9\\*"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -1998,17 +2197,15 @@
             "Network": []
         },
         "Detections": [],
-        "References": [
-            "https://resources.doradosoftware.com/cruz-rmm"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Mikogo",
-        "Description": "Mikogo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Pulseway",
+        "Description": "Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2023,14 +2220,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "mikogo.exe",
-                "mikogo-starter.exe",
-                "mikogo-service.exe",
-                "mikogolauncher.exe",
-                "C:\\Users\\*\\AppData\\Roaming\\Mikogo\\*",
-                "*Users\\*\\AppData\\Roaming\\Mikogo\\*",
-                "*\\Mikogo-Service.exe",
-                "*\\Mikogo-Screen-Service.exe"
+                "PCMonitorManager.exe",
+                "pcmonitorsrv.exe"
             ]
         },
         "Artifacts": {
@@ -2041,10 +2232,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.real-time-collaboration.com",
-                        "*.mikogo4.com",
-                        "*.mikogo.com",
-                        "mikogo.com"
+                        "pulseway.com"
                     ],
                     "Ports": []
                 }
@@ -2052,25 +2240,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mikogo_network_sigma.yml",
-                "Description": "Detects potential network activity of Mikogo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_network_sigma.yml",
+                "Description": "Detects potential network activity of Pulseway RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mikogo_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Mikogo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Pulseway RMM tool"
             }
         ],
         "References": [
-            "https://mikogo.zendesk.com/hc/en-us/articles/214072478-Which-IP-addresses-do-we-use-for-our-services"
+            "https://intercom.help/pulseway/en/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "mRemoteNG",
-        "Description": "mRemoteNG is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Dropbox",
+        "Description": "Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2085,72 +2273,33 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "mRemoteNG.exe",
-                "C:\\Program Files (x86)\\mRemoteNG\\*",
-                "*\\mRemoteNG\\*",
-                "*\\mRemoteNG.exe",
-                "c:\\Program Files (x86)%\\mRemoteNG",
-                "*%\\mRemoteNG",
-                "mRemoteNG-Installer-*.msi",
-                "*\\mRemoteNG.exe"
+                "C:\\Program Files (x86)\\Dropbox\\Client\\*",
+                "*\\Dropbox\\Client\\*",
+                "*\\Dropbox.exe",
+                "*Users\\*\\Dropbox\\bin\\"
             ]
         },
         "Artifacts": {
-            "Disk": [
-                {
-                    "File": "C:\\Users\\*\\AppData\\Roaming\\mRemoteNG\\mRemoteNG.log",
-                    "Description": "mRemoteNG log file",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Users\\*\\AppData\\Roaming\\mRemoteNG\\confCons.xml",
-                    "Description": "mRemoteNG configuration file",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Users\\*\\AppData\\*\\mRemoteNG\\**10\\user.config",
-                    "Description": "mRemoteNG user configuration file",
-                    "OS": "Windows"
-                }
-            ],
+            "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed",
-                        "mremoteng.org"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_network_sigma.yml",
-                "Description": "Detects potential network activity of mRemoteNG RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_files_sigma.yml",
-                "Description": "Detects potential files activity of mRemoteNG RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_processes_sigma.yml",
-                "Description": "Detects potential processes activity of mRemoteNG RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dropbox_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Dropbox RMM tool"
             }
         ],
-        "References": [
-            "https://github.com/mRemoteNG/mRemoteNG"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "LabTech RMM (Now ConnectWise Automate)",
-        "Description": "LabTech RMM (Now ConnectWise Automate) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Mikogo",
+        "Description": "Mikogo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2165,9 +2314,14 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ltsvc.exe",
-                "ltsvcmon.exe",
-                "lttray.exe"
+                "mikogo.exe",
+                "mikogo-starter.exe",
+                "mikogo-service.exe",
+                "mikogolauncher.exe",
+                "C:\\Users\\*\\AppData\\Roaming\\Mikogo\\*",
+                "*Users\\*\\AppData\\Roaming\\Mikogo\\*",
+                "*\\Mikogo-Service.exe",
+                "*\\Mikogo-Screen-Service.exe"
             ]
         },
         "Artifacts": {
@@ -2178,7 +2332,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "connectwise.com"
+                        "*.real-time-collaboration.com",
+                        "*.mikogo4.com",
+                        "*.mikogo.com",
+                        "mikogo.com"
                     ],
                     "Ports": []
                 }
@@ -2186,77 +2343,191 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/labtech_rmm__now_connectwise_automate__network_sigma.yml",
-                "Description": "Detects potential network activity of LabTech RMM (Now ConnectWise Automate) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mikogo_network_sigma.yml",
+                "Description": "Detects potential network activity of Mikogo RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/labtech_rmm__now_connectwise_automate__processes_sigma.yml",
-                "Description": "Detects potential processes activity of LabTech RMM (Now ConnectWise Automate) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mikogo_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Mikogo RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://mikogo.zendesk.com/hc/en-us/articles/214072478-Which-IP-addresses-do-we-use-for-our-services"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "ScreenMeet",
-        "Description": "ScreenMeet is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/7/2024",
+        "Name": "Action1",
+        "Description": "Action1 is a powerful Remote Monitoring and Management(RMM) tool that enables users to execute commands, scripts, and binaries. \nThrough the web interface of action1, the administrator must create a new policy or an app to establish remote execution and then points that the agent is installed.\n",
+        "Author": "@kostastsale",
+        "Created": "2024-08-03",
+        "LastModified": "2024-08-03",
         "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
+            "Website": "https://www.action1.com/",
+            "PEMetadata": [
+                {
+                    "Filename": "action1_connector.exe"
+                },
+                {
+                    "Filename": "action1_remote.exe"
+                },
+                {
+                    "Filename": "action1_update.exe"
+                },
+                {
+                    "Filename": "action1_agent.exe",
+                    "OriginalFileName": "action1_agent.exe",
+                    "Description": "Endpoint Agent"
+                }
+            ],
+            "Privileges": "SYSTEM",
+            "Free": "Yes",
+            "Verification": "Corporate email required although temporary email services are accepted",
+            "SupportedOS": [
+                "Windows"
+            ],
+            "Capabilities": [
+                "Backup and disaster recovery",
+                "Billing and invoicing",
+                "Customer portal",
+                "HelpDesk and ticketing",
+                "Mobile app",
+                "Network discovery",
+                "Patch management",
+                "Remote monitoring and management",
+                "Reporting and analytics"
+            ],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ScreenMeetSupport.exe",
-                "ScreenMeet.Support.exe"
+                "C:\\Windows\\Action1\\*"
             ]
         },
         "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
+            "Disk": [
+                {
+                    "File": "C:\\Windows\\Action1\\action1_agent.exe",
+                    "Description": "Action1 service binary",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Windows\\Action1\\*",
+                    "Description": "Multiple files and binaries related to Action1 installation",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Windows\\Action1\\scripts\\*",
+                    "Description": "Multiple scripts related to Action1 installation",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Windows\\Action1\\rule_data\\*",
+                    "Description": "Files related to Action1 rules",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Windows\\Action1\\action1_log_*.log",
+                    "Description": "Contains history, errors, system notifications. Incoming and outgoing connections.",
+                    "OS": "Windows"
+                }
+            ],
+            "EventLog": [
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "Action1 Agent",
+                    "ImagePath": "\"C:\\\\Windows\\\\Action1\\\\action1_agent.exe\"",
+                    "Description": "Service installation event as result of Action1 installation."
+                },
+                {
+                    "EventID": 4688,
+                    "ProviderName": "Microsoft-Security-Auditing",
+                    "LogFile": "Security.evtx",
+                    "CommandLine": "C:\\Windows\\Action1\\action1_agent.exe service",
+                    "Description": "Service installation event as result of Action1 installation."
+                },
+                {
+                    "EventID": 4688,
+                    "ProviderName": "Microsoft-Security-Auditing",
+                    "LogFile": "Security.evtx",
+                    "CommandLine": "C:\\Windows\\Action1\\action1_agent.exe loggedonuser",
+                    "Description": "Executing command to get logged on user."
+                }
+            ],
+            "Registry": [
+                {
+                    "Path": "HKLM\\System\\CurrentControlSet\\Services\\A1Agent",
+                    "Description": "Service installation event as result of Action1 installation."
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps\\action1_agent.exe",
+                    "Description": "Ensures that detailed crash information is available for analysis, which aids in maintaining the stability and reliability of the software."
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Action1",
+                    "Description": "Storing its configuration settings and other relevant information"
+                }
+            ],
             "Network": [
                 {
-                    "Description": "Known remote domains",
+                    "Description": "N/A",
                     "Domains": [
-                        "*.screenmeet.com",
-                        "*.scrn.mt"
+                        "*.action1.com"
                     ],
-                    "Ports": []
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "a1-backend-packages.s3.amazonaws.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_network_sigma.yml",
-                "Description": "Detects potential network activity of ScreenMeet RMM tool"
+                "Name": "Arbitrary code execution and remote sessions via Action1 RMM",
+                "Description": "Threat hunting rule for detecting the execution of arbitrary code and remote sessions via Action1 RMM",
+                "author": "@kostastsale",
+                "Link": "https://github.com/tsale/Sigma_rules/blob/ea87e4fc851207ca0f002ec043624f2b3bf1b2da/Threat%20Hunting%20Queries/Action1_RMM.yml"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ScreenMeet RMM tool"
-            }
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_registry_sigma.yml",
+                "Description": "Detects potential registry activity of Action1 RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_network_sigma.yml",
+                "Description": "Detects potential network activity of Action1 RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_files_sigma.yml",
+                "Description": "Detects potential files activity of Action1 RMM tool"
+            }
         ],
         "References": [
-            "https://docs.screenmeet.com/docs/firewall-white-list"
+            "https://www.action1.com/documentation/firewall-configuration/",
+            "https://www.action1.com/documentation/",
+            "https://twitter.com/Kostastsale/status/1646256901506605063?s=20",
+            "https://ruler-project.github.io/ruler-project/RULER/remote/Action1/"
         ],
-        "Acknowledgement": []
+        "Acknowledgement": [
+            {
+                "Person": "Kostas",
+                "Handle": "@kostastsale"
+            }
+        ]
     },
     {
-        "Name": "RES Automation Manager",
-        "Description": "RES Automation Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "KiTTY",
+        "Description": "KiTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2271,48 +2542,31 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "wisshell*.exe",
-                "wmc.exe",
-                "wmc_deployer.exe",
-                "wmcsvc.exe"
+                "C:\\*\\kitty.exe",
+                "*\\kitty.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed",
-                        "ivanti.com/"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_network_sigma.yml",
-                "Description": "Detects potential network activity of RES Automation Manager RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RES Automation Manager RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kitty_processes_sigma.yml",
+                "Description": "Detects potential processes activity of KiTTY RMM tool"
             }
         ],
-        "References": [
-            "https://forums.ivanti.com/s/article/INFO-Which-ports-does-Ivanti-Automation-use?language=en_US&ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Anyplace Control",
-        "Description": "Anyplace Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "PDQ Connect",
+        "Description": "PDQ Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2327,7 +2581,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "apc_host.exe"
+                "pdq-connect*.exe"
             ]
         },
         "Artifacts": {
@@ -2338,7 +2592,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "anyplace-control.com"
+                        "app.pdq.com",
+                        "cfcdn.pdq.com"
                     ],
                     "Ports": []
                 }
@@ -2346,66 +2601,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_network_sigma.yml",
-                "Description": "Detects potential network activity of Anyplace Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_network_sigma.yml",
+                "Description": "Detects potential network activity of PDQ Connect RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Anyplace Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_processes_sigma.yml",
+                "Description": "Detects potential processes activity of PDQ Connect RMM tool"
             }
         ],
         "References": [
-            "http://www.anyplace-control.com/anyplace-control/help/faq.htm"
-        ],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Dropbox",
-        "Description": "Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\Dropbox\\Client\\*",
-                "*\\Dropbox\\Client\\*",
-                "*\\Dropbox.exe",
-                "*Users\\*\\Dropbox\\bin\\"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dropbox_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Dropbox RMM tool"
-            }
+            "https://connect.pdq.com/hc/en-us/articles/9518992071707-Network-Requirements"
         ],
-        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "TightVNC",
-        "Description": "TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Ericom Connect",
+        "Description": "Ericom Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2420,9 +2634,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "tvnviewer.exe",
-                "TightVNCViewerPortable*.exe",
-                "tvnserver.exe"
+                "EricomConnectRemoteHost*.exe",
+                "ericomconnnectconfigurationtool.exe"
             ]
         },
         "Artifacts": {
@@ -2434,7 +2647,7 @@
                     "Description": "Known remote domains",
                     "Domains": [
                         "user_managed",
-                        "tightvnc.com"
+                        "ericom.com"
                     ],
                     "Ports": []
                 }
@@ -2442,25 +2655,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_network_sigma.yml",
-                "Description": "Detects potential network activity of TightVNC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_connect_network_sigma.yml",
+                "Description": "Detects potential network activity of Ericom Connect RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of TightVNC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_connect_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Ericom Connect RMM tool"
             }
         ],
         "References": [
-            "https://www.tightvnc.com/doc/win/TightVNC_for_Windows-Installation_and_Getting_Started.pdf"
+            "https://www.ericom.com/connect-accessnow/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "LiteManager",
-        "Description": "LiteManager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "PSEXEC",
+        "Description": "PSEXEC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2475,12 +2688,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "lmnoipserver.exe",
-                "ROMFUSClient.exe",
-                "romfusclient.exe",
-                "romviewer.exe",
-                "romserver.exe",
-                "ROMServer.exe"
+                "psexec.exe",
+                "psexecsvc.exe"
             ]
         },
         "Artifacts": {
@@ -2491,9 +2700,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.litemanager.ru",
-                        "*.litemanager.com",
-                        "litemanager.com"
+                        "user_managed"
                     ],
                     "Ports": []
                 }
@@ -2501,22 +2708,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_network_sigma.yml",
-                "Description": "Detects potential network activity of LiteManager RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec_network_sigma.yml",
+                "Description": "Detects potential network activity of PSEXEC RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_processes_sigma.yml",
-                "Description": "Detects potential processes activity of LiteManager RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec_processes_sigma.yml",
+                "Description": "Detects potential processes activity of PSEXEC RMM tool"
             }
         ],
         "References": [
-            "https://www.litemanager.com/articles/LiteManager_remote_access_to_a_desktop_via_the_Internet_or_LAN/"
+            "https://learn.microsoft.com/en-us/sysinternals/downloads/psexec"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Box",
-        "Description": "Box is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FreeRDP",
+        "Description": "FreeRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -2533,11 +2740,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files\\Box\\Box\\*",
-                "*\\Box\\Box\\*",
-                "*\\Box.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -2545,21 +2748,16 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/box_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Box RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Sophos-Remote Management System",
-        "Description": "Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "AliWangWang-remote-control",
+        "Description": "AliWangWang-remote-control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2574,9 +2772,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "clientmrinit.exe",
-                "mgntsvc.exe",
-                "routernt.exe"
+                "alitask.exe"
             ]
         },
         "Artifacts": {
@@ -2587,10 +2783,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.sophos.com",
-                        "*.sophosupd.com",
-                        "*.sophosupd.net",
-                        "community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system"
+                        "wangwang.taobao.com"
                     ],
                     "Ports": []
                 }
@@ -2598,25 +2791,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_network_sigma.yml",
-                "Description": "Detects potential network activity of Sophos-Remote Management System RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aliwangwang-remote-control_network_sigma.yml",
+                "Description": "Detects potential network activity of AliWangWang-remote-control RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Sophos-Remote Management System RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aliwangwang-remote-control_processes_sigma.yml",
+                "Description": "Detects potential processes activity of AliWangWang-remote-control RMM tool"
             }
         ],
         "References": [
-            "community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system"
+            "https://github.com/KKomarov/AliWangWangEng/blob/master/chs.locale"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "ManageEngine",
-        "Description": "ManageEngine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "GotoHTTP",
+        "Description": "GotoHTTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2631,34 +2824,47 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "InstallShield Setup.exe",
-                "ManageEngine_Remote_Access_Plus.exe",
-                "*\\dcagentservice.exe",
-                "C:\\Program Files (x86)\\DesktopCentral_Agent\\bin\\*",
-                "*\\DesktopCentral_Agent\\bin\\*"
+                "GotoHTTP_x64.exe",
+                "gotohttp.exe",
+                "GotoHTTP*.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.gotohttp.com",
+                        "gotohttp.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ManageEngine RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_network_sigma.yml",
+                "Description": "Detects potential network activity of GotoHTTP RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of GotoHTTP RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://gotohttp.com/goto/help.12x"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Cloud Explorer",
-        "Description": "Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "TeleDesktop",
+        "Description": "TeleDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2672,21 +2878,45 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "pstlaunch.exe",
+                "ptdskclient.exe",
+                "ptdskhost.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "user_managed",
+                        "tele-desk.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_network_sigma.yml",
+                "Description": "Detects potential network activity of TeleDesktop RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of TeleDesktop RMM tool"
+            }
+        ],
+        "References": [
+            "http://potomacsoft.com/ - DOA as of 2024"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Splashtop Remote",
-        "Description": "Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Remote Utilities",
+        "Description": "Remote Utilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/9/2024",
@@ -2704,13 +2934,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "strwinclt.exe",
-                "Splashtop_Streamer_Windows*.exe",
-                "SplashtopSOS.exe",
-                "sragent.exe",
-                "srmanager.exe",
-                "srserver.exe",
-                "srservice.exe"
+                "rutview.exe",
+                "rutserv.exe"
             ]
         },
         "Artifacts": {
@@ -2721,10 +2946,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "splashtop.com",
-                        "*.api.splashtop.com",
-                        "*.relay.splashtop.com",
-                        "*.api.splashtop.eu"
+                        "*.internetid.ru"
                     ],
                     "Ports": []
                 }
@@ -2732,25 +2954,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_network_sigma.yml",
-                "Description": "Detects potential network activity of Splashtop Remote RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_utilities_network_sigma.yml",
+                "Description": "Detects potential network activity of Remote Utilities RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Splashtop Remote RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_utilities_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Remote Utilities RMM tool"
             }
         ],
         "References": [
-            "https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/115001811966-What-are-the-Firewall-Exceptions-and-IP-addresses-of-Splashtop-servers-Services"
+            "https://www.remoteutilities.com/download/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Dameware-mini remote control Protocol",
-        "Description": "Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "MSP360",
+        "Description": "MSP360 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2765,8 +2987,17 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "dntus*.exe",
-                "dwrcs.exe"
+                "Online Backup.exe",
+                "CBBackupPlan.exe",
+                "Cloud.Backup.Scheduler.exe",
+                "Cloud.Backup.RM.Service.exe",
+                "cbb.exe",
+                "CloudRaService.exe",
+                "CloudRaSd.exe",
+                "CloudRaCmd.exe",
+                "CloudRaUtilities.exe",
+                "Remote Desktop.exe",
+                "Connect.exe"
             ]
         },
         "Artifacts": {
@@ -2777,7 +3008,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "dameware.com"
+                        "*.cloudberrylab.com",
+                        "*.msp360.com",
+                        "*.mspbackups.com",
+                        "msp360.com"
                     ],
                     "Ports": []
                 }
@@ -2785,23 +3019,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml",
-                "Description": "Detects potential network activity of Dameware-mini remote control Protocol RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_network_sigma.yml",
+                "Description": "Detects potential network activity of MSP360 RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Dameware-mini remote control Protocol RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_processes_sigma.yml",
+                "Description": "Detects potential processes activity of MSP360 RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://kb.msp360.com/managed-backup-service/mbs-tcp-ports-configuration#"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "rdp2tcp",
-        "Description": "rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Xshell",
+        "Description": "Xshell is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2816,46 +3052,154 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "tdp2tcp.exe",
-                "rdp2tcp.py"
+                "C:\\Program Files (x86)\\NetSarang\\xShell\\*",
+                "*\\NetSarang\\xShell\\*",
+                "*\\xShell.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
+            "Network": []
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xshell_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Xshell RMM tool"
+            }
+        ],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "RAdmin",
+        "Description": "RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
+        "Author": "Nasreddine Bencherchali",
+        "Created": "2024-08-05",
+        "LastModified": "2024-08-05",
+        "Details": {
+            "Website": "https://www.radmin.com/",
+            "PEMetadata": [
+                {
+                    "Filename": "RServer3.exe",
+                    "OriginalFileName": "RServer3.exe",
+                    "InternalName": "RServer3",
+                    "Description": "Radmin Server",
+                    "Product": "Radmin Server",
+                    "Comments": "Radmin - Remote Control Server"
+                },
+                {
+                    "Filename": "Radmin.exe",
+                    "OriginalFileName": "Radmin.exe",
+                    "InternalName": "Radmin",
+                    "Description": "Radmin Viewer",
+                    "Product": "Radmin Viewer",
+                    "Comments": "Radmin Viewer"
+                }
+            ],
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [
+                "Windows"
+            ],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "C:\\Program Files (x86)\\Radmin Viewer 3\\Radmin.exe",
+                "C:\\Windows\\SysWOW64\\rserver30\\rserver3.exe",
+                "C:\\Windows\\SysWOW64\\rserver30\\FamItrfc",
+                "C:\\Windows\\SysWOW64\\rserver30\\FamItrf2"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [
+                {
+                    "File": "C:\\Windows\\SysWOW64\\rserver30\\Radm_log.htm",
+                    "Description": "RAdmin log file (32-bit)",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Windows\\System32\\rserver30\\Radm_log.htm",
+                    "Description": "RAdmin log file (64-bit)",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Windows\\System32\\rserver30\\CHATLOGS\\*\\*.htm",
+                    "Description": "RAdmin chat logs",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Users\\*\\Documents\\ChatLogs\\*\\*.htm",
+                    "Description": "RAdmin user chat logs",
+                    "OS": "Windows"
+                }
+            ],
+            "EventLog": [],
+            "Registry": [
+                {
+                    "Path": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Radmin\\v3.0\\Server\\Parameters\\Radmin Security",
+                    "Description": "N/A"
+                }
+            ],
             "Network": [
                 {
-                    "Description": "Known remote domains",
+                    "Description": "N/A",
                     "Domains": [
-                        "user_managed",
-                        "github.com/V-E-O/rdp2tcp"
+                        "radmin.com"
                     ],
-                    "Ports": []
+                    "Ports": [
+                        443
+                    ]
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_network_sigma.yml",
-                "Description": "Detects potential network activity of rdp2tcp RMM tool"
+                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_pua_radmin.yml",
+                "Description": "PUA - Radmin Viewer Utility Execution"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of rdp2tcp RMM tool"
+                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_registry_enumeration_for_credentials_cli.yml",
+                "Description": "Enumeration for 3rd Party Creds From CLI"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_registry_sigma.yml",
+                "Description": "Detects potential registry activity of RAdmin RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_network_sigma.yml",
+                "Description": "Detects potential network activity of RAdmin RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_files_sigma.yml",
+                "Description": "Detects potential files activity of RAdmin RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RAdmin RMM tool"
             }
         ],
         "References": [
-            "github.com/V-E-O/rdp2tcp"
+            "https://radmin-club.com/radmin/how-to-establish-a-connection-outside-of-lan/",
+            "https://helpdesk.radmin.com/radmin3help/",
+            "https://helpdesk.radmin.com/radmin3help/files/viewercmd.htm",
+            "https://helpdesk.radmin.com/radmin3help/files/cmd.htm"
         ],
-        "Acknowledgement": []
+        "Acknowledgement": [
+            {
+                "Person": "Nasreddine Bencherchali",
+                "Handle": "@nas_bench"
+            }
+        ]
     },
     {
-        "Name": "FleetDesk.io",
-        "Description": "FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "NateOn-desktop sharing",
+        "Description": "NateOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2870,11 +3214,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "fleetdeck_agent_svc.exe",
-                "fleetdeck_commander_svc.exe",
-                "fleetdeck_installer.exe",
-                "fleetdeck_agent.exe",
-                "fleetdeck_commander_launcher.exe"
+                "nateon*.exe",
+                "nateon.exe",
+                "nateonmain.exe"
             ]
         },
         "Artifacts": {
@@ -2885,9 +3227,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.fleetdeck.io",
-                        "cognito-idp.us-west-2.amazonaws.com",
-                        "fleetdeck.io"
+                        "*.nate.com"
                     ],
                     "Ports": []
                 }
@@ -2895,25 +3235,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml",
-                "Description": "Detects potential network activity of FleetDesk.io RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_network_sigma.yml",
+                "Description": "Detects potential network activity of NateOn-desktop sharing RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml",
-                "Description": "Detects potential processes activity of FleetDesk.io RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_processes_sigma.yml",
+                "Description": "Detects potential processes activity of NateOn-desktop sharing RMM tool"
             }
         ],
         "References": [
-            "https://fleetdeck.io/faq/"
+            "http://rsupport.nate.com/rview/r8/main/index.aspx"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Jump Cloud",
-        "Description": "Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Splashtop (Beta)",
+        "Description": "Splashtop (Beta) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2928,7 +3268,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "JumpCloud*.exe "
+                "SRServer.exe",
+                "SplashtopSOS.exe",
+                "Splashtop_Streamer_Windows*.exe",
+                "SRManager.exe"
             ]
         },
         "Artifacts": {
@@ -2939,8 +3282,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.api.jumpcloud.com",
-                        "*.assist.jumpcloud.com"
+                        "splashtop.com"
                     ],
                     "Ports": []
                 }
@@ -2948,21 +3290,23 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_cloud_network_sigma.yml",
-                "Description": "Detects potential network activity of Jump Cloud RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__network_sigma.yml",
+                "Description": "Detects potential network activity of Splashtop (Beta) RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Splashtop (Beta) RMM tool"
             }
         ],
-        "References": [
-            "https://jumpcloud.com/support/understand-remote-assist-agent"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "RuDesktop",
-        "Description": "RuDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ezHelp",
+        "Description": "ezHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -2977,8 +3321,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "rd.exe",
-                "rudesktop*.exe"
+                "ezhelpclientmanager.exe",
+                "ezHelpManager.exe",
+                "ezhelpclient.exe"
             ]
         },
         "Artifacts": {
@@ -2989,8 +3334,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.rudesktop.ru",
-                        "rudesktop.ru"
+                        "*.ezhelp.co.kr",
+                        "ezhelp.co.kr"
                     ],
                     "Ports": []
                 }
@@ -2998,52 +3343,45 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_network_sigma.yml",
-                "Description": "Detects potential network activity of RuDesktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ezhelp_network_sigma.yml",
+                "Description": "Detects potential network activity of ezHelp RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RuDesktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ezhelp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ezHelp RMM tool"
             }
         ],
         "References": [
-            "https://rudesktop.ru"
+            "https://www.exhelp.co.kr"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "LogMeIn",
-        "Description": "LogMeIn is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
-        "Author": "Nasreddine Bencherchali",
-        "Created": "2024-08-05",
-        "LastModified": "2024-08-05",
+        "Name": "BeyondTrust (Bomgar)",
+        "Description": "BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/7/2024",
         "Details": {
-            "Website": "https://www.logmein.com/",
-            "PEMetadata": [
-                {
-                    "Filename": "lmiguardiansvc.exe"
-                },
-                {
-                    "Filename": "lmiignition.exe"
-                },
-                {
-                    "Filename": "logmeinsystray.exe"
-                },
-                {
-                    "Filename": "logmein.exe",
-                    "OriginalFileName": "",
-                    "Company": "LogMeIn, Inc.",
-                    "Description": "LMIGuardianSvc",
-                    "Product": "LMIGuardianSvc"
-                }
-            ],
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
             "Privileges": "",
             "Free": "",
             "Verification": "",
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": null
+            "InstallationPaths": [
+                "bomgar-scc-*.exe",
+                "bomgar-scc.exe",
+                "bomgar-pac-*.exe",
+                "bomgar-pac.exe",
+                "bomgar-rdp.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -3051,82 +3389,37 @@
             "Registry": [],
             "Network": [
                 {
-                    "Description": "N/A",
-                    "Domains": [
-                        "logmein-gateway.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "*.logmein.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "*.logmein.eu"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "logmeinrescue.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "*.logmeininc.com"
+                        "*.beyondtrustcloud.com",
+                        "*.bomgarcloud.com",
+                        "bomgarcloud.com"
                     ],
-                    "Ports": [
-                        443
-                    ]
+                    "Ports": []
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/dns_query/dns_query_win_remote_access_software_domains_non_browsers.yml",
-                "Description": "DNS Query To Remote Access Software Domain From Non-Browser App"
-            },
-            {
-                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_remote_access_tools_logmein.yml",
-                "Description": "Remote Access Tool - LogMeIn Execution"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml",
+                "Description": "Detects potential network activity of BeyondTrust (Bomgar) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_network_sigma.yml",
-                "Description": "Detects potential network activity of LogMeIn RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml",
+                "Description": "Detects potential processes activity of BeyondTrust (Bomgar) RMM tool"
             }
         ],
         "References": [
-            "https://support.logmeininc.com/central/help/allowlisting-and-firewall-configuration"
+            "https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm"
         ],
-        "Acknowledgement": [
-            {
-                "Person": "Nasreddine Bencherchali",
-                "Handle": "@nas_bench"
-            }
-        ]
+        "Acknowledgement": []
     },
     {
-        "Name": "SmartFTP",
-        "Description": "SmartFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ShowMyPC",
+        "Description": "ShowMyPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -3141,27 +3434,48 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\SmartFTP Client\\en-US\\",
-                "*\\SmartFTP Client\\*",
-                "*\\SfShellTools.dll.mui"
+                "SMPCSetup.exe",
+                "showmypc*.exe",
+                "showmypc.exe",
+                "smpcsetup.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.showmypc.com",
+                        "showmypc.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/showmypc_network_sigma.yml",
+                "Description": "Detects potential network activity of ShowMyPC RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/showmypc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ShowMyPC RMM tool"
+            }
+        ],
+        "References": [
+            "https://showmypc.com/service/faq/ShowMyPCSecurityOverview1.pdf"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "NetSupport Manager",
-        "Description": "NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Distant Desktop",
+        "Description": "Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -3176,9 +3490,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "pcictlui.exe",
-                "pcicfgui.exe",
-                "client32.exe"
+                "ddsystem.exe",
+                "dd.exe",
+                "distant-desktop.exe"
             ]
         },
         "Artifacts": {
@@ -3189,8 +3503,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.netsupportmanager.com",
-                        "netsupportmanager.com"
+                        "*.distantdesktop.com",
+                        "*signalserver.xyz"
                     ],
                     "Ports": []
                 }
@@ -3198,25 +3512,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_network_sigma.yml",
-                "Description": "Detects potential network activity of NetSupport Manager RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml",
+                "Description": "Detects potential network activity of Distant Desktop RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_processes_sigma.yml",
-                "Description": "Detects potential processes activity of NetSupport Manager RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Distant Desktop RMM tool"
             }
         ],
         "References": [
-            "https://www.netsupportmanager.com/resources/"
+            "https://www.distantdesktop.com/manual/first-start.htm"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Pocket Cloud (Wyse)",
-        "Description": "Pocket Cloud (Wyse) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "AweRay (AweSun)",
+        "Description": "AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -3231,30 +3545,41 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "pocketcloud*.exe",
-                "pocketcloudservice.exe"
+                "aweray_remote*.exe",
+                "AweSun.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "asapi-us.aweray.net",
+                        "asapi.aweray.net"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_cloud__wyse__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Pocket Cloud (Wyse) RMM tool"
-            }
-        ],
-        "References": [
-            "https://wyse-pocketcloud.informer.com/2.1/"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__network_sigma.yml",
+                "Description": "Detects potential network activity of AweRay (AweSun) RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__processes_sigma.yml",
+                "Description": "Detects potential processes activity of AweRay (AweSun) RMM tool"
+            }
         ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Guacamole",
-        "Description": "Guacamole is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "HelpU",
+        "Description": "HelpU is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/8/2024",
@@ -3272,7 +3597,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "guacd.exe"
+                "helpu_install.exe",
+                "HelpuUpdater.exe",
+                "HelpuManager.exe"
             ]
         },
         "Artifacts": {
@@ -3283,8 +3610,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "guacamole.apache.org"
+                        "helpu.co.kr",
+                        "*.helpu.co.kr"
                     ],
                     "Ports": []
                 }
@@ -3292,22 +3619,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_network_sigma.yml",
-                "Description": "Detects potential network activity of Guacamole RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_network_sigma.yml",
+                "Description": "Detects potential network activity of HelpU RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Guacamole RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_processes_sigma.yml",
+                "Description": "Detects potential processes activity of HelpU RMM tool"
             }
         ],
         "References": [
-            "guacamole.apache.org"
+            "https://helpu.co.kr/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Cloudsfer",
-        "Description": "Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Solar-PuTTY",
+        "Description": "Solar-PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -3324,7 +3651,11 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\Program Files\\Solar-Putty-v4\\*",
+                "*\\Solar-Putty-v4\\*",
+                "*\\Solar-PuTTY.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -3332,16 +3663,21 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/solar-putty_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Solar-PuTTY RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "LANDesk",
-        "Description": "LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "DesktopNow",
+        "Description": "DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -3356,16 +3692,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "issuser.exe",
-                "landeskagentbootstrap.exe",
-                "LANDeskPortalManager.exe",
-                "ldinv32.exe",
-                "ldsensors.exe",
-                "C:\\Program Files (x86)\\LANDesk\\*",
-                "*\\LANDesk\\*",
-                "*\\issuser.exe",
-                "*\\softmon.exe",
-                "*\\tmcsvc.exe"
+                "desktopnow.exe"
             ]
         },
         "Artifacts": {
@@ -3376,9 +3703,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.ivanticloud.com",
-                        "*.ivanti.com",
-                        "ivanti.com"
+                        "*.nchuser.com"
                     ],
                     "Ports": []
                 }
@@ -3386,22 +3711,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_network_sigma.yml",
-                "Description": "Detects potential network activity of LANDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_network_sigma.yml",
+                "Description": "Detects potential network activity of DesktopNow RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_processes_sigma.yml",
-                "Description": "Detects potential processes activity of LANDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_processes_sigma.yml",
+                "Description": "Detects potential processes activity of DesktopNow RMM tool"
             }
         ],
         "References": [
-            "https://forums.ivanti.com/s/article/URL-exception-list-for-Ivanti-Security-Controls?language=en_US"
+            "https://forums.ivanti.com/s/article/Network-Ports-used-by-Environment-Manager?language=en_US"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Cruz",
-        "Description": "Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Bitvise SSH Server",
+        "Description": "Bitvise SSH Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -3418,37 +3743,33 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\Program Files\\Bitvise SSH Server\\*",
+                "*\\Bitvise SSH Server\\*",
+                "*\\BvSshServer-Inst.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "resources.doradosoftware.com/cruz-rmm"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cruz_network_sigma.yml",
-                "Description": "Detects potential network activity of Cruz RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_server_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Bitvise SSH Server RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "pcAnywhere",
-        "Description": "pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "TigerVNC",
+        "Description": "TigerVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -3463,10 +3784,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "awhost32.exe",
-                "awrem32.exe",
-                "pcaquickconnect.exe",
-                "winaw32.exe"
+                "tigervnc*.exe",
+                "winvnc4.exe",
+                "C:\\Program Files\\TightVNC\\*",
+                "*\\TightVNC\\*",
+                "*\\tvnserver.exe"
             ]
         },
         "Artifacts": {
@@ -3485,22 +3807,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_network_sigma.yml",
-                "Description": "Detects potential network activity of pcAnywhere RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tigervnc_network_sigma.yml",
+                "Description": "Detects potential network activity of TigerVNC RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_processes_sigma.yml",
-                "Description": "Detects potential processes activity of pcAnywhere RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tigervnc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of TigerVNC RMM tool"
             }
         ],
         "References": [
-            "https://en.wikipedia.org/wiki/PcAnywhere"
+            "https://github.com/TigerVNC/tigervnc/releases"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "mstsc",
-        "Description": "mstsc is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "NinjaOne (formerly NinjaRMM)",
+        "Description": "NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -3518,8 +3840,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Windows\\System32\\mstsc.exe",
-                "*Windows\\System32\\mstsc.exe"
+                "*ProgramData\\NinjaRMMAgent\\*"
             ]
         },
         "Artifacts": {
@@ -3528,18 +3849,13 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mstsc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of mstsc RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "FreeNX",
-        "Description": "FreeNX is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Chrome SSH Extension",
+        "Description": "Chrome SSH Extension is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -3557,8 +3873,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\*\\nxplayer.exe",
-                "*\\nxplayer.exe"
+                "C:\\Users\\*\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\iodihamcpbpeioajjeobimgagajmlibd*",
+                "*Users\\*\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\iodihamcpbpeioajjeobimgagajmlibd*"
             ]
         },
         "Artifacts": {
@@ -3567,18 +3883,13 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freenx_processes_sigma.yml",
-                "Description": "Detects potential processes activity of FreeNX RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "PSEXEC (Clone)",
-        "Description": "PSEXEC (Clone) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Remote Desktop Plus",
+        "Description": "Remote Desktop Plus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/9/2024",
@@ -3596,13 +3907,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "paexec.exe",
-                "PAExec-*.exe",
-                "csexec.exe ",
-                "remcom.exe",
-                "remcomsvc.exe",
-                "xcmd.exe",
-                "xcmdsvc.exe"
+                "rdp.exe"
             ]
         },
         "Artifacts": {
@@ -3613,7 +3918,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed"
+                        "donkz.nl"
                     ],
                     "Ports": []
                 }
@@ -3621,25 +3926,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__network_sigma.yml",
-                "Description": "Detects potential network activity of PSEXEC (Clone) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_network_sigma.yml",
+                "Description": "Detects potential network activity of Remote Desktop Plus RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__processes_sigma.yml",
-                "Description": "Detects potential processes activity of PSEXEC (Clone) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Remote Desktop Plus RMM tool"
             }
         ],
         "References": [
-            "https://www.poweradmin.com/paexec/"
+            "https://www.donkz.nl/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "SpyAnywhere",
-        "Description": "SpyAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Microsoft TSC",
+        "Description": "Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -3654,45 +3959,32 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "sysdiag.exe"
+                "termsrv.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.spytech-web.com",
-                        "spyanywhere.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_network_sigma.yml",
-                "Description": "Detects potential network activity of SpyAnywhere RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_processes_sigma.yml",
-                "Description": "Detects potential processes activity of SpyAnywhere RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Microsoft TSC RMM tool"
             }
         ],
         "References": [
-            "https://www.spyanywhere.com/support.shtml"
+            "https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "ODrive",
-        "Description": "ODrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Instant Housecall",
+        "Description": "Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -3707,29 +3999,47 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Users\\*\\current\\",
-                "*Users\\*\\.odrive",
-                "*\\Odriveapp.exe"
+                "hsloader.exe",
+                "InstantHousecall.exe",
+                "ihcserver.exe",
+                "instanthousecall.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.instanthousecall.com",
+                        "secure.instanthousecall.com",
+                        "*.instanthousecall.net",
+                        "instanthousecall.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/odrive_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ODrive RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_network_sigma.yml",
+                "Description": "Detects potential network activity of Instant Housecall RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Instant Housecall RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://instanthousecall.com/features/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "MultCloud",
-        "Description": "MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "NordLocker",
+        "Description": "NordLocker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -3746,10 +4056,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "requires sign up",
-                "requires sign up"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -3762,11 +4069,11 @@
         "Acknowledgement": []
     },
     {
-        "Name": "Visual Studio Dev Tunnel",
-        "Description": "Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Pocket Cloud (Wyse)",
+        "Description": "Pocket Cloud (Wyse) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -3780,38 +4087,31 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "pocketcloud*.exe",
+                "pocketcloudservice.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "global.rel.tunnels.api.visualstudio.com",
-                        "*.rel.tunnels.api.visualstudio.com",
-                        "*.devtunnels.ms"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/visual_studio_dev_tunnel_network_sigma.yml",
-                "Description": "Detects potential network activity of Visual Studio Dev Tunnel RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_cloud__wyse__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Pocket Cloud (Wyse) RMM tool"
             }
         ],
         "References": [
-            "https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/security"
+            "https://wyse-pocketcloud.informer.com/2.1/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Xpra",
-        "Description": "Xpra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Mocha VNC Lite",
+        "Description": "Mocha VNC Lite is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -3829,10 +4129,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\Xpra\\*",
-                "*\\Xpra\\*",
-                "*\\Xpra-Launcher.exe",
-                "*\\Xpra-x86_64_Setup.exe"
+                "This installs a modified VNC and cannot be blocked by path separate from VNC",
+                "This installs a modified VNC and cannot be blocked by path separate from VNC",
+                "*\\RealVNC\\VNC4\\*"
             ]
         },
         "Artifacts": {
@@ -3841,71 +4140,13 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xpra_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Xpra RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Royal Apps",
-        "Description": "Royal Apps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/9/2024",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "royalserver.exe",
-                "royalts.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed"
-                    ],
-                    "Ports": []
-                }
-            ]
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_network_sigma.yml",
-                "Description": "Detects potential network activity of Royal Apps RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Royal Apps RMM tool"
-            }
-        ],
-        "References": [
-            "https://www.royalapps.com/ts/win/download"
-        ],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "eHorus",
-        "Description": "eHorus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FleetDeck",
+        "Description": "FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -3923,7 +4164,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ehorus standalone.exe"
+                "fleetdeck_agent_svc.exe"
             ]
         },
         "Artifacts": {
@@ -3934,7 +4175,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "ehorus.com"
+                        "fleetdeck.io"
                     ],
                     "Ports": []
                 }
@@ -3942,23 +4183,23 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_network_sigma.yml",
-                "Description": "Detects potential network activity of eHorus RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_network_sigma.yml",
+                "Description": "Detects potential network activity of FleetDeck RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_processes_sigma.yml",
-                "Description": "Detects potential processes activity of eHorus RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_processes_sigma.yml",
+                "Description": "Detects potential processes activity of FleetDeck RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Bomgar",
-        "Description": "Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "NetSupport Manager",
+        "Description": "NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -3973,7 +4214,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "bomgar-scc.exe"
+                "pcictlui.exe",
+                "pcicfgui.exe",
+                "client32.exe"
             ]
         },
         "Artifacts": {
@@ -3984,7 +4227,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "beyondtrust.com/brand/bomgar"
+                        "*.netsupportmanager.com",
+                        "netsupportmanager.com"
                     ],
                     "Ports": []
                 }
@@ -3992,20 +4236,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_network_sigma.yml",
-                "Description": "Detects potential network activity of Bomgar RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_network_sigma.yml",
+                "Description": "Detects potential network activity of NetSupport Manager RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Bomgar RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_processes_sigma.yml",
+                "Description": "Detects potential processes activity of NetSupport Manager RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://www.netsupportmanager.com/resources/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "SuperPuTTY",
-        "Description": "SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "S3 Browser",
+        "Description": "S3 Browser is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -4023,10 +4269,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Downloads\\SuperPuTTY\\*",
-                "*Downloads\\SuperPuTTY\\*",
-                "*\\superputty.exe",
-                "*\\SuperPuTTY\\*"
+                "C:\\Program Files (x86)\\S3 Browser\\*",
+                "*\\S3 Browser\\*",
+                "*\\s3browser*.exe"
             ]
         },
         "Artifacts": {
@@ -4037,16 +4282,16 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superputty_processes_sigma.yml",
-                "Description": "Detects potential processes activity of SuperPuTTY RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/s3_browser_processes_sigma.yml",
+                "Description": "Detects potential processes activity of S3 Browser RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "ZeroTier",
-        "Description": "ZeroTier is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "WebRDP",
+        "Description": "WebRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/14/2024",
@@ -4064,9 +4309,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "zerotier*.msi",
-                "zerotier*.exe",
-                "zero-powershell.exe"
+                "webrdp.exe"
             ]
         },
         "Artifacts": {
@@ -4077,8 +4320,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "zerotier.com",
-                        "*.zerotier.com"
+                        "user_managed",
+                        "github.com/Mikej81/WebRDP"
                     ],
                     "Ports": []
                 }
@@ -4086,22 +4329,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_network_sigma.yml",
-                "Description": "Detects potential network activity of ZeroTier RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_network_sigma.yml",
+                "Description": "Detects potential network activity of WebRDP RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ZeroTier RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of WebRDP RMM tool"
             }
         ],
         "References": [
-            "https://my.zerotier.com/"
+            "github.com/Mikej81/WebRDP"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Devolutions Remote Desktop Manager",
-        "Description": "Devolutions Remote Desktop Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Syncthing",
+        "Description": "Syncthing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -4118,7 +4361,11 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\Users\\*\\AppData\\Roaming\\SyncTrayzor\\*",
+                "*Users\\*\\AppData\\Roaming\\SyncTrayzor\\*",
+                "*\\Syncthing.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -4126,13 +4373,18 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncthing_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Syncthing RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "BeAnyWhere",
-        "Description": "BeAnyWhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "DeskDay",
+        "Description": "DeskDay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/7/2024",
@@ -4150,14 +4402,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "basuptshelper.exe",
-                "basupsrvcupdate.exe",
-                "BASupApp.exe",
-                "BASupSysInf.exe",
-                "BASupAppSrvc.exe",
-                "TakeControl.exe",
-                "BASupAppElev.exe",
-                "basupsrvc.exe"
+                "ultimate_*.exe"
             ]
         },
         "Artifacts": {
@@ -4168,8 +4413,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "beanywhere.en.uptodown.com/windows",
-                        "beanywhere.com"
+                        "deskday.ai",
+                        "app.deskday.ai"
                     ],
                     "Ports": []
                 }
@@ -4177,25 +4422,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beanywhere_network_sigma.yml",
-                "Description": "Detects potential network activity of BeAnyWhere RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskday_network_sigma.yml",
+                "Description": "Detects potential network activity of DeskDay RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beanywhere_processes_sigma.yml",
-                "Description": "Detects potential processes activity of BeAnyWhere RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskday_processes_sigma.yml",
+                "Description": "Detects potential processes activity of DeskDay RMM tool"
             }
         ],
         "References": [
-            "https://www.shouldiremoveit.com/beanywhere-support-service-40908-program.aspx"
+            "https://support.deskday.ai/en/articles/8235973-installing-the-end-user-application-ultimate"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "WebEx (Remote Access)",
-        "Description": "WebEx (Remote Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Supremo",
+        "Description": "Supremo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/13/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -4209,299 +4454,101 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "supremo.exe",
+                "supremoservice.exe",
+                "supremosystem.exe",
+                "supremohelper.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "supremocontrol.com",
+                        "*.supremocontrol.com",
+                        "* .nanosystems.it"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
-        "References": [
-            "https://help.webex.com/en-us/article/nyc3q0b/Set-Up-a-Computer-for-Remote-Access"
-        ],
-        "Acknowledgement": []
-    },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_network_sigma.yml",
+                "Description": "Detects potential network activity of Supremo RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Supremo RMM tool"
+            }
+        ],
+        "References": [
+            "https://www.supremocontrol.com/frequently-asked-questions/"
+        ],
+        "Acknowledgement": []
+    },
     {
-        "Name": "AnyDesk",
-        "Category": "RMM",
-        "Description": "AnyDesk is a popular remote desktop software that enables users to access and control a computer or device from a remote location. It was developed with the primary goal of facilitating remote work, technical support, and collaboration between individuals and teams.\n",
-        "Author": "Ali Alwashali, Nasreddine Bencherchali",
-        "Created": "2023-09-29",
-        "LastModified": "2024-08-02",
+        "Name": "Syspectr",
+        "Description": "Syspectr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/26/2024",
         "Details": {
-            "Website": "https://anydesk.com/en",
-            "PEMetadata": [
-                {
-                    "Filename": "anydesk.exe",
-                    "OriginalFileName": "AnyDesk.exe",
-                    "Description": "AnyDesk",
-                    "Product": "AnyDesk"
-                }
-            ],
-            "Privileges": "User",
-            "Free": true,
-            "Verification": false,
-            "SupportedOS": [
-                "Android",
-                "ChromeOS",
-                "IOS",
-                "Linux",
-                "Mac",
-                "Windows"
-            ],
-            "Capabilities": [
-                "File Transfer",
-                "File System Access",
-                "Remote Control",
-                "GUI Support",
-                "Command line Support"
-            ],
-            "Vulnerabilities": [
-                "https://www.cvedetails.com/vulnerability-list/vendor_id-16953/product_id-40173/Anydesk-Anydesk.html"
-            ],
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\AnyDesk\\*",
-                "C:\\Program Files\\AnyDesk\\*"
+                "oo-syspectr*.exe",
+                "OOSysAgent.exe"
             ]
         },
         "Artifacts": {
-            "Disk": [
-                {
-                    "File": "%programdata%\\AnyDesk\\ad_svc.trace",
-                    "Description": "AnyDesk service log file. As well as ad.trace, we can determine the IP address of the other participant and its AnyDesk ID when a connection is established.",
-                    "OS": "Windows",
-                    "Example": [
-                        "info 2022-08-23 10:20:11.969       gsvc   4628   3528    3                anynet.relay_conn - External address: 34.xx.xx.123:46798"
-                    ]
-                },
-                {
-                    "File": "%programdata%\\AnyDesk\\connection_trace.txt",
-                    "Description": "Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)",
-                    "OS": "Windows",
-                    "Example": [
-                        "Incoming 2022-08-23, 10:23 Passwd 547911884 547911884",
-                        "Incoming 2022-09-28, 12:39 User 442226597 442226597"
-                    ]
-                },
-                {
-                    "File": "%APPDATA%\\AnyDesk\\connection_trace.txt",
-                    "Description": "Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)",
-                    "OS": "Windows",
-                    "Example": [
-                        "Incoming 2022-08-23, 10:23 Passwd 547911884 547911884",
-                        "Incoming 2022-09-28, 12:39 User 442226597 442226597"
-                    ]
-                },
-                {
-                    "File": "%APPDATA%\\AnyDesk\\ad.trace",
-                    "Description": "AnyDesk user interface log file. In this log file, we can determine the IP address of the other participant and its AnyDesk ID. It is also possible to track events of file transfer. Below is the Client ID and external IP address of the remote participant.",
-                    "OS": "Windows",
-                    "Example": [
-                        "info 2022-09-28 12:39:26.845       lsvc   9952   9944   21                anynet.any_socket - Client-ID: 442226597 (FPR: 8e28a2a25b30).",
-                        "info 2022-09-28 12:39:26.845       lsvc   9952   9944   21                anynet.any_socket - Logged in from 12.xx.xx.21:59562 on relay 80e496c0."
-                    ]
-                },
-                {
-                    "File": "%APPDATA%\\AnyDesk\\chat\\*.txt",
-                    "Description": "If the chat functionality is used, its entries will be printed in a text file in this folder.",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%APPDATA%\\AnyDesk\\user.conf",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%PROGRAMDATA%\\AnyDesk\\service.conf",
-                    "Description": "Password can be set to auto-validate the session. The password will be saved in a salted hash format.",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%APPDATA%\\AnyDesk\\service.conf",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%APPDATA%\\AnyDesk\\system.conf",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%PROGRAMDATA%\\AnyDesk\\system.conf",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\AnyDesk.lnk",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\AnyDesk\\Uninstall AnyDesk.lnk",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Users\\*\\Videos\\AnyDesk\\*.anydesk",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\AnyDesk\\*",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "~/Library/Application Support/AnyDesk/Logs/",
-                    "Description": "N/A",
-                    "OS": "Mac"
-                },
-                {
-                    "File": "~/.config/AnyDesk/Logs/",
-                    "Description": "N/A",
-                    "OS": "Linux"
-                }
-            ],
-            "EventLog": [
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "AnyDesk Service",
-                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\AnyDesk\\\\AnyDesk.exe\" --service",
-                    "Description": "Service installation event as result of AnyDesk installation."
-                }
-            ],
-            "Registry": [
-                {
-                    "Path": "HKLM\\SOFTWARE\\Clients\\Media\\AnyDesk",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\AnyDesk",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\Classes\\.anydesk\\shell\\open\\command",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\Classes\\AnyDesk\\shell\\open\\command",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\AnyDesk Printer\\*",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\USBPRINT\\AnyDesk",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\WSDPRINT\\AnyDesk",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AnyDesk",
-                    "Description": "N/A"
-                }
-            ],
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
             "Network": [
                 {
-                    "Description": "During setup the boot.net.anydesk.com domain is request over port 443",
-                    "Domains": [
-                        "boot.net.anydesk.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "relay-[a-f0-9]{8}.net.anydesk.com:443"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "*.anydesk.com"
+                        "atled.syspectr.com",
+                        "app.syspectr.com"
                     ],
-                    "Ports": [
-                        443
-                    ]
-                }
-            ],
-            "Other": [
-                {
-                    "Type": "User-Agent",
-                    "Value": "AnyDesk/*"
-                },
-                {
-                    "Type": "NamedPipe",
-                    "Value": "adprinterpipe"
+                    "Ports": []
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/builtin/system/service_control_manager/win_system_service_install_anydesk.yml",
-                "Description": "Anydesk Remote Access Software Service Installation"
-            },
-            {
-                "Sigma": "https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/file/file_event/file_event_win_anydesk_artefact.yml",
-                "Description": "N/A"
-            },
-            {
-                "Sigma": "https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk.yml",
-                "Description": "N/A"
-            },
-            {
-                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk_silent_install.yml",
-                "Description": "Remote Access Tool - AnyDesk Silent Installation"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_registry_sigma.yml",
-                "Description": "Detects potential registry activity of AnyDesk RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_network_sigma.yml",
-                "Description": "Detects potential network activity of AnyDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syspectr_network_sigma.yml",
+                "Description": "Detects potential network activity of Syspectr RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_files_sigma.yml",
-                "Description": "Detects potential files activity of AnyDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syspectr_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Syspectr RMM tool"
             }
         ],
         "References": [
-            "https://support.anydesk.com/knowledge/firewall",
-            "https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html",
-            "https://github.com/mthcht/awesome-lists/tree/79ced75eebe53bcabf1235b3c17eb11788875482/Lists/RMM/anydesk",
-            "https://ruler-project.github.io/ruler-project/RULER/remote/AnyDesk/"
+            "https://www.syspectr.com/en/installation-in-a-network"
         ],
-        "Acknowledgement": [
-            {
-                "Person": "Théo Letailleur",
-                "Handle": "in/theosyn"
-            },
-            {
-                "Person": "Ali Alwashali",
-                "Handle": "@ali_alwashali"
-            },
-            {
-                "Person": "Nasreddine Bencherchali",
-                "Handle": "@nas_bench"
-            }
-        ]
+        "Acknowledgement": []
     },
     {
-        "Name": "Free Ping Tool",
-        "Description": "Free Ping Tool is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CloudExplorer",
+        "Description": "CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -4518,10 +4565,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "can't find this one",
-                "can't find this one"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -4534,11 +4578,11 @@
         "Acknowledgement": []
     },
     {
-        "Name": "S3 Browser",
-        "Description": "S3 Browser is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Laplink Gold",
+        "Description": "Laplink Gold is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -4553,29 +4597,43 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\S3 Browser\\*",
-                "*\\S3 Browser\\*",
-                "*\\s3browser*.exe"
+                "tsircusr.exe",
+                "laplink.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "user_managed",
+                        "wen.laplink.com/product/laplink-gold"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/s3_browser_processes_sigma.yml",
-                "Description": "Detects potential processes activity of S3 Browser RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_network_sigma.yml",
+                "Description": "Detects potential network activity of Laplink Gold RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Laplink Gold RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "wen.laplink.com/product/laplink-gold"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Azure Storage Explorer",
-        "Description": "Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CloudXplorer",
+        "Description": "CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -4593,9 +4651,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\Microsoft Azure Storage Explorer\\*",
-                "*\\Microsoft Azure Storage Explorer\\*",
-                "*\\StorageExplorer.exe"
+                "C:\\Program Files\\ClumsyLeaf Software\\CloudXplorer\\*",
+                "*\\ClumsyLeaf Software\\CloudXplorer\\*",
+                "*\\clumsyleaf.cloudxplorer*.exe"
             ]
         },
         "Artifacts": {
@@ -4606,19 +4664,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/azure_storage_explorer_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Azure Storage Explorer RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudxplorer_processes_sigma.yml",
+                "Description": "Detects potential processes activity of CloudXplorer RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "NinjaOne (formerly NinjaRMM)",
-        "Description": "NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "BeAnyWhere",
+        "Description": "BeAnyWhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -4633,25 +4691,52 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "*ProgramData\\NinjaRMMAgent\\*"
+                "basuptshelper.exe",
+                "basupsrvcupdate.exe",
+                "BASupApp.exe",
+                "BASupSysInf.exe",
+                "BASupAppSrvc.exe",
+                "TakeControl.exe",
+                "BASupAppElev.exe",
+                "basupsrvc.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "beanywhere.en.uptodown.com/windows",
+                        "beanywhere.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beanywhere_network_sigma.yml",
+                "Description": "Detects potential network activity of BeAnyWhere RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beanywhere_processes_sigma.yml",
+                "Description": "Detects potential processes activity of BeAnyWhere RMM tool"
+            }
+        ],
+        "References": [
+            "https://www.shouldiremoveit.com/beanywhere-support-service-40908-program.aspx"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Adobe Connect",
-        "Description": "Adobe Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Quest KACE Agent (formerly Dell KACE)",
+        "Description": "Quest KACE Agent (formerly Dell KACE) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/27/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -4666,10 +4751,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ConnectAppSetup*.exe",
-                "ConnectShellSetup*.exe",
-                "Connect.exe",
-                "ConnectDetector.exe"
+                "konea.exe"
             ]
         },
         "Artifacts": {
@@ -4680,7 +4762,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.adobeconnect.com"
+                        "*.kace.com",
+                        "www.quest.com/kace/"
                     ],
                     "Ports": []
                 }
@@ -4688,25 +4771,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_network_sigma.yml",
-                "Description": "Detects potential network activity of Adobe Connect RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quest_kace_agent__formerly_dell_kace__network_sigma.yml",
+                "Description": "Detects potential network activity of Quest KACE Agent (formerly Dell KACE) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Adobe Connect RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quest_kace_agent__formerly_dell_kace__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Quest KACE Agent (formerly Dell KACE) RMM tool"
             }
         ],
         "References": [
-            "https://helpx.adobe.com/adobe-connect/firewall-proxy-server-configuration-adobe-connect.html"
+            "https://support.quest.com/kb/4211365/which-network-ports-and-urls-are-required-for-the-kace-sma-appliance-to-function"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "CloudHQ",
-        "Description": "CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RuDesktop",
+        "Description": "RuDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -4720,24 +4803,47 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "rd.exe",
+                "rudesktop*.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.rudesktop.ru",
+                        "rudesktop.ru"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_network_sigma.yml",
+                "Description": "Detects potential network activity of RuDesktop RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RuDesktop RMM tool"
+            }
+        ],
+        "References": [
+            "https://rudesktop.ru"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Raidrive",
-        "Description": "Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "WebEx (Remote Access)",
+        "Description": "WebEx (Remote Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -4751,12 +4857,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\*\\OpenBoxLab\\RaiDrive\\*",
-                "*\\OpenBoxLab\\RaiDrive\\*",
-                "service = raidrive_*",
-                "Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\OpenBoxLab\\RaiDrive\\Drives"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -4765,12 +4866,14 @@
             "Network": []
         },
         "Detections": [],
-        "References": [],
+        "References": [
+            "https://help.webex.com/en-us/article/nyc3q0b/Set-Up-a-Computer-for-Remote-Access"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "RemotePC",
-        "Description": "RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RemoteView",
+        "Description": "RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/9/2024",
@@ -4788,16 +4891,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\RemotePC\\*",
-                "Idrive.File-Transfer",
-                "*\\RemotePC\\*",
-                "remotepcservice.exe",
-                "RemotePC.exe",
-                "remotepchost.exe",
-                "idrive.RemotePCAgent",
-                "rpcsuite.exe",
-                "*\\RemotePCService.exe",
-                "RemotePCService.exe"
+                "remoteview.exe",
+                "rv.exe",
+                "rvagent.exe",
+                "rvagtray.exe"
             ]
         },
         "Artifacts": {
@@ -4808,10 +4905,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.remotedesktop.com",
-                        "*.remotepc.com",
-                        "www.remotepc.com",
-                        "remotepc.com"
+                        "*content.rview.com",
+                        "*.rview.com",
+                        "content.rview.com"
                     ],
                     "Ports": []
                 }
@@ -4819,25 +4915,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_network_sigma.yml",
-                "Description": "Detects potential network activity of RemotePC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_network_sigma.yml",
+                "Description": "Detects potential network activity of RemoteView RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RemotePC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RemoteView RMM tool"
             }
         ],
         "References": [
-            "https://www.remotedesktop.com/helpdesk/faq-firewall"
+            "https://help.rview.com/hc/en-us/articles/360005175994--RemoteView-Server-list-for-firewall"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "LogMeIn rescue",
-        "Description": "LogMeIn rescue is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Tanium",
+        "Description": "Tanium is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -4852,9 +4948,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "support-logmeinrescue*.exe",
-                "support-logmeinrescue.exe",
-                "lmi_rescue.exe"
+                "TaniumClient.exe",
+                "TaniumCX.exe",
+                "TaniumExecWrapper.exe",
+                "TaniumFileInfo.exe",
+                "TPowerShell.exe"
             ]
         },
         "Artifacts": {
@@ -4865,9 +4963,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.logmeinrescue.com",
-                        "*.logmeinrescue.eu",
-                        "logmeinrescue.com"
+                        "cloud.tanium.com",
+                        "*.cloud.tanium.com"
                     ],
                     "Ports": []
                 }
@@ -4875,25 +4972,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_network_sigma.yml",
-                "Description": "Detects potential network activity of LogMeIn rescue RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_network_sigma.yml",
+                "Description": "Detects potential network activity of Tanium RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_processes_sigma.yml",
-                "Description": "Detects potential processes activity of LogMeIn rescue RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Tanium RMM tool"
             }
         ],
         "References": [
-            "https://support.logmeinrescue.com/rescue/help/allowlisting-and-rescue"
+            "https://help.tanium.com/bundle/ug_client_cloud/page/client/platform_connections.html"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "UltraViewer",
-        "Description": "UltraViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Barracuda",
+        "Description": "Barracuda is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -4907,20 +5004,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "UltraViewer_Service.exe",
-                "UltraViewer_setup*",
-                "UltraViewer_Desktop.exe",
-                "ultraviewer.exe",
-                "C:\\Program Files (x86)\\UltraViewer\\UltraViewer_Desktop.exe",
-                "*\\UltraViewer\\",
-                "*\\UltraViewer_Desktop.exe",
-                "ultraviewer_desktop.exe",
-                "ultraviewer_service.exe",
-                "UltraViewer_Desktop.exe",
-                "UltraViewer_setup*",
-                "UltraViewer_Service.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -4930,8 +5014,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "* .ultraviewer.net",
-                        "ultraviewer.net"
+                        "*.islonline.net",
+                        "rmm.barracudamsp.com",
+                        "barracudamsp.com"
                     ],
                     "Ports": []
                 }
@@ -4939,25 +5024,21 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_network_sigma.yml",
-                "Description": "Detects potential network activity of UltraViewer RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_processes_sigma.yml",
-                "Description": "Detects potential processes activity of UltraViewer RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/barracuda_network_sigma.yml",
+                "Description": "Detects potential network activity of Barracuda RMM tool"
             }
         ],
         "References": [
-            "https://www.ultraviewer.net/en/200000026-summary-of-ultraviewer-s-security-information.html"
+            "https://help.islonline.com/19799/166125"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "aria2",
-        "Description": "aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "I'm InTouch",
+        "Description": "I'm InTouch is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -4972,33 +5053,47 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\ProgramData\\CentraStage\\AEMAgent\\*",
-                "*ProgramData\\CentraStage\\AEMAgent\\*",
-                "*\\Steinberg\\Download Assistant\\3rd Party\\optional\\aria2\\*",
-                "*\\aria2c.exe"
+                "iit.exe",
+                "intouch.exe",
+                "I'm InTouch Go Installer.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.01com.com",
+                        "01com.com/imintouch-remote-pc-desktop"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aria2_processes_sigma.yml",
-                "Description": "Detects potential processes activity of aria2 RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_network_sigma.yml",
+                "Description": "Detects potential network activity of I'm InTouch RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_processes_sigma.yml",
+                "Description": "Detects potential processes activity of I'm InTouch RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://www.01com.com/mobile/imintouch-remote-pc-desktop/faqs/remote-access/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Pandora RC (eHorus)",
-        "Description": "Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Impero Connect",
+        "Description": "Impero Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5013,8 +5108,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ehorus standalone.exe",
-                "ehorus_agent.exe"
+                "ImperoClientSVC.exe"
             ]
         },
         "Artifacts": {
@@ -5025,7 +5119,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "portal.ehorus.com"
+                        "imperosoftware.com"
                     ],
                     "Ports": []
                 }
@@ -5033,25 +5127,23 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__network_sigma.yml",
-                "Description": "Detects potential network activity of Pandora RC (eHorus) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_network_sigma.yml",
+                "Description": "Detects potential network activity of Impero Connect RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Pandora RC (eHorus) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Impero Connect RMM tool"
             }
         ],
-        "References": [
-            "https://pandorafms.com/manual/!current/en/documentation/09_pandora_rc/01_pandora_rc_introduction"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "IntelliAdmin Remote Control",
-        "Description": "IntelliAdmin Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Remmina",
+        "Description": "Remmina is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5065,48 +5157,21 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "iadmin.exe",
-                "intelliadmin.exe",
-                "agent32.exe",
-                "agent64.exe",
-                "agent_setup_5.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed",
-                        "*.intelliadmin.com",
-                        "intelliadmin.com/remote-control"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_network_sigma.yml",
-                "Description": "Detects potential network activity of IntelliAdmin Remote Control RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_processes_sigma.yml",
-                "Description": "Detects potential processes activity of IntelliAdmin Remote Control RMM tool"
-            }
-        ],
-        "References": [
-            "intelliadmin.com/remote-control"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "MEGAsync",
-        "Description": "MEGAsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "TeraCLOUD",
+        "Description": "TeraCLOUD is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -5124,12 +5189,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Users\\*\\AppData\\Local\\MEGAsync\\*",
-                "*Users\\*\\AppData\\Local\\MEGAsync\\*",
-                "*Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*",
-                "*ProgramData\\MEGAsync\\*",
-                "*\\MEGAsyncSetup64.exe",
-                "*\\MEGAupdater.exe"
+                "c:\\*\\TeraCloud.Client*",
+                "*\\TeraCloud.Client*",
+                "*\\Livedrive-Setup.exe"
             ]
         },
         "Artifacts": {
@@ -5140,19 +5202,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/megasync_processes_sigma.yml",
-                "Description": "Detects potential processes activity of MEGAsync RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teracloud_processes_sigma.yml",
+                "Description": "Detects potential processes activity of TeraCLOUD RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Encapto",
-        "Description": "Encapto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Tactical RMM",
+        "Description": "Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5166,7 +5228,10 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "tacticalrmm.exe",
+                "tacticalrmm.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -5176,7 +5241,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "encapto.com"
+                        "login.tailscale.com",
+                        "login.tailscale.com",
+                        "docs.tacticalrmm.com"
                     ],
                     "Ports": []
                 }
@@ -5184,21 +5251,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/encapto_network_sigma.yml",
-                "Description": "Detects potential network activity of Encapto RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_network_sigma.yml",
+                "Description": "Detects potential network activity of Tactical RMM RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Tactical RMM RMM tool"
             }
         ],
         "References": [
-            "https://www.encapto.com - used to manage Cisco services"
+            "docs.tacticalrmm.com"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "ShowMyPC",
-        "Description": "ShowMyPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FixMe",
+        "Description": "FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5213,10 +5284,12 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "SMPCSetup.exe",
-                "showmypc*.exe",
-                "showmypc.exe",
-                "smpcsetup.exe"
+                "FixMeit Client.exe",
+                "TiExpertStandalone.exe",
+                "FixMeitClient*.exe",
+                "TiExpertCore.exe",
+                "FixMeit Unattended Access Setup.exe",
+                "FixMeit Expert Setup.exe"
             ]
         },
         "Artifacts": {
@@ -5227,8 +5300,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.showmypc.com",
-                        "showmypc.com"
+                        "fixme.it"
                     ],
                     "Ports": []
                 }
@@ -5236,22 +5308,20 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/showmypc_network_sigma.yml",
-                "Description": "Detects potential network activity of ShowMyPC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_network_sigma.yml",
+                "Description": "Detects potential network activity of FixMe RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/showmypc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ShowMyPC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml",
+                "Description": "Detects potential processes activity of FixMe RMM tool"
             }
         ],
-        "References": [
-            "https://showmypc.com/service/faq/ShowMyPCSecurityOverview1.pdf"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Lite Manager",
-        "Description": "Lite Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ConnectWise Control",
+        "Description": "ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -5269,27 +5339,43 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\LiteManager Pro – Viewer\\*",
-                "*\\LiteManager Pro – Viewer\\*",
-                "*\\LMNoIpServer.exe."
+                "connectwisechat-customer.exe",
+                "connectwisecontrol.client.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Netop Remote Control (aka Impero Connect)",
-        "Description": "Netop Remote Control (aka Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "control.connectwise.com"
+                    ],
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml",
+                "Description": "Detects potential network activity of ConnectWise Control RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ConnectWise Control RMM tool"
+            }
+        ],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "ScreenMeet",
+        "Description": "ScreenMeet is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5304,10 +5390,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "nhostsvc.exe",
-                "nhstw32.exe",
-                "nldrw32.exe",
-                "rmserverconsolemediator.exe"
+                "ScreenMeetSupport.exe",
+                "ScreenMeet.Support.exe"
             ]
         },
         "Artifacts": {
@@ -5318,7 +5402,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "imperosoftware.com/impero-connect/"
+                        "*.screenmeet.com",
+                        "*.scrn.mt"
                     ],
                     "Ports": []
                 }
@@ -5326,20 +5411,97 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__aka_impero_connect__network_sigma.yml",
-                "Description": "Detects potential network activity of Netop Remote Control (aka Impero Connect) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_network_sigma.yml",
+                "Description": "Detects potential network activity of ScreenMeet RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__aka_impero_connect__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Netop Remote Control (aka Impero Connect) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ScreenMeet RMM tool"
+            }
+        ],
+        "References": [
+            "https://docs.screenmeet.com/docs/firewall-white-list"
+        ],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Chicken (of the VNC)",
+        "Description": "Chicken (of the VNC) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": []
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Dev Tunnels (aka Visual Studio Dev Tunnel)",
+        "Description": "Dev Tunnels (aka Visual Studio Dev Tunnel) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": []
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview"
+                    ],
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.yml",
+                "Description": "Detects potential network activity of Dev Tunnels (aka Visual Studio Dev Tunnel) RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "GoToAssist",
-        "Description": "GoToAssist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Comodo RMM",
+        "Description": "Comodo RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/7/2024",
@@ -5357,9 +5519,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "gotoassist.exe",
-                "g2a*.exe",
-                "GoTo Assist Opener.exe"
+                "itsmagent.exe",
+                "rviewer.exe"
             ]
         },
         "Artifacts": {
@@ -5370,14 +5531,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "goto.com",
-                        "*.getgo.com",
-                        "*.fastsupport.com",
-                        "*.gotoassist.com",
-                        "helpme.net",
-                        "*.gotoassist.me",
-                        "*.gotoassist.at",
-                        "*.desktopstreaming.com"
+                        "*.itsm-us1.comodo.com",
+                        "*mdmsupport.comodo.com",
+                        "one.comodo.com"
                     ],
                     "Ports": []
                 }
@@ -5385,25 +5541,56 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotoassist_network_sigma.yml",
-                "Description": "Detects potential network activity of GoToAssist RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_network_sigma.yml",
+                "Description": "Detects potential network activity of Comodo RMM RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotoassist_processes_sigma.yml",
-                "Description": "Detects potential processes activity of GoToAssist RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Comodo RMM RMM tool"
             }
         ],
         "References": [
-            "https://help.gotoassist.com/remote-support/help/what-should-i-allow-on-my-firewall-for-gotoassist-remote-support-v5"
+            "https://help.itarian.com/topic-459-1-1005-14776-Appendix-1b---Endpoint-Manager-Services---IP-Nos,-Host-Names-and-Port-Details---US-Customers.html"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Ericom Connect",
-        "Description": "Ericom Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CloudFuze",
+        "Description": "CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": []
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Acronic Cyber Protect (Remotix)",
+        "Description": "Acronic Cyber Protect (Remotix) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5418,8 +5605,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "EricomConnectRemoteHost*.exe",
-                "ericomconnnectconfigurationtool.exe"
+                "AcronisCyberProtectConnectQuickAssist*.exe",
+                "AcronisCyberProtectConnectAgent.exe"
             ]
         },
         "Artifacts": {
@@ -5430,8 +5617,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "ericom.com"
+                        "cloud.acronis.com",
+                        "agents*-cloud.acronis.com",
+                        "gw.remotix.com",
+                        "connect.acronis.com"
                     ],
                     "Ports": []
                 }
@@ -5439,312 +5628,79 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_connect_network_sigma.yml",
-                "Description": "Detects potential network activity of Ericom Connect RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__network_sigma.yml",
+                "Description": "Detects potential network activity of Acronic Cyber Protect (Remotix) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_connect_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Ericom Connect RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Acronic Cyber Protect (Remotix) RMM tool"
             }
         ],
         "References": [
-            "https://www.ericom.com/connect-accessnow/"
+            "https://kb.acronis.com/content/47189"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "TeamViewer",
-        "Description": "TeamViewer is a remote monitoring and management (RMM) tool.\n",
-        "Author": "Nasreddine Bencherchali, Michael Haag",
-        "Created": "2024-08-02",
-        "LastModified": "2024-08-02",
+        "Name": "Remote Manipulator System",
+        "Description": "Remote Manipulator System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/9/2024",
         "Details": {
-            "Website": "https://www.teamviewer.com/en",
-            "PEMetadata": [
-                {
-                    "Filename": "TeamViewer.exe",
-                    "OriginalFileName": "",
-                    "Description": "",
-                    "Product": "TeamViewer"
-                }
-            ],
-            "Privileges": "user",
-            "Free": true,
-            "Verification": false,
-            "SupportedOS": [
-                "Android",
-                "ChromeOS",
-                "IOS",
-                "Linux",
-                "Mac",
-                "Windows"
-            ],
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
             "Capabilities": [],
-            "Vulnerabilities": [
-                "https://www.cvedetails.com/vulnerability-list/vendor_id-11100/product_id-19942/Teamviewer-Teamviewer.html"
-            ],
+            "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\TeamViewer\\",
-                "teamviewer_desktop.exe",
-                "teamviewer_service.exe",
-                "teamviewerhost"
+                "rfusclient.exe",
+                "rutserv.exe"
             ]
         },
         "Artifacts": {
-            "Disk": [
-                {
-                    "File": "C:\\Users\\<username>\\AppData\\Local\\Temp\\TeamViewer\\TV15Install.log",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "TeamViewer\\d\\d_Logfile\\.log",
-                    "Description": "N/A",
-                    "OS": "Windows",
-                    "Type": "Regex"
-                },
-                {
-                    "File": "C:\\Program Files\\TeamViewer\\Connections_incoming.txt",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files\\TeamViewer\\TVNetwork.log",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%LOCALAPPDATA%\\Temp\\TeamViewer\\TV15Install.log",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%APPDATA%\\\\TeamViewer\\\\TeamViewer\\d\\d_Logfile\\.log",
-                    "Description": "N/A",
-                    "OS": "Windows",
-                    "Type": "Regex"
-                },
-                {
-                    "File": "teamviewerqs.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "tv_w32.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "tv_w64.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "tv_x64.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "teamviewer.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "teamviewer_service.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%LOCALAPPDATA%\\TeamViewer\\Database\\tvchatfilecache.db",
-                    "Description": "SQlite 3 database storing cache about TeamViewer chat",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%LOCALAPPDATA%\\TeamViewer\\RemotePrinting\\tvprint.db",
-                    "Description": "SQlite 3 database storing TeamViewer print jobs",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\TeamViewer.lnk",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files*\\TeamViewer\\connections*.txt",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Users\\*\\AppData\\Roaming\\TeamViewer\\MRU\\RemoteSupport\\*tvc",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                }
-            ],
-            "EventLog": [
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "TeamViewer",
-                    "ImagePath": "\"C:\\\\Program Files\\\\TeamViewer\\\\TeamViewer_Service.exe\"",
-                    "Description": "Service installation event as result of TeamViewer installation."
-                }
-            ],
-            "Registry": [
-                {
-                    "Path": "HKLM\\SOFTWARE\\TeamViewer\\*",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\<SID>\\SOFTWARE\\TeamViewer\\*",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\TeamViewer\\*",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\TeamViewer\\*",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MainWindowHandle",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImage",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePath",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePosition",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MinimizeToTray",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedCapturingEndpoint",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioSendingVolumeV2",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedRenderingEndpoint",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindow_Mode",
-                    "Description": "N/A"
-                },
-                {
-                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindowPositions",
-                    "Description": "N/A"
-                }
-            ],
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
             "Network": [
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.teamviewer.com"
+                        "*.internetid.ru",
+                        "rmansys.ru"
                     ],
                     "Ports": []
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "router15.teamviewer.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "client.teamviewer.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "taf.teamviewer.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                }
-            ],
-            "Other": [
-                {
-                    "Type": "Mutex",
-                    "Value": "TeamViewer_LogMutex"
-                },
-                {
-                    "Type": "Mutex",
-                    "Value": "TeamViewerHooks_DynamicMemMutex"
-                },
-                {
-                    "Type": "Mutex",
-                    "Value": "TeamViewer3_Win32_Instance_Mutex"
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_registry_sigma.yml",
-                "Description": "Detects potential registry activity of TeamViewer RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_network_sigma.yml",
-                "Description": "Detects potential network activity of TeamViewer RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_files_sigma.yml",
-                "Description": "Detects potential files activity of TeamViewer RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_network_sigma.yml",
+                "Description": "Detects potential network activity of Remote Manipulator System RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_processes_sigma.yml",
-                "Description": "Detects potential processes activity of TeamViewer RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Remote Manipulator System RMM tool"
             }
         ],
         "References": [
-            "https://community.teamviewer.com/English/kb/articles/4139-ports-used-by-teamviewer",
-            "https://arista.my.site.com/AristaCommunity/s/article/Security-Analysis-TeamViewer#",
-            "https://www.teamviewer.com/en/global/support/knowledge-base/teamviewer-classic/troubleshooting/log-file-reading-incoming-connection/",
-            "https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html",
-            "https://github.com/Purp1eW0lf/Blue-Team-Notes"
+            "https://rmansys.ru/files/"
         ],
-        "Acknowledgement": [
-            {
-                "Person": "Théo Letailleur",
-                "Handle": "in/theosyn"
-            }
-        ]
+        "Acknowledgement": []
     },
     {
-        "Name": "Access Remote PC",
-        "Description": "Access Remote PC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Tailscale",
+        "Description": "Tailscale is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5759,31 +5715,48 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "rpcgrab.exe",
-                "rpcsetup.exe"
+                "tailscale-*.exe",
+                "tailscaled.exe",
+                "tailscale-ipn.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.tailscale.com",
+                        "*.tailscale.io",
+                        "tailscale.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/access_remote_pc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Access Remote PC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tailscale_network_sigma.yml",
+                "Description": "Detects potential network activity of Tailscale RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tailscale_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Tailscale RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://tailscale.com/kb/1023/troubleshooting"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "DW Service",
-        "Description": "DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "MyIVO",
+        "Description": "MyIVO is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5798,8 +5771,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "dwagent.exe",
-                "dwagsvc.exe"
+                "myivomgr.exe",
+                "myivomanager.exe"
             ]
         },
         "Artifacts": {
@@ -5810,7 +5783,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.dwservice.net"
+                        "myivo-server.software.informer.com"
                     ],
                     "Ports": []
                 }
@@ -5818,25 +5791,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml",
-                "Description": "Detects potential network activity of DW Service RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_network_sigma.yml",
+                "Description": "Detects potential network activity of MyIVO RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml",
-                "Description": "Detects potential processes activity of DW Service RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_processes_sigma.yml",
+                "Description": "Detects potential processes activity of MyIVO RMM tool"
             }
         ],
         "References": [
-            "https://news.dwservice.net/dwservice-security-infrastructure/"
+            "myivo.com - DOA as of 2024"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "SecureCRT",
-        "Description": "SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Adobe Connect",
+        "Description": "Adobe Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/27/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5851,32 +5824,47 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\*\\SecureCRT.EXE",
-                "*\\SecureCRT.EXE",
-                "*\\VanDyke Software\\ClientPack\\*"
+                "ConnectAppSetup*.exe",
+                "ConnectShellSetup*.exe",
+                "Connect.exe",
+                "ConnectDetector.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.adobeconnect.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/securecrt_processes_sigma.yml",
-                "Description": "Detects potential processes activity of SecureCRT RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_network_sigma.yml",
+                "Description": "Detects potential network activity of Adobe Connect RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Adobe Connect RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://helpx.adobe.com/adobe-connect/firewall-proxy-server-configuration-adobe-connect.html"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Acronic Cyber Protect (Remotix)",
-        "Description": "Acronic Cyber Protect (Remotix) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Air Explorer",
+        "Description": "Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5891,48 +5879,32 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "AcronisCyberProtectConnectQuickAssist*.exe",
-                "AcronisCyberProtectConnectAgent.exe"
+                "C:\\Program Files\\airexplorer\\*",
+                "*\\airexplorer\\*",
+                "*\\airexplorer.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "cloud.acronis.com",
-                        "agents*-cloud.acronis.com",
-                        "gw.remotix.com",
-                        "connect.acronis.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__network_sigma.yml",
-                "Description": "Detects potential network activity of Acronic Cyber Protect (Remotix) RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Acronic Cyber Protect (Remotix) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_explorer_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Air Explorer RMM tool"
             }
         ],
-        "References": [
-            "https://kb.acronis.com/content/47189"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Sorillus",
-        "Description": "Sorillus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "EMCO Remote Console",
+        "Description": "EMCO Remote Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -5947,8 +5919,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "Sorillus-Launcher*.exe",
-                "Sorillus Launcher.exe"
+                "remoteconsole.exe"
             ]
         },
         "Artifacts": {
@@ -5959,8 +5930,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.sorillus.com",
-                        "sorillus.com"
+                        "user_managed",
+                        "emcosoftware.com"
                     ],
                     "Ports": []
                 }
@@ -5968,25 +5939,23 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_network_sigma.yml",
-                "Description": "Detects potential network activity of Sorillus RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/emco_remote_console_network_sigma.yml",
+                "Description": "Detects potential network activity of EMCO Remote Console RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Sorillus RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/emco_remote_console_processes_sigma.yml",
+                "Description": "Detects potential processes activity of EMCO Remote Console RMM tool"
             }
         ],
-        "References": [
-            "https://sorillus.com/"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Barracuda",
-        "Description": "Barracuda is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "MobaXterm",
+        "Description": "MobaXterm is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6000,41 +5969,28 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\*\\MobaXterm_installer_12.1.msi",
+                "*\\MobaXterm_installer_*.msi",
+                "*\\Mobatek\\MobaXterm\\*"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.islonline.net",
-                        "rmm.barracudamsp.com",
-                        "barracudamsp.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/barracuda_network_sigma.yml",
-                "Description": "Detects potential network activity of Barracuda RMM tool"
-            }
-        ],
-        "References": [
-            "https://help.islonline.com/19799/166125"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "DeskDay",
-        "Description": "DeskDay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Cyberduck",
+        "Description": "Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6049,45 +6005,32 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ultimate_*.exe"
+                "C:\\Program Files\\Cyberduck\\*",
+                "*\\Cyberduck\\*",
+                "*\\Cyberduck.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "deskday.ai",
-                        "app.deskday.ai"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskday_network_sigma.yml",
-                "Description": "Detects potential network activity of DeskDay RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskday_processes_sigma.yml",
-                "Description": "Detects potential processes activity of DeskDay RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cyberduck_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Cyberduck RMM tool"
             }
         ],
-        "References": [
-            "https://support.deskday.ai/en/articles/8235973-installing-the-end-user-application-ultimate"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "RemoteCall",
-        "Description": "RemoteCall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SunLogin",
+        "Description": "SunLogin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6102,13 +6045,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "rcengmgru.exe",
-                "rcmgrsvc.exe",
-                "rxstartsupport.exe",
-                "rcstartsupport.exe",
-                "raautoup.exe",
-                "agentu.exe",
-                "remotesupportplayeru.exe"
+                "OrayRemoteShell.exe",
+                "OrayRemoteService.exe",
+                "sunlogin*.exe"
             ]
         },
         "Artifacts": {
@@ -6119,9 +6058,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.remotecall.com",
-                        "*.startsupport.com",
-                        "remotecall.com"
+                        "sunlogin.oray.com",
+                        "client.oray.net"
                     ],
                     "Ports": []
                 }
@@ -6129,25 +6067,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotecall_network_sigma.yml",
-                "Description": "Detects potential network activity of RemoteCall RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sunlogin_network_sigma.yml",
+                "Description": "Detects potential network activity of SunLogin RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotecall_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RemoteCall RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sunlogin_processes_sigma.yml",
+                "Description": "Detects potential processes activity of SunLogin RMM tool"
             }
         ],
         "References": [
-            "https://help.remotecall.com/hc/en-us/articles/360005128814--RemoteCall-Server-List-For-Firewall"
+            "https://sunlogin.oray.com/en/embed/software.html"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Splashtop",
-        "Description": "Splashtop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "Nasreddine Bencherchali",
+        "Name": "Microsoft TSC",
+        "Description": "Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6162,197 +6100,33 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\Splashtop\\*",
-                "*\\Splashtop\\Splashtop Remote\\Client for RMM\\*",
-                "strwinclt.exe"
+                "termsrv.exe",
+                "mstsc.exe"
             ]
         },
         "Artifacts": {
-            "Disk": [
-                {
-                    "File": "C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Status%4Operational.evtx",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Remote Session%4Operational.evtx",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "%PROGRAMDATA%\\Splashtop\\Temp\\log\\FTCLog.txt",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\agent_log.txt",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\SPLog.txt",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\svcinfo.txt",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\sysinfo.txt",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRService.exe",
-                    "Description": "Splashtop Remote Service",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRAgent.exe",
-                    "Description": "SplashTop Remote Agent",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Software Updater\\SSUAgent.exe",
-                    "Description": "Splashtop Updater",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRUtility.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\db\\SRAgent.sqlite3",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                }
-            ],
-            "EventLog": [
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "Splashtop Software Updater Service",
-                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Software Updater\\\\SSUService.exe\"",
-                    "Description": "Service installation event as result of Splashtop Software Updater Service installation."
-                },
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "Splashtop® Remote Service",
-                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"",
-                    "Description": "Service installation event as result of Splashtop Remote Service installation."
-                },
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "SplashtopRemoteService",
-                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"",
-                    "Description": "Service installation event as result of Splashtop Remote Service installation."
-                }
-            ],
-            "Registry": [
-                {
-                    "Path": "KLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\*",
-                    "Description": "Splashtop Inc. registry key"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater",
-                    "Description": "Splashtop Software Updater uninstall key"
-                },
-                {
-                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SplashtopRemoteService",
-                    "Description": "Splashtop Remote Service registry key"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Remote Session/Operational",
-                    "Description": "Splashtop Streamer Remote Session event log channel"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Status/Operational",
-                    "Description": "Splashtop Streamer Status event log channel"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater\\InstallRefCount",
-                    "Description": "Splashtop Software Updater install reference count"
-                },
-                {
-                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Network\\SplashtopRemoteService",
-                    "Description": "Splashtop Remote Service safe boot configuration"
-                },
-                {
-                    "Path": "HKU\\.DEFAULT\\Software\\Splashtop Inc.\\*",
-                    "Description": "Default user Splashtop Inc. registry key"
-                },
-                {
-                    "Path": "HKU\\SID\\Software\\Splashtop Inc.\\*",
-                    "Description": "User-specific Splashtop Inc. registry key"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\Splashtop PDF Remote Printer",
-                    "Description": "Splashtop PDF Remote Printer configuration"
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\Splashtop Remote Server\\ClientInfo\\*",
-                    "Description": "Splashtop Remote Server client information"
-                }
-            ],
-            "Network": [
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "*.splashtop.com"
-                    ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                }
-            ]
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_registry_sigma.yml",
-                "Description": "Detects potential registry activity of Splashtop RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_network_sigma.yml",
-                "Description": "Detects potential network activity of Splashtop RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_files_sigma.yml",
-                "Description": "Detects potential files activity of Splashtop RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Splashtop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Microsoft TSC RMM tool"
             }
         ],
         "References": [
-            "https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html"
+            "https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application"
         ],
-        "Acknowledgement": [
-            {
-                "Person": "Théo Letailleur",
-                "Handle": "in/theosyn"
-            }
-        ]
+        "Acknowledgement": []
     },
     {
-        "Name": "ManageEngine RMM Central",
-        "Description": "ManageEngine RMM Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Sophos-Remote Management System",
+        "Description": "Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6366,7 +6140,11 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "clientmrinit.exe",
+                "mgntsvc.exe",
+                "routernt.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -6376,7 +6154,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "manageengine.com/remote-monitoring-management/"
+                        "*.sophos.com",
+                        "*.sophosupd.com",
+                        "*.sophosupd.net",
+                        "community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system"
                     ],
                     "Ports": []
                 }
@@ -6384,16 +6165,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_rmm_central_network_sigma.yml",
-                "Description": "Detects potential network activity of ManageEngine RMM Central RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_network_sigma.yml",
+                "Description": "Detects potential network activity of Sophos-Remote Management System RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Sophos-Remote Management System RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "AeroAdmin",
-        "Description": "AeroAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CloudFlare Tunnel",
+        "Description": "CloudFlare Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/7/2024",
@@ -6411,8 +6198,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "aeroadmin.exe",
-                "AeroAdmin.exe"
+                "cloudflared.exe"
             ]
         },
         "Artifacts": {
@@ -6423,8 +6209,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "auth*.aeroadmin.com",
-                        "aeroadmin.com"
+                        "cloudflare.com/products/tunnel/"
                     ],
                     "Ports": []
                 }
@@ -6432,22 +6217,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_network_sigma.yml",
-                "Description": "Detects potential network activity of AeroAdmin RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_network_sigma.yml",
+                "Description": "Detects potential network activity of CloudFlare Tunnel RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_processes_sigma.yml",
-                "Description": "Detects potential processes activity of AeroAdmin RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_processes_sigma.yml",
+                "Description": "Detects potential processes activity of CloudFlare Tunnel RMM tool"
             }
         ],
         "References": [
-            "https://support.aeroadmin.com/kb/faq.php?id=58"
+            "cloudflare.com/products/tunnel/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Microsoft TSC",
-        "Description": "Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Iperius Remote",
+        "Description": "Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/8/2024",
@@ -6465,30 +6250,45 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "termsrv.exe",
-                "mstsc.exe"
+                "iperius.exe",
+                "iperiusremote.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.iperiusremote.com",
+                        "*.iperius.com",
+                        "*.iperius-rs.com",
+                        "iperiusremote.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Microsoft TSC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_network_sigma.yml",
+                "Description": "Detects potential network activity of Iperius Remote RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Iperius Remote RMM tool"
             }
         ],
         "References": [
-            "https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application"
+            "https://www.iperiusremote.com/download-iperius-remote-desktop-windows.aspx"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "AweRay (AweSun)",
-        "Description": "AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SmartFTP",
+        "Description": "SmartFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -6506,44 +6306,27 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "aweray_remote*.exe",
-                "AweSun.exe"
+                "C:\\Program Files (x86)\\SmartFTP Client\\en-US\\",
+                "*\\SmartFTP Client\\*",
+                "*\\SfShellTools.dll.mui"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "asapi-us.aweray.net",
-                        "asapi.aweray.net"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__network_sigma.yml",
-                "Description": "Detects potential network activity of AweRay (AweSun) RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__processes_sigma.yml",
-                "Description": "Detects potential processes activity of AweRay (AweSun) RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "NoMachine",
-        "Description": "NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Manage Engine (Desktop Central)",
+        "Description": "Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6558,9 +6341,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "nomachine*.exe",
-                "nxservice*.ese",
-                "nxd.exe"
+                "dcagentservice.exe",
+                "dcagentregister.exe"
             ]
         },
         "Artifacts": {
@@ -6571,8 +6353,12 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "nomachine.com"
+                        "desktopcentral.manageengine.com",
+                        "desktopcentral.manageengine.com.eu",
+                        "desktopcentral.manageengine.cn",
+                        "*.dms.zoho.com",
+                        "*.dms.zoho.com.eu",
+                        "*.-dms.zoho.com.cn"
                     ],
                     "Ports": []
                 }
@@ -6580,25 +6366,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_network_sigma.yml",
-                "Description": "Detects potential network activity of NoMachine RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__network_sigma.yml",
+                "Description": "Detects potential network activity of Manage Engine (Desktop Central) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_processes_sigma.yml",
-                "Description": "Detects potential processes activity of NoMachine RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Manage Engine (Desktop Central) RMM tool"
             }
         ],
         "References": [
-            "https://kb.nomachine.com/AR04S01122"
+            "https://www.manageengine.com/products/desktop-central/help/domains-required-for-agent-communication.html"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "UltraVNC",
-        "Description": "UltraVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "VNC Connect",
+        "Description": "VNC Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6613,7 +6399,43 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "UltraVNC*.exe"
+                "C:\\Program Files\\RealVNC\\VNC Server\\*",
+                "*\\RealVNC\\VNC Server\\*"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Pocket Controller (Soti Xsight)",
+        "Description": "Pocket Controller (Soti Xsight) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/9/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "pocketcontroller.exe",
+                "wysebrowser.exe",
+                "XSightService.exe"
             ]
         },
         "Artifacts": {
@@ -6624,8 +6446,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "ultravnc.com",
-                        "user_managed"
+                        "*soti.net"
                     ],
                     "Ports": []
                 }
@@ -6633,22 +6454,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_network_sigma.yml",
-                "Description": "Detects potential network activity of UltraVNC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__network_sigma.yml",
+                "Description": "Detects potential network activity of Pocket Controller (Soti Xsight) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of UltraVNC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Pocket Controller (Soti Xsight) RMM tool"
             }
         ],
         "References": [
-            "https://uvnc.com/docs/uvnc-server/49-UltraVNC-server-configuration.html"
+            "https://pulse.soti.net/support/soti-xsight/help/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "TeraCLOUD",
-        "Description": "TeraCLOUD is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CloudGopher",
+        "Description": "CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -6665,11 +6486,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "c:\\*\\TeraCloud.Client*",
-                "*\\TeraCloud.Client*",
-                "*\\Livedrive-Setup.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -6677,21 +6494,16 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teracloud_processes_sigma.yml",
-                "Description": "Detects potential processes activity of TeraCLOUD RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Instant Housecall",
-        "Description": "Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "mRemoteNG",
+        "Description": "mRemoteNG is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6706,24 +6518,42 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "hsloader.exe",
-                "ihcserver.exe",
-                "instanthousecall.exe",
-                "instanthousecall.exe"
+                "mRemoteNG.exe",
+                "C:\\Program Files (x86)\\mRemoteNG\\*",
+                "*\\mRemoteNG\\*",
+                "*\\mRemoteNG.exe",
+                "c:\\Program Files (x86)%\\mRemoteNG",
+                "*%\\mRemoteNG",
+                "mRemoteNG-Installer-*.msi",
+                "*\\mRemoteNG.exe"
             ]
         },
         "Artifacts": {
-            "Disk": [],
+            "Disk": [
+                {
+                    "File": "C:\\Users\\*\\AppData\\Roaming\\mRemoteNG\\mRemoteNG.log",
+                    "Description": "mRemoteNG log file",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Users\\*\\AppData\\Roaming\\mRemoteNG\\confCons.xml",
+                    "Description": "mRemoteNG configuration file",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Users\\*\\AppData\\*\\mRemoteNG\\**10\\user.config",
+                    "Description": "mRemoteNG user configuration file",
+                    "OS": "Windows"
+                }
+            ],
             "EventLog": [],
             "Registry": [],
             "Network": [
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.instanthousecall.com",
-                        "*.instanthousecall.net",
-                        "instanthousecall.com",
-                        "secure.instanthousecall.com"
+                        "user_managed",
+                        "mremoteng.org"
                     ],
                     "Ports": []
                 }
@@ -6731,22 +6561,26 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_network_sigma.yml",
-                "Description": "Detects potential network activity of Instant Housecall RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_network_sigma.yml",
+                "Description": "Detects potential network activity of mRemoteNG RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Instant Housecall RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_files_sigma.yml",
+                "Description": "Detects potential files activity of mRemoteNG RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mremoteng_processes_sigma.yml",
+                "Description": "Detects potential processes activity of mRemoteNG RMM tool"
             }
         ],
         "References": [
-            "https://instanthousecall.com/features/"
+            "https://github.com/mRemoteNG/mRemoteNG"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "NinjaRMM",
-        "Description": "NinjaRMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Senso.cloud",
+        "Description": "Senso.cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/9/2024",
@@ -6764,10 +6598,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ninjarmmagent.exe",
-                "NinjaRMMAgent.exe",
-                "NinjaRMMAgenPatcher.exe",
-                "ninjarmm-cli.exe"
+                "SensoClient.exe",
+                "SensoService.exe",
+                "aadg.exe"
             ]
         },
         "Artifacts": {
@@ -6778,10 +6611,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.ninjarmm.com",
-                        "*.ninjaone.com",
-                        "resources.ninjarmm.com",
-                        "ninjaone.com"
+                        "*.senso.cloud",
+                        "senso.cloud"
                     ],
                     "Ports": []
                 }
@@ -6789,25 +6620,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_network_sigma.yml",
-                "Description": "Detects potential network activity of NinjaRMM RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_network_sigma.yml",
+                "Description": "Detects potential network activity of Senso.cloud RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_processes_sigma.yml",
-                "Description": "Detects potential processes activity of NinjaRMM RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Senso.cloud RMM tool"
             }
         ],
         "References": [
-            "https://www.ninjaone.com/faq/"
+            "https://support.senso.cloud/support/solutions/articles/79000116305-firewall-and-content-filter-configuration"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "ngrok",
-        "Description": "ngrok is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Dameware-mini remote control Protocol",
+        "Description": "Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6822,9 +6653,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ngrok.exe",
-                "C:\\*\\ngrok.zip",
-                "*\\ngrok*"
+                "dntus*.exe",
+                "dwrcs.exe"
             ]
         },
         "Artifacts": {
@@ -6835,8 +6665,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "ngrok.com"
+                        "dameware.com"
                     ],
                     "Ports": []
                 }
@@ -6844,65 +6673,128 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_network_sigma.yml",
-                "Description": "Detects potential network activity of ngrok RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml",
+                "Description": "Detects potential network activity of Dameware-mini remote control Protocol RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ngrok RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Dameware-mini remote control Protocol RMM tool"
             }
         ],
-        "References": [
-            "https://ngrok.com/docs/guides/running-behind-firewalls/"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Air Explorer",
-        "Description": "Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
+        "Name": "ScreenConnect",
+        "Description": "ScreenConnect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "Ali Alwashali, Nasreddine Bencherchali",
+        "Created": "2023-10-01",
+        "LastModified": "2024-08-03",
         "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
+            "Website": "https://www.connectwise.com",
+            "PEMetadata": [
+                {
+                    "Filename": "",
+                    "OriginalFileName": "",
+                    "Description": ""
+                }
+            ],
             "Privileges": "",
-            "Free": "",
+            "Free": "14-Days Free Trial",
             "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
+            "SupportedOS": [
+                "Android",
+                "IOS",
+                "Linux",
+                "Mac",
+                "Windows"
+            ],
+            "Capabilities": [
+                "Command Line Support",
+                "File Transfer",
+                "Install Windows updates",
+                "Receive notification when user performs a predefined event",
+                "Remote Command Line",
+                "Remote Control",
+                "Sound Capture",
+                "Start / Stop services",
+                "View event logs"
+            ],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\airexplorer\\*",
-                "*\\airexplorer\\*",
-                "*\\airexplorer.exe"
+                "C:\\Program Files (x86)\\ScreenConnect Client (Random)\\ScreenConnect.ClientService.exe",
+                "Remote Workforce Client.exe",
+                "*\\*\\ScreenConnect.ClientService.exe",
+                "C:\\Program Files (x86)\\ScreenConnect Client (<string ID>)\\*",
+                "*\\ScreenConnect Client*\\*",
+                "*\\*\\ScreenConnect.WindowsClient.exe",
+                "screenconnect*.exe",
+                "screenconnect.windowsclient.exe",
+                "Remote Workforce Client.exe",
+                "screenconnect*.exe",
+                "ConnectWiseControl*.exe",
+                "connectwise*.exe",
+                "screenconnect.windowsclient.exe",
+                "screenconnect.clientservice.exe"
             ]
         },
         "Artifacts": {
-            "Disk": [],
+            "Disk": [
+                {
+                    "File": "C:\\Program Files*\\ScreenConnect\\App_Data\\Session.db",
+                    "Description": "ScreenConnect session database",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files*\\ScreenConnect\\App_Data\\User.xml",
+                    "Description": "ScreenConnect user configuration",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\ProgramData\\ScreenConnect Client*\\user.config",
+                    "Description": "ScreenConnect client user configuration",
+                    "OS": "Windows"
+                }
+            ],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "control.connectwise.com",
+                        "*.connectwise.com",
+                        "*.screenconnect.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_explorer_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Air Explorer RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_network_sigma.yml",
+                "Description": "Detects potential network activity of ScreenConnect RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_files_sigma.yml",
+                "Description": "Detects potential files activity of ScreenConnect RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ScreenConnect RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Bitvise SSH Client",
-        "Description": "Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "AeroAdmin",
+        "Description": "AeroAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -6917,29 +6809,43 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\Bitvise SSH Client\\*",
-                "*\\Bitvise SSH Client\\*",
-                "*\\BvSshClient-Inst.exe"
+                "aeroadmin.exe",
+                "AeroAdmin.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "auth*.aeroadmin.com",
+                        "aeroadmin.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_client_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Bitvise SSH Client RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_network_sigma.yml",
+                "Description": "Detects potential network activity of AeroAdmin RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_processes_sigma.yml",
+                "Description": "Detects potential processes activity of AeroAdmin RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://support.aeroadmin.com/kb/faq.php?id=58"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Chicken (of the VNC)",
-        "Description": "Chicken (of the VNC) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Desktop Central",
+        "Description": "Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -6956,21 +6862,40 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "dcagentservice.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "desktopcentral.manageengine.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml",
+                "Description": "Detects potential network activity of Desktop Central RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Desktop Central RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "SkyFex",
-        "Description": "SkyFex is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Pilixo",
+        "Description": "Pilixo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/9/2024",
@@ -6988,8 +6913,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "Deskroll.exe",
-                "DeskRollUA.exe"
+                "rdp.exe",
+                "Pilixo_Installer*.exe"
             ]
         },
         "Artifacts": {
@@ -7000,9 +6925,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "skyfex.com",
-                        "deskroll.com",
-                        "*.deskroll.com"
+                        "pilixo.com",
+                        "download.pilixo.com",
+                        "*.pilixo.com"
                     ],
                     "Ports": []
                 }
@@ -7010,22 +6935,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_network_sigma.yml",
-                "Description": "Detects potential network activity of SkyFex RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pilixo_network_sigma.yml",
+                "Description": "Detects potential network activity of Pilixo RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_processes_sigma.yml",
-                "Description": "Detects potential processes activity of SkyFex RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pilixo_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Pilixo RMM tool"
             }
         ],
         "References": [
-            "https://skyfex.com/"
+            "https://pilixo.freshdesk.com/support/solutions/articles/9000141879-device-connectivity-and-firewalls"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Ericom AccessNow",
-        "Description": "Ericom AccessNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SuperOps",
+        "Description": "SuperOps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/7/2024",
@@ -7043,8 +6968,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "accessserver*.exe",
-                "accessserver.exe"
+                "superopsticket.exe",
+                "superops.exe"
             ]
         },
         "Artifacts": {
@@ -7055,8 +6980,11 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "ericom.com"
+                        "*.superopsbeta.com",
+                        "superops.ai",
+                        "serv.superopsalpha.com",
+                        "*.superops.ai",
+                        "*.superopsalpha.com"
                     ],
                     "Ports": []
                 }
@@ -7064,25 +6992,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_network_sigma.yml",
-                "Description": "Detects potential network activity of Ericom AccessNow RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superops_network_sigma.yml",
+                "Description": "Detects potential network activity of SuperOps RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Ericom AccessNow RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superops_processes_sigma.yml",
+                "Description": "Detects potential processes activity of SuperOps RMM tool"
             }
         ],
         "References": [
-            "https://www.ericom.com/connect-accessnow/"
+            "https://support.superops.com/en/articles/6632028-how-to-download-and-deploy-the-agent"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Microsoft RDP",
-        "Description": "Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Yandex.Disk",
+        "Description": "Yandex.Disk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7097,7 +7025,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "mstsc.exe"
+                "C:\\Program Files (x86)\\Yandex\\*",
+                "*\\Yandex\\*",
+                "*\\YandexDisk2.exe"
             ]
         },
         "Artifacts": {
@@ -7108,21 +7038,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Microsoft RDP RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/yandex.disk_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Yandex.Disk RMM tool"
             }
         ],
-        "References": [
-            "https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Royal Server",
-        "Description": "Royal Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ITSupport247 (ConnectWise)",
+        "Description": "ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7136,7 +7064,9 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "saazapsc.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -7146,7 +7076,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "royalapps.com"
+                        "*.itsupport247.net",
+                        "itsupport247.net"
                     ],
                     "Ports": []
                 }
@@ -7154,16 +7085,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_server_network_sigma.yml",
-                "Description": "Detects potential network activity of Royal Server RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__network_sigma.yml",
+                "Description": "Detects potential network activity of ITSupport247 (ConnectWise) RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__processes_sigma.yml",
+                "Description": "Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://control.itsupport247.net/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Solar-PuTTY",
-        "Description": "Solar-PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "WinSCP",
+        "Description": "WinSCP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -7181,9 +7118,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\Solar-Putty-v4\\*",
-                "*\\Solar-Putty-v4\\*",
-                "*\\Solar-PuTTY.exe"
+                "C:\\Users\\IEUser\\Downloads\\WinSCP-5.21.6-Portable\\*",
+                "*\\WinSCP*Portable\\*",
+                "*\\WinSCP.exe",
+                "*\\WinSCP\\*"
             ]
         },
         "Artifacts": {
@@ -7194,19 +7132,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/solar-putty_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Solar-PuTTY RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/winscp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of WinSCP RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Duplicati",
-        "Description": "Duplicati is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Zabbix Agent",
+        "Description": "Zabbix Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7221,31 +7159,45 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "c:\\Program Files\\*\\Duplicati.Server.exe",
-                "*\\*\\Duplicati.Server.exe"
+                "zabbix_agent*.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "user_managed",
+                        "zabbix.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/duplicati_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Duplicati RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zabbix_agent_network_sigma.yml",
+                "Description": "Detects potential network activity of Zabbix Agent RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zabbix_agent_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Zabbix Agent RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://www.zabbix.com/documentation/current/en/manual/appendix/install/windows_agent"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Remote Desktop Plus",
-        "Description": "Remote Desktop Plus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
+        "Name": "Splashtop",
+        "Description": "Splashtop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "Nasreddine Bencherchali",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7260,44 +7212,197 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "rdp.exe"
+                "C:\\Program Files (x86)\\Splashtop\\*",
+                "*\\Splashtop\\Splashtop Remote\\Client for RMM\\*",
+                "strwinclt.exe"
             ]
         },
         "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
+            "Disk": [
+                {
+                    "File": "C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Status%4Operational.evtx",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Remote Session%4Operational.evtx",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%PROGRAMDATA%\\Splashtop\\Temp\\log\\FTCLog.txt",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\agent_log.txt",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\SPLog.txt",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\svcinfo.txt",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\sysinfo.txt",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRService.exe",
+                    "Description": "Splashtop Remote Service",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRAgent.exe",
+                    "Description": "SplashTop Remote Agent",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Software Updater\\SSUAgent.exe",
+                    "Description": "Splashtop Updater",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRUtility.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\db\\SRAgent.sqlite3",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                }
+            ],
+            "EventLog": [
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "Splashtop Software Updater Service",
+                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Software Updater\\\\SSUService.exe\"",
+                    "Description": "Service installation event as result of Splashtop Software Updater Service installation."
+                },
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "Splashtop® Remote Service",
+                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"",
+                    "Description": "Service installation event as result of Splashtop Remote Service installation."
+                },
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "SplashtopRemoteService",
+                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"",
+                    "Description": "Service installation event as result of Splashtop Remote Service installation."
+                }
+            ],
+            "Registry": [
+                {
+                    "Path": "KLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\*",
+                    "Description": "Splashtop Inc. registry key"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater",
+                    "Description": "Splashtop Software Updater uninstall key"
+                },
+                {
+                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SplashtopRemoteService",
+                    "Description": "Splashtop Remote Service registry key"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Remote Session/Operational",
+                    "Description": "Splashtop Streamer Remote Session event log channel"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Status/Operational",
+                    "Description": "Splashtop Streamer Status event log channel"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater\\InstallRefCount",
+                    "Description": "Splashtop Software Updater install reference count"
+                },
+                {
+                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Network\\SplashtopRemoteService",
+                    "Description": "Splashtop Remote Service safe boot configuration"
+                },
+                {
+                    "Path": "HKU\\.DEFAULT\\Software\\Splashtop Inc.\\*",
+                    "Description": "Default user Splashtop Inc. registry key"
+                },
+                {
+                    "Path": "HKU\\SID\\Software\\Splashtop Inc.\\*",
+                    "Description": "User-specific Splashtop Inc. registry key"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\Splashtop PDF Remote Printer",
+                    "Description": "Splashtop PDF Remote Printer configuration"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\Splashtop Remote Server\\ClientInfo\\*",
+                    "Description": "Splashtop Remote Server client information"
+                }
+            ],
             "Network": [
                 {
-                    "Description": "Known remote domains",
+                    "Description": "N/A",
                     "Domains": [
-                        "donkz.nl"
+                        "*.splashtop.com"
                     ],
-                    "Ports": []
+                    "Ports": [
+                        "N/A"
+                    ]
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_network_sigma.yml",
-                "Description": "Detects potential network activity of Remote Desktop Plus RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_registry_sigma.yml",
+                "Description": "Detects potential registry activity of Splashtop RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Remote Desktop Plus RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_network_sigma.yml",
+                "Description": "Detects potential network activity of Splashtop RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_files_sigma.yml",
+                "Description": "Detects potential files activity of Splashtop RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Splashtop RMM tool"
             }
         ],
         "References": [
-            "https://www.donkz.nl/"
+            "https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html"
         ],
-        "Acknowledgement": []
+        "Acknowledgement": [
+            {
+                "Person": "Théo Letailleur",
+                "Handle": "in/theosyn"
+            }
+        ]
     },
     {
-        "Name": "ITSupport247 (ConnectWise)",
-        "Description": "ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "eHorus",
+        "Description": "eHorus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7312,7 +7417,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "saazapsc.exe"
+                "ehorus standalone.exe"
             ]
         },
         "Artifacts": {
@@ -7323,8 +7428,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.itsupport247.net",
-                        "itsupport247.net"
+                        "ehorus.com"
                     ],
                     "Ports": []
                 }
@@ -7332,22 +7436,20 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__network_sigma.yml",
-                "Description": "Detects potential network activity of ITSupport247 (ConnectWise) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_network_sigma.yml",
+                "Description": "Detects potential network activity of eHorus RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__processes_sigma.yml",
-                "Description": "Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_processes_sigma.yml",
+                "Description": "Detects potential processes activity of eHorus RMM tool"
             }
         ],
-        "References": [
-            "https://control.itsupport247.net/"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "GoodSync",
-        "Description": "GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CloudHQ",
+        "Description": "CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -7364,12 +7466,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "installation requires paid version of GoodSync Server",
-                "installation requires paid version of GoodSync Server",
-                "GoodSync-vsub-Setup.exe",
-                "A40B81B36CDC2D24910FC58816E50DCDE21BD1A9"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -7377,21 +7474,16 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goodsync_processes_sigma.yml",
-                "Description": "Detects potential processes activity of GoodSync RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "DesktopNow",
-        "Description": "DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "BeyondTrust (Bomgar)",
+        "Description": "BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7406,7 +7498,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "desktopnow.exe"
+                "bomgar-scc.exe",
+                "bomgar-rdp.exe",
+                "bomgar-scc-*.exe",
+                "bomgar-pac-*.exe",
+                "bomgar-pac.exe"
             ]
         },
         "Artifacts": {
@@ -7417,7 +7513,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.nchuser.com"
+                        "bomgarcloud.com",
+                        "*.bomgarcloud.com",
+                        "*.beyondtrustcloud.com"
                     ],
                     "Ports": []
                 }
@@ -7425,56 +7523,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_network_sigma.yml",
-                "Description": "Detects potential network activity of DesktopNow RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml",
+                "Description": "Detects potential network activity of BeyondTrust (Bomgar) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_processes_sigma.yml",
-                "Description": "Detects potential processes activity of DesktopNow RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml",
+                "Description": "Detects potential processes activity of BeyondTrust (Bomgar) RMM tool"
             }
         ],
         "References": [
-            "https://forums.ivanti.com/s/article/Network-Ports-used-by-Environment-Manager?language=en_US"
+            "https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Remmina",
-        "Description": "Remmina is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": []
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "CloudMounter",
-        "Description": "CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "OCS inventory",
+        "Description": "OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7489,33 +7556,46 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\CloudMounter\\*",
-                "*\\CloudMounter\\*",
-                "*\\CloudMounter\\*",
-                "*\\cloudmounter.exe"
+                "ocsinventory.exe",
+                "ocsservice.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "user_managed",
+                        "ocsinventory-ng.org"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudmounter_processes_sigma.yml",
-                "Description": "Detects potential processes activity of CloudMounter RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_network_sigma.yml",
+                "Description": "Detects potential network activity of OCS inventory RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_processes_sigma.yml",
+                "Description": "Detects potential processes activity of OCS inventory RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://ocsinventory-ng.org/?page_id=878&lang=en"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Distant Desktop",
-        "Description": "Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CentraStage (Now Datto)",
+        "Description": "CentraStage (Now Datto) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7530,9 +7610,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "distant-desktop.exe",
-                "dd.exe",
-                "ddsystem.exe"
+                "CagService.exe",
+                "AEMAgent.exe"
             ]
         },
         "Artifacts": {
@@ -7543,8 +7622,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.distantdesktop.com",
-                        "*signalserver.xyz"
+                        "*.rmm.datto.com",
+                        "*cc.centrastage.net",
+                        "datto.com/au/products/rmm/"
                     ],
                     "Ports": []
                 }
@@ -7552,25 +7632,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml",
-                "Description": "Detects potential network activity of Distant Desktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__network_sigma.yml",
+                "Description": "Detects potential network activity of CentraStage (Now Datto) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Distant Desktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__processes_sigma.yml",
+                "Description": "Detects potential processes activity of CentraStage (Now Datto) RMM tool"
             }
         ],
         "References": [
-            "https://www.distantdesktop.com/manual/first-start.htm"
+            "https://rmm.datto.com/help/de/Content/1INTRODUCTION/Requirements/AllowListRequirements.htm"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "DameWare",
-        "Description": "DameWare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "XRDP",
+        "Description": "XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7584,16 +7664,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "SolarWinds-Dameware-DRS*.exe",
-                "DameWare Mini Remote Control*.exe",
-                "C:\\Windows\\dwrcs\\*\n c:\\Program File\\SolarWinds\\Dameware Mini Remote Control\\*",
-                "dwrcs.exe",
-                "*\\dwrcs\\*",
-                "*\\dwrcst.exe",
-                "DameWare Remote Support.exe",
-                "SolarWinds-Dameware-MRC*.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -7601,23 +7672,16 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware_processes_sigma.yml",
-                "Description": "Detects potential processes activity of DameWare RMM tool"
-            }
-        ],
-        "References": [
-            "https://documentation.solarwinds.com/en/success_center/dameware/content/install-standalone-port-requirements.htm"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Level",
-        "Description": "Level is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FleetDesk.io",
+        "Description": "FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -7631,7 +7695,13 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "fleetdeck_agent_svc.exe",
+                "fleetdeck_commander_svc.exe",
+                "fleetdeck_installer.exe",
+                "fleetdeck_agent.exe",
+                "fleetdeck_commander_launcher.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -7641,7 +7711,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "level.io"
+                        "*.fleetdeck.io",
+                        "cognito-idp.us-west-2.amazonaws.com",
+                        "fleetdeck.io"
                     ],
                     "Ports": []
                 }
@@ -7649,551 +7721,379 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level_network_sigma.yml",
-                "Description": "Detects potential network activity of Level RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml",
+                "Description": "Detects potential network activity of FleetDesk.io RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml",
+                "Description": "Detects potential processes activity of FleetDesk.io RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://fleetdeck.io/faq/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Insync",
-        "Description": "Insync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
+        "Name": "Atera",
+        "Description": "Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransomware or facilitate command execution and lateral movement.\n",
+        "Created": "2024/08/03",
         "LastModified": "",
         "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
+            "Website": "https://www.atera.com/",
+            "PEMetadata": [
+                {
+                    "Filename": "AteraAgent.exe",
+                    "OriginalFileName": "AteraAgent.exe",
+                    "Description": "AteraAgent"
+                }
+            ],
+            "Privileges": "SYSTEM",
+            "Free": "30 day trial",
+            "Verification": "None",
+            "SupportedOS": [
+                "Windows",
+                "MacOS",
+                "Linux"
+            ],
+            "Capabilities": [
+                "Integrated remote access with Splashtop and AnyDesk",
+                "Remote monitoring and management",
+                "Patch management",
+                "Network discovery",
+                "Backup and disaster recovery",
+                "Helpdesk and ticketing",
+                "Reporting and analytics",
+                "Billing and invoicing",
+                "Customer portal",
+                "Mobile app"
+            ],
+            "Vulnerabilities": [
+                "CVE-2023-26078",
+                "CVE-2023-26077"
+            ],
             "InstallationPaths": [
-                "C:\\Users\\USERNAME\\AppData\\Roaming\\Insync\\App\\Insync.exe",
-                "*Users\\*\\AppData\\Roaming\\Insync\\App\\Insync.exe",
-                "*\\Insync.exe"
+                "*\\AgentPackageNetworkDiscovery.exe",
+                "*\\AgentPackageTaskScheduler.exe",
+                "*\\ATERA Networks\\AteraAgent\\*",
+                "*\\AteraAgent.exe",
+                "atera_agent.exe",
+                "atera_agent.exe",
+                "ateraagent.exe",
+                "C:\\Program Files\\ATERA Networks\\AteraAgent\\*",
+                "C:\\Program Files\\Atera Networks",
+                "C:\\Program Files (x86)\\Atera Networks",
+                "syncrosetup.exe"
             ]
         },
         "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/insync_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Insync RMM tool"
-            }
-        ],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Bomgar - Now BeyondTrust",
-        "Description": "Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": []
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "ISL Online",
-        "Description": "ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/8/2024",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "*\\ISLLight.exe",
-                "isllight.exe",
-                "ISLLightClient.exe",
-                "C:\\Program Files (x86)\\ISL Online\\ISL Light*",
-                "*\\ISL Online\\ISL Light*",
-                "ISLLight.exe",
-                "isllightservice.exe",
-                "islalwaysonmonitor.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": [
+            "Disk": [
                 {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.islonline.com",
-                        "*.islonline.net"
-                    ],
-                    "Ports": []
+                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageRunCommandInteractive\\log.txt",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\*",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\AteraAgent.exe",
+                    "Description": "Atera service binary",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files\\Atera Networks\\AlphaAgent.exe",
+                    "Description": "Atera service binary",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageSTRemote\\AgentPackageSTRemote.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageMonitoring\\AgentPackageMonitoring.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageHeartbeat\\AgentPackageHeartbeat.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageFileExplorer\\AgentPackageFileExplorer.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageRunCommandInteractive\\AgentPackageRunCommandInteractive.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
                 }
-            ]
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml",
-                "Description": "Detects potential network activity of ISL Online RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ISL Online RMM tool"
-            }
-        ],
-        "References": [
-            "https://help.islonline.com/19818/165940"
-        ],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Remote.it",
-        "Description": "Remote.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/9/2024",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "remote-it-installer.exe",
-                "remote.it.exe",
-                "remoteit.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
+            ],
+            "EventLog": [
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "AteraAgent",
+                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\ATERA Networks\\\\AteraAgent\\\\AteraAgent.exe\"",
+                    "Description": "Service installation event as result of AteraAgent installation."
+                },
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "WinRing0_1_2_0",
+                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\ATERA Networks\\\\AteraAgent\\\\Packages\\\\AgentPackageMonitoring\\\\OpenHardwareMonitorLib.sys\"",
+                    "Description": "Service installation event as result of Atera pakcage manager installation."
+                },
+                {
+                    "EventID": 11707,
+                    "ProviderName": "MsiInstaller",
+                    "LogFile": "Application.evtx",
+                    "Data": "Product: AteraAgent -- Installation completed successfully.",
+                    "Description": "Service installation event as result of AteraAgent installation."
+                },
+                {
+                    "EventID": 4688,
+                    "ProviderName": "Microsoft-Security-Auditing",
+                    "LogFile": "Security.evtx",
+                    "CommandLine": "C:\\\\Program Files\\\\ATERA Networks\\\\AteraAgent\\\\Packages\\\\AgentPackageFileExplorer\\\\AgentPackageFileExplorer.exe XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX agent-api.atera.com/Production 443 [BASE64BLOB]",
+                    "Description": "Service installation event as result of AteraAgent installation."
+                }
+            ],
+            "Registry": [
+                {
+                    "Path": "HKLM\\SOFTWARE\\ATERA Networks\\AlphaAgent",
+                    "Description": null
+                },
+                {
+                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\AteraAgent",
+                    "Description": null
+                },
+                {
+                    "Path": "KLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.",
+                    "Description": null
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater",
+                    "Description": null
+                },
+                {
+                    "Path": "HKLM\\SYSTEM\\ControlSet\\Services\\EventLog\\Application\\AlphaAgent",
+                    "Description": null
+                },
+                {
+                    "Path": "HKLM\\SYSTEM\\ControlSet\\Services\\EventLog\\Application\\AteraAgent",
+                    "Description": null
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Tracing\\AteraAgent_RASAPI32",
+                    "Description": null
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Tracing\\AteraAgent_RASMANCS",
+                    "Description": null
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\ATERA Networks\\*",
+                    "Description": null
+                }
+            ],
             "Network": [
                 {
-                    "Description": "Known remote domains",
+                    "Description": "N/A",
                     "Domains": [
-                        "auth.api.remote.it",
-                        "api.remote.it",
-                        "remote.it"
+                        "pubsub.atera.com"
                     ],
-                    "Ports": []
-                }
-            ]
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_network_sigma.yml",
-                "Description": "Detects potential network activity of Remote.it RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Remote.it RMM tool"
-            }
-        ],
-        "References": [
-            "https://docs.remote.it/introduction/get-started"
-        ],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Core FTP",
-        "Description": "Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\*\\coreftplite.exe",
-                "*\\coreftplite.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/core_ftp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Core FTP RMM tool"
-            }
-        ],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Netreo",
-        "Description": "Netreo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/9/2024",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": []
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": [
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
                 {
-                    "Description": "Known remote domains",
+                    "Description": "N/A",
                     "Domains": [
-                        "charon.netreo.net",
-                        "activation.netreo.net",
-                        "*.api.netreo.com",
-                        "netreo.com"
+                        "pubsub.pubnub.com"
                     ],
-                    "Ports": []
-                }
-            ]
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netreo_network_sigma.yml",
-                "Description": "Detects potential network activity of Netreo RMM tool"
-            }
-        ],
-        "References": [
-            "https://solutions.netreo.com/docs/firewall-requirements"
-        ],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "CuteFTP",
-        "Description": "CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\Globalscape\\CuteFTP\\*",
-                "*\\Globalscape\\CuteFTP\\*",
-                "*\\cuteftppro.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cuteftp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of CuteFTP RMM tool"
-            }
-        ],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "CloudBuckIt",
-        "Description": "CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\CloudBuckIt\\*",
-                "*\\CloudBuckIt\\*",
-                "*\\CloudBuckIt*.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudbuckit_processes_sigma.yml",
-                "Description": "Detects potential processes activity of CloudBuckIt RMM tool"
-            }
-        ],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "NoteOn-desktop sharing",
-        "Description": "NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "nateon*.exe",
-                "nateon.exe",
-                "nateonmain.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/noteon-desktop_sharing_processes_sigma.yml",
-                "Description": "Detects potential processes activity of NoteOn-desktop sharing RMM tool"
-            }
-        ],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Royal TS",
-        "Description": "Royal TS is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "royalts.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": [
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "agentreporting.atera.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "getalphacontrol.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "app.atera.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "agenthb.atera.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "packagesstore.blob.core.windows.net"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "ps.pndsn.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "agent-api.atera.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "cacerts.thawte.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "agentreportingstore.blob.core.windows.net"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
                 {
-                    "Description": "Known remote domains",
+                    "Description": "N/A",
                     "Domains": [
-                        "royalapps.com"
+                        "atera-agent-heartbeat.servicebus.windows.net"
                     ],
-                    "Ports": []
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "ps.atera.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "atera.pubnubapi.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "appcdn.atera.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_network_sigma.yml",
-                "Description": "Detects potential network activity of Royal TS RMM tool"
+                "Sigma": "https://github.com/The-DFIR-Report/Sigma-Rules/blob/d67407d357ad32b247e2a303abc5a38bb30fd576/rules/windows/process_creation/proc_creation_win_ateraagent_malicious_installations.yml",
+                "Name": "AteraAgent malicious installations",
+                "Description": "Detects AteraAgent installations with suspicious command line arguments."
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Royal TS RMM tool"
-            }
-        ],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "DeskNets",
-        "Description": "DeskNets is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/26/2024",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
+                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/builtin/application/msiinstaller/win_software_atera_rmm_agent_install.yml",
+                "Name": "Atera Agent Installation",
+                "Description": "Detects Atera Agent installation."
             },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": []
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [
-            "https://www.desknets.com/en/download.html"
-        ],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "QQ IM-remote assistance",
-        "Description": "QQ IM-remote assistance is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/9/2024",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_registry_sigma.yml",
+                "Description": "Detects potential registry activity of Atera RMM tool"
             },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "qq.exe",
-                "QQProtect.exe",
-                "qqpcmgr.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.mdt.qq.com",
-                        "*.desktop.qq.com",
-                        "upload_data.qq.com",
-                        "qq-messenger.en.softonic.com"
-                    ],
-                    "Ports": []
-                }
-            ]
-        },
-        "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_network_sigma.yml",
-                "Description": "Detects potential network activity of QQ IM-remote assistance RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_network_sigma.yml",
+                "Description": "Detects potential network activity of Atera RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_processes_sigma.yml",
-                "Description": "Detects potential processes activity of QQ IM-remote assistance RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_files_sigma.yml",
+                "Description": "Detects potential files activity of Atera RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Atera RMM tool"
             }
         ],
         "References": [
-            "https://en.wikipedia.org/wiki/Tencent_QQ"
+            "https://support.atera.com/hc/en-us/articles/360015461139-Firewall-Settings-for-Atera-s-Integrations",
+            "https://support.atera.com/hc/en-us/articles/215955967-Troubleshoot-Atera-s-Windows-agent",
+            "https://support.atera.com/hc/en-us/articles/115015619747-Release-Notes-February-2018",
+            "https://thedfirreport.com/?s=ateraagent"
         ],
-        "Acknowledgement": []
+        "Acknowledgement": [
+            {
+                "Person": "Théo Letailleur",
+                "Handle": "in/theosyn"
+            },
+            {
+                "Person": "Nasreddine Bencherchali",
+                "Handle": "@nas_bench"
+            },
+            {
+                "Person": "Kostas",
+                "Handle": "@kostastsale"
+            }
+        ]
     },
     {
-        "Name": "PuTTY Tray",
-        "Description": "PuTTY Tray is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CuteFTP",
+        "Description": "CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -8211,8 +8111,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\*\\puttytray.exe",
-                "*\\puttytray.exe"
+                "C:\\Program Files (x86)\\Globalscape\\CuteFTP\\*",
+                "*\\Globalscape\\CuteFTP\\*",
+                "*\\cuteftppro.exe"
             ]
         },
         "Artifacts": {
@@ -8223,16 +8124,16 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/putty_tray_processes_sigma.yml",
-                "Description": "Detects potential processes activity of PuTTY Tray RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cuteftp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of CuteFTP RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "FileZilla",
-        "Description": "FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SuperPuTTY",
+        "Description": "SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -8250,9 +8151,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\FileZilla FTP Client\\*",
-                "*\\FileZilla FTP Client\\*",
-                "*\\FileZilla.exe"
+                "C:\\Downloads\\SuperPuTTY\\*",
+                "*Downloads\\SuperPuTTY\\*",
+                "*\\superputty.exe",
+                "*\\SuperPuTTY\\*"
             ]
         },
         "Artifacts": {
@@ -8263,50 +8165,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/filezilla_processes_sigma.yml",
-                "Description": "Detects potential processes activity of FileZilla RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superputty_processes_sigma.yml",
+                "Description": "Detects potential processes activity of SuperPuTTY RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "XRDP",
-        "Description": "XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "NoteOn-desktop sharing",
+        "Description": "NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": []
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "FastViewer",
-        "Description": "FastViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -8321,47 +8192,32 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "fastclient.exe",
-                "fastmaster.exe",
-                "FastViewer.exe"
+                "nateon*.exe",
+                "nateon.exe",
+                "nateonmain.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.fastviewer.com",
-                        "fastviewer.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_network_sigma.yml",
-                "Description": "Detects potential network activity of FastViewer RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_processes_sigma.yml",
-                "Description": "Detects potential processes activity of FastViewer RMM tool"
-            }
-        ],
-        "References": [
-            "https://fastviewer.com/demo/EN_FastViewer_Server%20Installation%20Configuration.pdf"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/noteon-desktop_sharing_processes_sigma.yml",
+                "Description": "Detects potential processes activity of NoteOn-desktop sharing RMM tool"
+            }
         ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Jump Desktop",
-        "Description": "Jump Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "X2Go",
+        "Description": "X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -8375,49 +8231,21 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "jumpclient.exe",
-                "jumpdesktop.exe",
-                "jumpservice.exe",
-                "jumpconnect.exe",
-                "jumpupdater.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.jumpdesktop.com",
-                        "jumpdesktop.com",
-                        "jumpto.me",
-                        "*.jumpto.me"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_network_sigma.yml",
-                "Description": "Detects potential network activity of Jump Desktop RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Jump Desktop RMM tool"
-            }
-        ],
-        "References": [
-            "https://support.jumpdesktop.com/hc/en-us/articles/360042490351-Administrators-Guide-For-Jump-Desktop-Connect"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "pCloud",
-        "Description": "pCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Cruz",
+        "Description": "Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -8434,33 +8262,37 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\pCloud Drive\\",
-                "*\\pCloud Drive\\",
-                "*\\pCloud.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "resources.doradosoftware.com/cruz-rmm"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcloud_processes_sigma.yml",
-                "Description": "Detects potential processes activity of pCloud RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cruz_network_sigma.yml",
+                "Description": "Detects potential network activity of Cruz RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Ivanti Remote Control",
-        "Description": "Ivanti Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "GoToAssist",
+        "Description": "GoToAssist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -8475,9 +8307,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "IvantiRemoteControl.exe",
-                "ArcUI.exe",
-                "AgentlessRC.exe"
+                "gotoassist.exe",
+                "g2a*.exe",
+                "GoTo Assist Opener.exe"
             ]
         },
         "Artifacts": {
@@ -8488,7 +8320,14 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.ivanticloud.com"
+                        "goto.com",
+                        "*.getgo.com",
+                        "*.fastsupport.com",
+                        "*.gotoassist.com",
+                        "helpme.net",
+                        "*.gotoassist.me",
+                        "*.gotoassist.at",
+                        "*.desktopstreaming.com"
                     ],
                     "Ports": []
                 }
@@ -8496,25 +8335,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ivanti_remote_control_network_sigma.yml",
-                "Description": "Detects potential network activity of Ivanti Remote Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotoassist_network_sigma.yml",
+                "Description": "Detects potential network activity of GoToAssist RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ivanti_remote_control_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Ivanti Remote Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotoassist_processes_sigma.yml",
+                "Description": "Detects potential processes activity of GoToAssist RMM tool"
             }
         ],
         "References": [
-            "https://rc1.ivanticloud.com/"
+            "https://help.gotoassist.com/remote-support/help/what-should-i-allow-on-my-firewall-for-gotoassist-remote-support-v5"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "BeInSync",
-        "Description": "BeInSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Lite Manager",
+        "Description": "Lite Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -8529,45 +8368,27 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "Beinsync*.exe"
+                "C:\\Program Files\\LiteManager Pro – Viewer\\*",
+                "*\\LiteManager Pro – Viewer\\*",
+                "*\\LMNoIpServer.exe."
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.beinsync.net",
-                        "*.beinsync.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_network_sigma.yml",
-                "Description": "Detects potential network activity of BeInSync RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_processes_sigma.yml",
-                "Description": "Detects potential processes activity of BeInSync RMM tool"
-            }
-        ],
-        "References": [
-            "https://en.wikipedia.org/wiki/Phoenix_Technologies"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "NateOn-desktop sharing",
-        "Description": "NateOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "DameWare",
+        "Description": "DameWare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -8582,46 +8403,39 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "nateon*.exe",
-                "nateon.exe",
-                "nateonmain.exe"
+                "SolarWinds-Dameware-DRS*.exe",
+                "DameWare Mini Remote Control*.exe",
+                "C:\\Windows\\dwrcs\\*\n c:\\Program File\\SolarWinds\\Dameware Mini Remote Control\\*",
+                "dwrcs.exe",
+                "*\\dwrcs\\*",
+                "*\\dwrcst.exe",
+                "DameWare Remote Support.exe",
+                "SolarWinds-Dameware-MRC*.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.nate.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_network_sigma.yml",
-                "Description": "Detects potential network activity of NateOn-desktop sharing RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_processes_sigma.yml",
-                "Description": "Detects potential processes activity of NateOn-desktop sharing RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware_processes_sigma.yml",
+                "Description": "Detects potential processes activity of DameWare RMM tool"
             }
         ],
         "References": [
-            "http://rsupport.nate.com/rview/r8/main/index.aspx"
+            "https://documentation.solarwinds.com/en/success_center/dameware/content/install-standalone-port-requirements.htm"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Xeox",
-        "Description": "Xeox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Total Software Deployment",
+        "Description": "Total Software Deployment is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -8636,48 +8450,33 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "xeox-agent_x64.exe",
-                "xeox_service_windows.exe",
-                "xeox-agent_*.exe",
-                "xeox-agent_x86.exe"
+                "C:\\ProgramData\\Total Software Deployment\\*",
+                "*\\Total Software Deployment\\*",
+                "*\\tniwinagent.exe",
+                "*\\Tsdservice.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.xeox.com",
-                        "xeox.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_network_sigma.yml",
-                "Description": "Detects potential network activity of Xeox RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Xeox RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/total_software_deployment_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Total Software Deployment RMM tool"
             }
         ],
-        "References": [
-            "https://help.xeox.com/knowledge-base/gSuyNfDH6u79M82utnswf2/firewall-settings-xeox-agent-and-integrations/47T7S9tZJ2L1Z2W5gwuXoW"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "WinSCP",
-        "Description": "WinSCP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Laplink Everywhere",
+        "Description": "Laplink Everywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -8692,30 +8491,48 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Users\\IEUser\\Downloads\\WinSCP-5.21.6-Portable\\*",
-                "*\\WinSCP*Portable\\*",
-                "*\\WinSCP.exe",
-                "*\\WinSCP\\*"
+                "laplink.exe",
+                "laplink-everywhere-setup*.exe",
+                "laplinkeverywhere.exe",
+                "llrcservice.exe",
+                "serverproxyservice.exe",
+                "OOSysAgent.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "everywhere.laplink.com",
+                        "le.laplink.com",
+                        "atled.syspectr.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/winscp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of WinSCP RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_everywhere_network_sigma.yml",
+                "Description": "Detects potential network activity of Laplink Everywhere RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_everywhere_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Laplink Everywhere RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://everywhere.laplink.com/docs"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Desktop Central",
-        "Description": "Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FreeNX",
+        "Description": "FreeNX is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -8733,42 +8550,31 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "dcagentservice.exe"
+                "C:\\*\\nxplayer.exe",
+                "*\\nxplayer.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "desktopcentral.manageengine.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml",
-                "Description": "Detects potential network activity of Desktop Central RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Desktop Central RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freenx_processes_sigma.yml",
+                "Description": "Detects potential processes activity of FreeNX RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "DW Service",
-        "Description": "DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SkyFex",
+        "Description": "SkyFex is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -8783,9 +8589,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "dwagsvc.exe",
-                "dwagent.exe",
-                "dwagsvc.exe"
+                "Deskroll.exe",
+                "DeskRollUA.exe"
             ]
         },
         "Artifacts": {
@@ -8796,7 +8601,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.dwservice.net"
+                        "skyfex.com",
+                        "deskroll.com",
+                        "*.deskroll.com"
                     ],
                     "Ports": []
                 }
@@ -8804,118 +8611,301 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml",
-                "Description": "Detects potential network activity of DW Service RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_network_sigma.yml",
+                "Description": "Detects potential network activity of SkyFex RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml",
-                "Description": "Detects potential processes activity of DW Service RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_processes_sigma.yml",
+                "Description": "Detects potential processes activity of SkyFex RMM tool"
             }
         ],
         "References": [
-            "https://news.dwservice.net/dwservice-security-infrastructure/"
+            "https://skyfex.com/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "NTR Remote",
-        "Description": "NTR Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/26/2024",
+        "Name": "AnyDesk",
+        "Category": "RMM",
+        "Description": "AnyDesk is a popular remote desktop software that enables users to access and control a computer or device from a remote location. It was developed with the primary goal of facilitating remote work, technical support, and collaboration between individuals and teams.\n",
+        "Author": "Ali Alwashali, Nasreddine Bencherchali",
+        "Created": "2023-09-29",
+        "LastModified": "2024-08-02",
         "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
+            "Website": "https://anydesk.com/en",
+            "PEMetadata": [
+                {
+                    "Filename": "anydesk.exe",
+                    "OriginalFileName": "AnyDesk.exe",
+                    "Description": "AnyDesk",
+                    "Product": "AnyDesk"
+                }
+            ],
+            "Privileges": "User",
+            "Free": true,
+            "Verification": false,
+            "SupportedOS": [
+                "Android",
+                "ChromeOS",
+                "IOS",
+                "Linux",
+                "Mac",
+                "Windows"
+            ],
+            "Capabilities": [
+                "File Transfer",
+                "File System Access",
+                "Remote Control",
+                "GUI Support",
+                "Command line Support"
+            ],
+            "Vulnerabilities": [
+                "https://www.cvedetails.com/vulnerability-list/vendor_id-16953/product_id-40173/Anydesk-Anydesk.html"
+            ],
             "InstallationPaths": [
-                "NTRsupportPro_EN.exe"
+                "C:\\Program Files (x86)\\AnyDesk\\*",
+                "C:\\Program Files\\AnyDesk\\*"
             ]
         },
         "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
+            "Disk": [
+                {
+                    "File": "%programdata%\\AnyDesk\\ad_svc.trace",
+                    "Description": "AnyDesk service log file. As well as ad.trace, we can determine the IP address of the other participant and its AnyDesk ID when a connection is established.",
+                    "OS": "Windows",
+                    "Example": [
+                        "info 2022-08-23 10:20:11.969       gsvc   4628   3528    3                anynet.relay_conn - External address: 34.xx.xx.123:46798"
+                    ]
+                },
+                {
+                    "File": "%programdata%\\AnyDesk\\connection_trace.txt",
+                    "Description": "Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)",
+                    "OS": "Windows",
+                    "Example": [
+                        "Incoming 2022-08-23, 10:23 Passwd 547911884 547911884",
+                        "Incoming 2022-09-28, 12:39 User 442226597 442226597"
+                    ]
+                },
+                {
+                    "File": "%APPDATA%\\AnyDesk\\connection_trace.txt",
+                    "Description": "Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)",
+                    "OS": "Windows",
+                    "Example": [
+                        "Incoming 2022-08-23, 10:23 Passwd 547911884 547911884",
+                        "Incoming 2022-09-28, 12:39 User 442226597 442226597"
+                    ]
+                },
+                {
+                    "File": "%APPDATA%\\AnyDesk\\ad.trace",
+                    "Description": "AnyDesk user interface log file. In this log file, we can determine the IP address of the other participant and its AnyDesk ID. It is also possible to track events of file transfer. Below is the Client ID and external IP address of the remote participant.",
+                    "OS": "Windows",
+                    "Example": [
+                        "info 2022-09-28 12:39:26.845       lsvc   9952   9944   21                anynet.any_socket - Client-ID: 442226597 (FPR: 8e28a2a25b30).",
+                        "info 2022-09-28 12:39:26.845       lsvc   9952   9944   21                anynet.any_socket - Logged in from 12.xx.xx.21:59562 on relay 80e496c0."
+                    ]
+                },
+                {
+                    "File": "%APPDATA%\\AnyDesk\\chat\\*.txt",
+                    "Description": "If the chat functionality is used, its entries will be printed in a text file in this folder.",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%APPDATA%\\AnyDesk\\user.conf",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%PROGRAMDATA%\\AnyDesk\\service.conf",
+                    "Description": "Password can be set to auto-validate the session. The password will be saved in a salted hash format.",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%APPDATA%\\AnyDesk\\service.conf",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%APPDATA%\\AnyDesk\\system.conf",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%PROGRAMDATA%\\AnyDesk\\system.conf",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\AnyDesk.lnk",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\AnyDesk\\Uninstall AnyDesk.lnk",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Users\\*\\Videos\\AnyDesk\\*.anydesk",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\AnyDesk\\*",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "~/Library/Application Support/AnyDesk/Logs/",
+                    "Description": "N/A",
+                    "OS": "Mac"
+                },
+                {
+                    "File": "~/.config/AnyDesk/Logs/",
+                    "Description": "N/A",
+                    "OS": "Linux"
+                }
+            ],
+            "EventLog": [
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "AnyDesk Service",
+                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\AnyDesk\\\\AnyDesk.exe\" --service",
+                    "Description": "Service installation event as result of AnyDesk installation."
+                }
+            ],
+            "Registry": [
+                {
+                    "Path": "HKLM\\SOFTWARE\\Clients\\Media\\AnyDesk",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\AnyDesk",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\Classes\\.anydesk\\shell\\open\\command",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\Classes\\AnyDesk\\shell\\open\\command",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\AnyDesk Printer\\*",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\USBPRINT\\AnyDesk",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\WSDPRINT\\AnyDesk",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AnyDesk",
+                    "Description": "N/A"
+                }
+            ],
             "Network": [
                 {
-                    "Description": "Known remote domains",
+                    "Description": "During setup the boot.net.anydesk.com domain is request over port 443",
+                    "Domains": [
+                        "boot.net.anydesk.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "relay-[a-f0-9]{8}.net.anydesk.com:443"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
                     "Domains": [
-                        "*.ntrsupport.com"
+                        "*.anydesk.com"
                     ],
-                    "Ports": []
+                    "Ports": [
+                        443
+                    ]
+                }
+            ],
+            "Other": [
+                {
+                    "Type": "User-Agent",
+                    "Value": "AnyDesk/*"
+                },
+                {
+                    "Type": "NamedPipe",
+                    "Value": "adprinterpipe"
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_network_sigma.yml",
-                "Description": "Detects potential network activity of NTR Remote RMM tool"
+                "Sigma": "https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/builtin/system/service_control_manager/win_system_service_install_anydesk.yml",
+                "Description": "Anydesk Remote Access Software Service Installation"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_processes_sigma.yml",
-                "Description": "Detects potential processes activity of NTR Remote RMM tool"
+                "Sigma": "https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/file/file_event/file_event_win_anydesk_artefact.yml",
+                "Description": "N/A"
+            },
+            {
+                "Sigma": "https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk.yml",
+                "Description": "N/A"
+            },
+            {
+                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk_silent_install.yml",
+                "Description": "Remote Access Tool - AnyDesk Silent Installation"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_registry_sigma.yml",
+                "Description": "Detects potential registry activity of AnyDesk RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_network_sigma.yml",
+                "Description": "Detects potential network activity of AnyDesk RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_files_sigma.yml",
+                "Description": "Detects potential files activity of AnyDesk RMM tool"
             }
         ],
         "References": [
-            "DOA as of 2024"
+            "https://support.anydesk.com/knowledge/firewall",
+            "https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html",
+            "https://github.com/mthcht/awesome-lists/tree/79ced75eebe53bcabf1235b3c17eb11788875482/Lists/RMM/anydesk",
+            "https://ruler-project.github.io/ruler-project/RULER/remote/AnyDesk/"
         ],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "aws-cli",
-        "Description": "aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
+        "Acknowledgement": [
+            {
+                "Person": "Théo Letailleur",
+                "Handle": "in/theosyn"
             },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files\\Amazon\\AWSCLI\\*",
-                "*\\Amazon\\AWSCLI\\*",
-                "*\\AWSCLIV*.msi",
-                "*\\AWSCLISetup.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aws-cli_processes_sigma.yml",
-                "Description": "Detects potential processes activity of aws-cli RMM tool"
+                "Person": "Ali Alwashali",
+                "Handle": "@ali_alwashali"
+            },
+            {
+                "Person": "Nasreddine Bencherchali",
+                "Handle": "@nas_bench"
             }
-        ],
-        "References": [],
-        "Acknowledgement": []
+        ]
     },
     {
-        "Name": "TurboMeeting",
-        "Description": "TurboMeeting is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ManageEngine RMM Central",
+        "Description": "ManageEngine RMM Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -8929,11 +8919,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "pcstarter.exe",
-                "turbomeeting.exe",
-                "turbomeetingstarter.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -8943,8 +8929,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "acceo.com/turbomeeting/"
+                        "manageengine.com/remote-monitoring-management/"
                     ],
                     "Ports": []
                 }
@@ -8952,22 +8937,16 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_network_sigma.yml",
-                "Description": "Detects potential network activity of TurboMeeting RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_processes_sigma.yml",
-                "Description": "Detects potential processes activity of TurboMeeting RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_rmm_central_network_sigma.yml",
+                "Description": "Detects potential network activity of ManageEngine RMM Central RMM tool"
             }
         ],
-        "References": [
-            "http://sourcing.rhubcom.com/v5/faqs.html#collapsetwentysix2-topdiv"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "RemoteUtilities",
-        "Description": "RemoteUtilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Ocamlfuse",
+        "Description": "Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -8984,48 +8963,24 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "rutview.exe",
-                "*\\Remote Manipulator System - Server\\*",
-                "C:\\Program Files\\Remote Utilities\\*",
-                "*\\Remote Utilities\\*",
-                "rutserv.exe",
-                "*\\rutserv.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "remoteutilities.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_network_sigma.yml",
-                "Description": "Detects potential network activity of RemoteUtilities RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RemoteUtilities RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "BeyondTrust (Bomgar)",
-        "Description": "BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Koofr",
+        "Description": "Koofr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -9039,51 +8994,24 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "bomgar-scc.exe",
-                "bomgar-rdp.exe",
-                "bomgar-scc-*.exe",
-                "bomgar-pac-*.exe",
-                "bomgar-pac.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "bomgarcloud.com",
-                        "*.bomgarcloud.com",
-                        "*.beyondtrustcloud.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml",
-                "Description": "Detects potential network activity of BeyondTrust (Bomgar) RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml",
-                "Description": "Detects potential processes activity of BeyondTrust (Bomgar) RMM tool"
-            }
-        ],
-        "References": [
-            "https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Pulseway",
-        "Description": "Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Insync",
+        "Description": "Insync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -9098,42 +9026,29 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "PCMonitorManager.exe",
-                "pcmonitorsrv.exe"
+                "C:\\Users\\USERNAME\\AppData\\Roaming\\Insync\\App\\Insync.exe",
+                "*Users\\*\\AppData\\Roaming\\Insync\\App\\Insync.exe",
+                "*\\Insync.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "pulseway.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_network_sigma.yml",
-                "Description": "Detects potential network activity of Pulseway RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Pulseway RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/insync_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Insync RMM tool"
             }
         ],
-        "References": [
-            "https://intercom.help/pulseway/en/"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Panorama9",
-        "Description": "Panorama9 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Neturo",
+        "Description": "Neturo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/9/2024",
@@ -9151,7 +9066,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "p9agent*.exe"
+                "neturo*.exe",
+                "ntrntservice.exe",
+                "neturo.exe"
             ]
         },
         "Artifacts": {
@@ -9162,389 +9079,616 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "trusted.panorama9.com",
-                        "changes.panorama9.com",
-                        "panorama9.com"
+                        "neturo.uplus.co.kr"
                     ],
                     "Ports": []
                 }
             ]
         },
         "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_network_sigma.yml",
-                "Description": "Detects potential network activity of Panorama9 RMM tool"
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/neturo_network_sigma.yml",
+                "Description": "Detects potential network activity of Neturo RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Panorama9 RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/neturo_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Neturo RMM tool"
             }
         ],
         "References": [
-            "https://support.panorama9.com/en/articles/1859605-what-ports-and-hosts-does-the-p9-agent-communicate-with"
+            "Obscure, located an older copy here: http://www.iconpos.com/pos/home/iconpos/bbs.php?id=file&q=view&uid=2"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Atera",
-        "Description": "Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransomware or facilitate command execution and lateral movement.\n",
-        "Created": "2024/08/03",
-        "LastModified": "",
+        "Name": "Naverisk",
+        "Description": "Naverisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/9/2024",
         "Details": {
-            "Website": "https://www.atera.com/",
-            "PEMetadata": [
-                {
-                    "Filename": "AteraAgent.exe",
-                    "OriginalFileName": "AteraAgent.exe",
-                    "Description": "AteraAgent"
-                }
-            ],
-            "Privileges": "SYSTEM",
-            "Free": "30 day trial",
-            "Verification": "None",
-            "SupportedOS": [
-                "Windows",
-                "MacOS",
-                "Linux"
-            ],
-            "Capabilities": [
-                "Integrated remote access with Splashtop and AnyDesk",
-                "Remote monitoring and management",
-                "Patch management",
-                "Network discovery",
-                "Backup and disaster recovery",
-                "Helpdesk and ticketing",
-                "Reporting and analytics",
-                "Billing and invoicing",
-                "Customer portal",
-                "Mobile app"
-            ],
-            "Vulnerabilities": [
-                "CVE-2023-26078",
-                "CVE-2023-26077"
-            ],
-            "InstallationPaths": [
-                "*\\AgentPackageNetworkDiscovery.exe",
-                "*\\AgentPackageTaskScheduler.exe",
-                "*\\ATERA Networks\\AteraAgent\\*",
-                "*\\AteraAgent.exe",
-                "atera_agent.exe",
-                "atera_agent.exe",
-                "ateraagent.exe",
-                "C:\\Program Files\\ATERA Networks\\AteraAgent\\*",
-                "C:\\Program Files\\Atera Networks",
-                "C:\\Program Files (x86)\\Atera Networks",
-                "syncrosetup.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [
-                {
-                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageRunCommandInteractive\\log.txt",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\*",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\AteraAgent.exe",
-                    "Description": "Atera service binary",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files\\Atera Networks\\AlphaAgent.exe",
-                    "Description": "Atera service binary",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageSTRemote\\AgentPackageSTRemote.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageMonitoring\\AgentPackageMonitoring.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageHeartbeat\\AgentPackageHeartbeat.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageFileExplorer\\AgentPackageFileExplorer.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageRunCommandInteractive\\AgentPackageRunCommandInteractive.exe",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                }
-            ],
-            "EventLog": [
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "AteraAgent",
-                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\ATERA Networks\\\\AteraAgent\\\\AteraAgent.exe\"",
-                    "Description": "Service installation event as result of AteraAgent installation."
-                },
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "WinRing0_1_2_0",
-                    "ImagePath": "\"C:\\\\Program Files (x86)\\\\ATERA Networks\\\\AteraAgent\\\\Packages\\\\AgentPackageMonitoring\\\\OpenHardwareMonitorLib.sys\"",
-                    "Description": "Service installation event as result of Atera pakcage manager installation."
-                },
-                {
-                    "EventID": 11707,
-                    "ProviderName": "MsiInstaller",
-                    "LogFile": "Application.evtx",
-                    "Data": "Product: AteraAgent -- Installation completed successfully.",
-                    "Description": "Service installation event as result of AteraAgent installation."
-                },
-                {
-                    "EventID": 4688,
-                    "ProviderName": "Microsoft-Security-Auditing",
-                    "LogFile": "Security.evtx",
-                    "CommandLine": "C:\\\\Program Files\\\\ATERA Networks\\\\AteraAgent\\\\Packages\\\\AgentPackageFileExplorer\\\\AgentPackageFileExplorer.exe XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX agent-api.atera.com/Production 443 [BASE64BLOB]",
-                    "Description": "Service installation event as result of AteraAgent installation."
-                }
-            ],
-            "Registry": [
-                {
-                    "Path": "HKLM\\SOFTWARE\\ATERA Networks\\AlphaAgent",
-                    "Description": null
-                },
-                {
-                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\AteraAgent",
-                    "Description": null
-                },
-                {
-                    "Path": "KLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.",
-                    "Description": null
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater",
-                    "Description": null
-                },
-                {
-                    "Path": "HKLM\\SYSTEM\\ControlSet\\Services\\EventLog\\Application\\AlphaAgent",
-                    "Description": null
-                },
-                {
-                    "Path": "HKLM\\SYSTEM\\ControlSet\\Services\\EventLog\\Application\\AteraAgent",
-                    "Description": null
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Tracing\\AteraAgent_RASAPI32",
-                    "Description": null
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Tracing\\AteraAgent_RASMANCS",
-                    "Description": null
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\ATERA Networks\\*",
-                    "Description": null
-                }
-            ],
-            "Network": [
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "pubsub.atera.com"
-                    ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "pubsub.pubnub.com"
-                    ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "agentreporting.atera.com"
-                    ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "getalphacontrol.com"
-                    ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "app.atera.com"
-                    ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "agenthb.atera.com"
-                    ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "packagesstore.blob.core.windows.net"
-                    ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "AgentSetup-*.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "ps.pndsn.com"
+                        "user_managed",
+                        "naverisk.com"
                     ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/naverisk_network_sigma.yml",
+                "Description": "Detects potential network activity of Naverisk RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/naverisk_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Naverisk RMM tool"
+            }
+        ],
+        "References": [
+            "http://kb.naverisk.com/en/articles/2811223-deploying-naverisk-agents"
+        ],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "ISL Light",
+        "Description": "ISL Light is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "islalwaysonmonitor.exe",
+                "isllight.exe",
+                "isllightservice.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "agent-api.atera.com"
+                        "islonline.com"
                     ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_network_sigma.yml",
+                "Description": "Detects potential network activity of ISL Light RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ISL Light RMM tool"
+            }
+        ],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Pocket Controller",
+        "Description": "Pocket Controller is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "pocketcontroller.exe",
+                "pocketcloudservice.exe",
+                "wysebrowser.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "cacerts.thawte.com"
+                        "soti.net/products/soti-pocket-controller"
                     ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_network_sigma.yml",
+                "Description": "Detects potential network activity of Pocket Controller RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Pocket Controller RMM tool"
+            }
+        ],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Encapto",
+        "Description": "Encapto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/7/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": []
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "agentreportingstore.blob.core.windows.net"
+                        "encapto.com"
                     ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/encapto_network_sigma.yml",
+                "Description": "Detects potential network activity of Encapto RMM tool"
+            }
+        ],
+        "References": [
+            "https://www.encapto.com - used to manage Cisco services"
+        ],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "BeyondTrust",
+        "Description": "BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": []
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Amazon (Cloud) Drive",
+        "Description": "Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "C:\\Users\\*\\AppData\\Local\\Amazon\\Cloud Drive\\*",
+                "*\\AppData\\Local\\Amazon\\Cloud Drive\\*",
+                "*\\AmazonCloudDrive.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/amazon__cloud__drive_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Amazon (Cloud) Drive RMM tool"
+            }
+        ],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "N-ABLE Remote Access Software",
+        "Description": "N-ABLE Remote Access Software is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": []
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "atera-agent-heartbeat.servicebus.windows.net"
+                        "n-able.com"
                     ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_remote_access_software_network_sigma.yml",
+                "Description": "Detects potential network activity of N-ABLE Remote Access Software RMM tool"
+            }
+        ],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Guacamole",
+        "Description": "Guacamole is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/8/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "guacd.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "ps.atera.com"
+                        "user_managed",
+                        "guacamole.apache.org"
                     ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_network_sigma.yml",
+                "Description": "Detects potential network activity of Guacamole RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Guacamole RMM tool"
+            }
+        ],
+        "References": [
+            "guacamole.apache.org"
+        ],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Microsoft RDP",
+        "Description": "Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/8/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "termsrv.exe",
+                "mstsc.exe",
+                "Microsoft Remote Desktop"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Microsoft RDP RMM tool"
+            }
+        ],
+        "References": [
+            "https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows"
+        ],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Royal Apps",
+        "Description": "Royal Apps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/9/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "royalserver.exe",
+                "royalts.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "atera.pubnubapi.com"
+                        "user_managed"
                     ],
-                    "Ports": [
-                        "N/A"
-                    ]
-                },
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_network_sigma.yml",
+                "Description": "Detects potential network activity of Royal Apps RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Royal Apps RMM tool"
+            }
+        ],
+        "References": [
+            "https://www.royalapps.com/ts/win/download"
+        ],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Proton Drive",
+        "Description": "Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": []
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "ConnectWise",
+        "Description": "ConnectWise is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "C:\\Program Files (x86)\\ScreenConnect Client (<string ID>)\\*",
+                "*\\ScreenConnect*Client*\\*"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "RustDesk",
+        "Description": "RustDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/9/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "rustdesk*.exe",
+                "rustdesk.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "appcdn.atera.com"
+                        "rustdesk.com",
+                        "user_managed",
+                        "web.rustdesk.com"
                     ],
-                    "Ports": [
-                        "N/A"
-                    ]
+                    "Ports": []
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/The-DFIR-Report/Sigma-Rules/blob/d67407d357ad32b247e2a303abc5a38bb30fd576/rules/windows/process_creation/proc_creation_win_ateraagent_malicious_installations.yml",
-                "Name": "AteraAgent malicious installations",
-                "Description": "Detects AteraAgent installations with suspicious command line arguments."
-            },
-            {
-                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/builtin/application/msiinstaller/win_software_atera_rmm_agent_install.yml",
-                "Name": "Atera Agent Installation",
-                "Description": "Detects Atera Agent installation."
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_registry_sigma.yml",
-                "Description": "Detects potential registry activity of Atera RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_network_sigma.yml",
-                "Description": "Detects potential network activity of Atera RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_files_sigma.yml",
-                "Description": "Detects potential files activity of Atera RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_network_sigma.yml",
+                "Description": "Detects potential network activity of RustDesk RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/atera_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Atera RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RustDesk RMM tool"
             }
         ],
         "References": [
-            "https://support.atera.com/hc/en-us/articles/360015461139-Firewall-Settings-for-Atera-s-Integrations",
-            "https://support.atera.com/hc/en-us/articles/215955967-Troubleshoot-Atera-s-Windows-agent",
-            "https://support.atera.com/hc/en-us/articles/115015619747-Release-Notes-February-2018",
-            "https://thedfirreport.com/?s=ateraagent"
+            "https://rustdesk.com/docs/en/"
         ],
-        "Acknowledgement": [
-            {
-                "Person": "Théo Letailleur",
-                "Handle": "in/theosyn"
-            },
-            {
-                "Person": "Nasreddine Bencherchali",
-                "Handle": "@nas_bench"
-            },
-            {
-                "Person": "Kostas",
-                "Handle": "@kostastsale"
-            }
-        ]
+        "Acknowledgement": []
     },
     {
-        "Name": "JollysFastVNC",
-        "Description": "JollysFastVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RealVNC",
+        "Description": "RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -9574,8 +9718,8 @@
         "Acknowledgement": []
     },
     {
-        "Name": "RunSmart",
-        "Description": "RunSmart is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "GoToAssist Agent Desktop Console",
+        "Description": "GoToAssist Agent Desktop Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -9592,7 +9736,46 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\*\\G2RDesktopConsole-x64.msi",
+                "*\\G2RDesktopConsole-x64.msi"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "RES Automation Manager",
+        "Description": "RES Automation Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/9/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "wisshell*.exe",
+                "wmc.exe",
+                "wmc_deployer.exe",
+                "wmcsvc.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -9602,7 +9785,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "runsmart.io"
+                        "user_managed",
+                        "ivanti.com/"
                     ],
                     "Ports": []
                 }
@@ -9610,19 +9794,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/runsmart_network_sigma.yml",
-                "Description": "Detects potential network activity of RunSmart RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_network_sigma.yml",
+                "Description": "Detects potential network activity of RES Automation Manager RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RES Automation Manager RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://forums.ivanti.com/s/article/INFO-Which-ports-does-Ivanti-Automation-use?language=en_US&ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Chrome Remote Desktop",
-        "Description": "Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Zoho Assist",
+        "Description": "Zoho Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -9637,11 +9827,82 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "remote_host.exe",
-                "remoting_host.exe",
-                "C:\\Program Files (x86)\\Google\\Chrome Remote Desktop\\*",
-                "*\\Google\\Chrome Remote Desktop\\*",
-                "*\\remoting_host.exe"
+                "zaservice.exe",
+                "ZMAgent.exe",
+                "C:\\*\\ZA_Access.exe",
+                "ZohoMeeting.exe",
+                "Zohours.exe",
+                "zohotray.exe",
+                "ZohoURSService.exe",
+                "*\\ZA_Access.exe",
+                "Zaservice.exe",
+                "za_connect.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.zoho.com.au",
+                        "*.zohoassist.jp",
+                        "assist.zoho.com",
+                        "zoho.com/assist/",
+                        "*.zoho.in",
+                        "downloads.zohodl.com.cn",
+                        "*.zohoassist.com",
+                        "downloads.zohocdn.com",
+                        "gateway.zohoassist.com",
+                        "*.zohoassist.com.cn",
+                        "*.zoho.com.cn",
+                        "*.zoho.com",
+                        "*.zoho.eu"
+                    ],
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_network_sigma.yml",
+                "Description": "Detects potential network activity of Zoho Assist RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Zoho Assist RMM tool"
+            }
+        ],
+        "References": [
+            "https://www.zoho.com/assist/kb/firewall-configuration.html"
+        ],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Weezo",
+        "Description": "Weezo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/14/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "weezohttpd.exe",
+                "weezo.exe",
+                "weezo setup*.exe"
             ]
         },
         "Artifacts": {
@@ -9652,9 +9913,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*remotedesktop.google.com",
-                        "*remotedesktop-pa.googleapis.com",
-                        "remotedesktop.google.com"
+                        "*.weezo.me",
+                        "weezo.net",
+                        "*.weezo.net",
+                        "weezo.en.softonic.com"
                     ],
                     "Ports": []
                 }
@@ -9662,25 +9924,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml",
-                "Description": "Detects potential network activity of Chrome Remote Desktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_network_sigma.yml",
+                "Description": "Detects potential network activity of Weezo RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Chrome Remote Desktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Weezo RMM tool"
             }
         ],
         "References": [
-            "https://support.google.com/chrome/a/answer/2799701?hl=en"
+            "weezo.en.softonic.com"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Netviewer (GoToMeet)",
-        "Description": "Netviewer (GoToMeet) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Microsoft RDP",
+        "Description": "Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -9695,8 +9957,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "nvClient.exe",
-                "netviewer.exe"
+                "mstsc.exe"
             ]
         },
         "Artifacts": {
@@ -9707,21 +9968,21 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer__gotomeet__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Netviewer (GoToMeet) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Microsoft RDP RMM tool"
             }
         ],
         "References": [
-            "Obsolute - found copy here: https://www.enviolet.com/en/service/online-consultant.html"
+            "https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Netviewer",
-        "Description": "Netviewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "NinjaRMM",
+        "Description": "NinjaRMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -9736,8 +9997,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "netviewer*.exe",
-                "netviewer.exe"
+                "ninjarmmagent.exe",
+                "NinjaRMMAgent.exe",
+                "NinjaRMMAgenPatcher.exe",
+                "ninjarmm-cli.exe"
             ]
         },
         "Artifacts": {
@@ -9748,7 +10011,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "download.cnet.com/Net-Viewer/3000-2370_4-10034828.html"
+                        "*.ninjarmm.com",
+                        "*.ninjaone.com",
+                        "resources.ninjarmm.com",
+                        "ninjaone.com"
                     ],
                     "Ports": []
                 }
@@ -9756,23 +10022,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer_network_sigma.yml",
-                "Description": "Detects potential network activity of Netviewer RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_network_sigma.yml",
+                "Description": "Detects potential network activity of NinjaRMM RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Netviewer RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_processes_sigma.yml",
+                "Description": "Detects potential processes activity of NinjaRMM RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://www.ninjaone.com/faq/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "ConnectWise Control",
-        "Description": "ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FixMe.it",
+        "Description": "FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -9787,8 +10055,18 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "connectwisechat-customer.exe",
-                "connectwisecontrol.client.exe"
+                "FixMeit Unattended Access Setup.exe",
+                "TiExpertStandalone.exe",
+                "FixMeitClient*.exe",
+                "FixMeit Client.exe",
+                "FixMeit Expert Setup.exe",
+                "TiExpertCore.exe",
+                "fixmeitclient.exe",
+                "TiClientCore.exe",
+                "TiClientHelper*.exe",
+                "no installation required | recommend blocking fixme[.]it SaaS portal",
+                "no installation required | recommend blocking fixme[.]it SaaS portal",
+                "9380CC75B872221A7425D7503565B67580407F60"
             ]
         },
         "Artifacts": {
@@ -9799,7 +10077,11 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "control.connectwise.com"
+                        "*.fixme.it",
+                        "*.techinline.net",
+                        "fixme.it",
+                        "*set.me",
+                        "*setme.net"
                     ],
                     "Ports": []
                 }
@@ -9807,20 +10089,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml",
-                "Description": "Detects potential network activity of ConnectWise Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_network_sigma.yml",
+                "Description": "Detects potential network activity of FixMe.it RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ConnectWise Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_processes_sigma.yml",
+                "Description": "Detects potential processes activity of FixMe.it RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://docs.fixme.it/general-questions/which-ports-and-servers-does-fixme-it-use"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "ExtraPuTTY",
-        "Description": "ExtraPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "pCloud",
+        "Description": "pCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -9838,9 +10122,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Users\\*\\ExtraPuTTY-0.30-2016-01-28-installer.exe",
-                "*Users\\*\\ExtraPuTTY-0.30-2016-01-28-installer.exe",
-                "*\\ExtraPuTTY-0.30-2016-01-28-installer.exe"
+                "C:\\Program Files (x86)\\pCloud Drive\\",
+                "*\\pCloud Drive\\",
+                "*\\pCloud.exe"
             ]
         },
         "Artifacts": {
@@ -9851,19 +10135,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/extraputty_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ExtraPuTTY RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcloud_processes_sigma.yml",
+                "Description": "Detects potential processes activity of pCloud RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "FleetDeck",
-        "Description": "FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Ivanti Remote Control",
+        "Description": "Ivanti Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -9878,7 +10162,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "fleetdeck_agent_svc.exe"
+                "IvantiRemoteControl.exe",
+                "ArcUI.exe",
+                "AgentlessRC.exe"
             ]
         },
         "Artifacts": {
@@ -9889,7 +10175,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "fleetdeck.io"
+                        "*.ivanticloud.com"
                     ],
                     "Ports": []
                 }
@@ -9897,23 +10183,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_network_sigma.yml",
-                "Description": "Detects potential network activity of FleetDeck RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ivanti_remote_control_network_sigma.yml",
+                "Description": "Detects potential network activity of Ivanti Remote Control RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_processes_sigma.yml",
-                "Description": "Detects potential processes activity of FleetDeck RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ivanti_remote_control_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Ivanti Remote Control RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://rc1.ivanticloud.com/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "HelpU",
-        "Description": "HelpU is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "rdpwrap",
+        "Description": "rdpwrap is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -9928,9 +10216,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "helpu_install.exe",
-                "HelpuUpdater.exe",
-                "HelpuManager.exe"
+                "RDPWInst.exe",
+                "RDPCheck.exe",
+                "RDPConf.exe"
             ]
         },
         "Artifacts": {
@@ -9941,8 +10229,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "helpu.co.kr",
-                        "*.helpu.co.kr"
+                        "user_managed",
+                        "github.com/stascorp/rdpwrap"
                     ],
                     "Ports": []
                 }
@@ -9950,25 +10238,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_network_sigma.yml",
-                "Description": "Detects potential network activity of HelpU RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_network_sigma.yml",
+                "Description": "Detects potential network activity of rdpwrap RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_processes_sigma.yml",
-                "Description": "Detects potential processes activity of HelpU RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_processes_sigma.yml",
+                "Description": "Detects potential processes activity of rdpwrap RMM tool"
             }
         ],
         "References": [
-            "https://helpu.co.kr/"
+            "github.com/stascorp/rdpwrap"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "ESET Remote Administrator",
-        "Description": "ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "LabTech RMM (Now ConnectWise Automate)",
+        "Description": "LabTech RMM (Now ConnectWise Automate) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -9983,11 +10271,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "einstaller.exe",
-                "era.exe",
-                "ERAAgent.exe",
-                "ezhelp*.exe",
-                "eratool.exe"
+                "ltsvc.exe",
+                "ltsvcmon.exe",
+                "lttray.exe"
             ]
         },
         "Artifacts": {
@@ -9998,8 +10284,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "eset.com/me/business/remote-management/remote-administrator/"
+                        "connectwise.com"
                     ],
                     "Ports": []
                 }
@@ -10007,25 +10292,23 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_network_sigma.yml",
-                "Description": "Detects potential network activity of ESET Remote Administrator RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/labtech_rmm__now_connectwise_automate__network_sigma.yml",
+                "Description": "Detects potential network activity of LabTech RMM (Now ConnectWise Automate) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ESET Remote Administrator RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/labtech_rmm__now_connectwise_automate__processes_sigma.yml",
+                "Description": "Detects potential processes activity of LabTech RMM (Now ConnectWise Automate) RMM tool"
             }
         ],
-        "References": [
-            "eset.com/me/business/remote-management/remote-administrator/"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "ToDesk",
-        "Description": "ToDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Connectwise Automate (LabTech)",
+        "Description": "Connectwise Automate (LabTech) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10040,9 +10323,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "todesk.exe",
-                "ToDesk_Service.exe",
-                "ToDesk_Setup.exe"
+                "ltsvc.exe",
+                "ltsvcmon.exe",
+                "lttray.exe"
             ]
         },
         "Artifacts": {
@@ -10053,10 +10336,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "todesk.com",
-                        "*.todesk.com",
-                        "*.todesk.com",
-                        "todesktop.com"
+                        "*.hostedrmm.com"
                     ],
                     "Ports": []
                 }
@@ -10064,25 +10344,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/todesk_network_sigma.yml",
-                "Description": "Detects potential network activity of ToDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__network_sigma.yml",
+                "Description": "Detects potential network activity of Connectwise Automate (LabTech) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/todesk_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ToDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Connectwise Automate (LabTech) RMM tool"
             }
         ],
         "References": [
-            "https://www.todesk.com/"
+            "https://www.connectwise.com/company/announcements/labtech-now-connectwise-automate"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Distant Desktop",
-        "Description": "Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "N-Able Advanced Monitoring Agent",
+        "Description": "N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10097,9 +10377,13 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ddsystem.exe",
-                "dd.exe",
-                "distant-desktop.exe"
+                "BASupSrvc.exe",
+                "winagent.exe",
+                "BASupApp.exe",
+                "BASupTSHelper.exe",
+                "Agent_*_RW.exe",
+                "BASEClient.exe",
+                "BASupSrvcCnfg.exe"
             ]
         },
         "Artifacts": {
@@ -10110,8 +10394,25 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.distantdesktop.com",
-                        "*signalserver.xyz"
+                        "*.beanywhere.com ",
+                        "systemmonitor.co.uk",
+                        "*system-monitor.com",
+                        "cloudbackup.management",
+                        "*systemmonitor.co.uk",
+                        "n-able.com",
+                        "systemmonitor.us",
+                        "*systemmonitor.eu.com",
+                        "*.logicnow.com",
+                        "*.swi-tc.com",
+                        "*remote.management",
+                        "systemmonitor.us.cdn.cloudflare.net",
+                        "*cloudbackup.management",
+                        "remote.management",
+                        "logicnow.com",
+                        "system-monitor.com",
+                        "*systemmonitor.us",
+                        "systemmonitor.eu.com",
+                        "*.n-able.com"
                     ],
                     "Ports": []
                 }
@@ -10119,147 +10420,71 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml",
-                "Description": "Detects potential network activity of Distant Desktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_network_sigma.yml",
+                "Description": "Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Distant Desktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_processes_sigma.yml",
+                "Description": "Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool"
             }
         ],
         "References": [
-            "https://www.distantdesktop.com/manual/first-start.htm"
+            "https://documentation.n-able.com/takecontrol/troubleshooting/Content/kb/Take-Control-Standalone-Ports-and-Domains-Firewall-and-AV-Exclusions.htm"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "RAdmin",
-        "Description": "RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
-        "Author": "Nasreddine Bencherchali",
-        "Created": "2024-08-05",
-        "LastModified": "2024-08-05",
+        "Name": "Synergy",
+        "Description": "Synergy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/26/2024",
         "Details": {
-            "Website": "https://www.radmin.com/",
-            "PEMetadata": [
-                {
-                    "Filename": "RServer3.exe",
-                    "OriginalFileName": "RServer3.exe",
-                    "InternalName": "RServer3",
-                    "Description": "Radmin Server",
-                    "Product": "Radmin Server",
-                    "Comments": "Radmin - Remote Control Server"
-                },
-                {
-                    "Filename": "Radmin.exe",
-                    "OriginalFileName": "Radmin.exe",
-                    "InternalName": "Radmin",
-                    "Description": "Radmin Viewer",
-                    "Product": "Radmin Viewer",
-                    "Comments": "Radmin Viewer"
-                }
-            ],
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
             "Privileges": "",
             "Free": "",
             "Verification": "",
-            "SupportedOS": [
-                "Windows"
-            ],
+            "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\Radmin Viewer 3\\Radmin.exe",
-                "C:\\Windows\\SysWOW64\\rserver30\\rserver3.exe",
-                "C:\\Windows\\SysWOW64\\rserver30\\FamItrfc",
-                "C:\\Windows\\SysWOW64\\rserver30\\FamItrf2"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
-            "Disk": [
-                {
-                    "File": "C:\\Windows\\SysWOW64\\rserver30\\Radm_log.htm",
-                    "Description": "RAdmin log file (32-bit)",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Windows\\System32\\rserver30\\Radm_log.htm",
-                    "Description": "RAdmin log file (64-bit)",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Windows\\System32\\rserver30\\CHATLOGS\\*\\*.htm",
-                    "Description": "RAdmin chat logs",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Users\\*\\Documents\\ChatLogs\\*\\*.htm",
-                    "Description": "RAdmin user chat logs",
-                    "OS": "Windows"
-                }
-            ],
+            "Disk": [],
             "EventLog": [],
-            "Registry": [
-                {
-                    "Path": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Radmin\\v3.0\\Server\\Parameters\\Radmin Security",
-                    "Description": "N/A"
-                }
-            ],
+            "Registry": [],
             "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "radmin.com"
+                        "user_managed"
                     ],
-                    "Ports": [
-                        443
-                    ]
+                    "Ports": []
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_pua_radmin.yml",
-                "Description": "PUA - Radmin Viewer Utility Execution"
-            },
-            {
-                "Sigma": "https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_registry_enumeration_for_credentials_cli.yml",
-                "Description": "Enumeration for 3rd Party Creds From CLI"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_registry_sigma.yml",
-                "Description": "Detects potential registry activity of RAdmin RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_network_sigma.yml",
-                "Description": "Detects potential network activity of RAdmin RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_files_sigma.yml",
-                "Description": "Detects potential files activity of RAdmin RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RAdmin RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/synergy_network_sigma.yml",
+                "Description": "Detects potential network activity of Synergy RMM tool"
             }
         ],
         "References": [
-            "https://radmin-club.com/radmin/how-to-establish-a-connection-outside-of-lan/",
-            "https://helpdesk.radmin.com/radmin3help/",
-            "https://helpdesk.radmin.com/radmin3help/files/viewercmd.htm",
-            "https://helpdesk.radmin.com/radmin3help/files/cmd.htm"
+            "https://symless.com/synergy"
         ],
-        "Acknowledgement": [
-            {
-                "Person": "Nasreddine Bencherchali",
-                "Handle": "@nas_bench"
-            }
-        ]
+        "Acknowledgement": []
     },
     {
-        "Name": "CrossLoop",
-        "Description": "CrossLoop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "LogMeIn rescue",
+        "Description": "LogMeIn rescue is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10274,9 +10499,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "crossloopservice.exe",
-                "CrossLoopConnect.exe",
-                "WinVNCStub.exe"
+                "support-logmeinrescue*.exe",
+                "support-logmeinrescue.exe",
+                "lmi_rescue.exe"
             ]
         },
         "Artifacts": {
@@ -10287,8 +10512,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.crossloop.com",
-                        "crossloop.en.softonic.com"
+                        "*.logmeinrescue.com",
+                        "*.logmeinrescue.eu",
+                        "logmeinrescue.com"
                     ],
                     "Ports": []
                 }
@@ -10296,25 +10522,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crossloop_network_sigma.yml",
-                "Description": "Detects potential network activity of CrossLoop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_network_sigma.yml",
+                "Description": "Detects potential network activity of LogMeIn rescue RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crossloop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of CrossLoop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_processes_sigma.yml",
+                "Description": "Detects potential processes activity of LogMeIn rescue RMM tool"
             }
         ],
         "References": [
-            "www.CrossLoop.com -> redirects to avast.com"
+            "https://support.logmeinrescue.com/rescue/help/allowlisting-and-rescue"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Centurion",
-        "Description": "Centurion is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "VNC",
+        "Description": "VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10329,7 +10555,13 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ctiserv.exe"
+                "winvnc*.exe",
+                "vncserver.exe",
+                "winwvc.exe",
+                "winvncsc.exe",
+                "vncserverui.exe",
+                "vncviewer.exe",
+                "winvnc.exe"
             ]
         },
         "Artifacts": {
@@ -10340,7 +10572,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "centuriontech.com"
+                        "user_managed",
+                        "realvnc.com/en/connect/download/vnc"
                     ],
                     "Ports": []
                 }
@@ -10348,25 +10581,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centurion_network_sigma.yml",
-                "Description": "Detects potential network activity of Centurion RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_network_sigma.yml",
+                "Description": "Detects potential network activity of VNC RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centurion_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Centurion RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of VNC RMM tool"
             }
         ],
         "References": [
-            "https://data443.atlassian.net/servicedesk/customer/portal/20"
+            "https://realvnc.com/en/connect/download/vnc"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "KickIdler",
-        "Description": "KickIdler is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "pcAnywhere",
+        "Description": "pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10381,8 +10614,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "grabberEM.*msi",
-                "grabberTT*.msi"
+                "awhost32.exe",
+                "awrem32.exe",
+                "pcaquickconnect.exe",
+                "winaw32.exe"
             ]
         },
         "Artifacts": {
@@ -10393,8 +10628,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "kickidler.com",
-                        "my.kickidler.com"
+                        "user_managed"
                     ],
                     "Ports": []
                 }
@@ -10402,21 +10636,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kickidler_network_sigma.yml",
-                "Description": "Detects potential network activity of KickIdler RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_network_sigma.yml",
+                "Description": "Detects potential network activity of pcAnywhere RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_processes_sigma.yml",
+                "Description": "Detects potential processes activity of pcAnywhere RMM tool"
             }
         ],
         "References": [
-            "https://www.kickidler.com/for-it/faq/"
+            "https://en.wikipedia.org/wiki/PcAnywhere"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Syncro",
-        "Description": "Syncro is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Access Remote PC",
+        "Description": "Access Remote PC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/13/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10431,60 +10669,28 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "Syncro.Installer.exe",
-                "Kabuto.App.Runner.exe",
-                "Syncro.Overmind.Service.exe",
-                "Kabuto.Installer.exe",
-                "KabutoSetup.exe",
-                "Syncro.Service.exe",
-                "Kabuto.Service.Runner.exe",
-                "Syncro.App.Runner.exe",
-                "SyncroLive.Service.exe",
-                "SyncroLive.Agent.exe"
+                "rpcgrab.exe",
+                "rpcsetup.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "kabuto.io",
-                        "*.syncromsp.com",
-                        "*.syncroapi.com",
-                        "syncromsp.com",
-                        "servably.com",
-                        "ld.aurelius.host",
-                        "app.kabuto.io ",
-                        "*.kabutoservices.com",
-                        "repairshopr.com",
-                        "kabutoservices.com",
-                        "attachments.servably.com"
-                    ],
-                    "Ports": []
-                }
-            ]
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncro_network_sigma.yml",
-                "Description": "Detects potential network activity of Syncro RMM tool"
-            },
+            "Network": []
+        },
+        "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncro_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Syncro RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/access_remote_pc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Access Remote PC RMM tool"
             }
         ],
-        "References": [
-            "https://community.syncromsp.com/t/syncro-exceptions-and-allowlists/2004"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "AweRay",
-        "Description": "AweRay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "GatherPlace-desktop sharing",
+        "Description": "GatherPlace-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/7/2024",
@@ -10502,8 +10708,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "aweray_remote*.exe",
-                "AweSun.exe"
+                "gp3.exe",
+                "gp4.exe",
+                "gp5.exe"
             ]
         },
         "Artifacts": {
@@ -10514,8 +10721,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "asapi*.aweray.net",
-                        "client-api.aweray.com"
+                        "*.gatherplace.com",
+                        "*.gatherplace.net",
+                        "gatherplace.com"
                     ],
                     "Ports": []
                 }
@@ -10523,25 +10731,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray_network_sigma.yml",
-                "Description": "Detects potential network activity of AweRay RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_network_sigma.yml",
+                "Description": "Detects potential network activity of GatherPlace-desktop sharing RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray_processes_sigma.yml",
-                "Description": "Detects potential processes activity of AweRay RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_processes_sigma.yml",
+                "Description": "Detects potential processes activity of GatherPlace-desktop sharing RMM tool"
             }
         ],
         "References": [
-            "https://sun.aweray.com/help"
+            "https://www.gatherplace.com/kb?id=136377"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "SunLogin",
-        "Description": "SunLogin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ODrive",
+        "Description": "ODrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10556,44 +10764,29 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "OrayRemoteShell.exe",
-                "OrayRemoteService.exe",
-                "sunlogin*.exe"
+                "C:\\Users\\*\\current\\",
+                "*Users\\*\\.odrive",
+                "*\\Odriveapp.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "sunlogin.oray.com",
-                        "client.oray.net"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sunlogin_network_sigma.yml",
-                "Description": "Detects potential network activity of SunLogin RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sunlogin_processes_sigma.yml",
-                "Description": "Detects potential processes activity of SunLogin RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/odrive_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ODrive RMM tool"
             }
         ],
-        "References": [
-            "https://sunlogin.oray.com/en/embed/software.html"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Koofr",
-        "Description": "Koofr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Remote Desktop Manager (Devolutions)",
+        "Description": "Remote Desktop Manager (Devolutions) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -10623,8 +10816,61 @@
         "Acknowledgement": []
     },
     {
-        "Name": "SysAid",
-        "Description": "SysAid is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RDPView",
+        "Description": "RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/9/2024",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "dwrcs.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "user_managed",
+                        "systemmanager.ru/dntu.en/rdp_view.htm"
+                    ],
+                    "Ports": []
+                }
+            ]
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_network_sigma.yml",
+                "Description": "Detects potential network activity of RDPView RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RDPView RMM tool"
+            }
+        ],
+        "References": [
+            "systemmanager.ru/dntu.en/rdp_view.htm - Same as Damware"
+        ],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "DragonDisk",
+        "Description": "DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -10642,10 +10888,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\SysAidServer\\*",
-                "*\\SysAidServer\\*",
-                "*\\SysAid\\*",
-                "*\\IliAS.exe"
+                "C:\\Program Files (x86)\\Almageste\\DragonDisk\\*",
+                "*\\Almageste\\DragonDisk\\*",
+                "*\\DragonDisk.exe"
             ]
         },
         "Artifacts": {
@@ -10656,19 +10901,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sysaid_processes_sigma.yml",
-                "Description": "Detects potential processes activity of SysAid RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dragondisk_processes_sigma.yml",
+                "Description": "Detects potential processes activity of DragonDisk RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Neturo",
-        "Description": "Neturo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Seetrol",
+        "Description": "Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10683,9 +10928,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "neturo*.exe",
-                "ntrntservice.exe",
-                "neturo.exe"
+                "seetrolcenter.exe",
+                "seetrolclient.exe",
+                "seetrolmyservice.exe",
+                "seetrolremote.exe",
+                "seetrolsetting.exe"
             ]
         },
         "Artifacts": {
@@ -10696,7 +10943,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "neturo.uplus.co.kr"
+                        "seetrol.co.kr"
                     ],
                     "Ports": []
                 }
@@ -10704,25 +10951,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/neturo_network_sigma.yml",
-                "Description": "Detects potential network activity of Neturo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_network_sigma.yml",
+                "Description": "Detects potential network activity of Seetrol RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/neturo_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Neturo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Seetrol RMM tool"
             }
         ],
         "References": [
-            "Obscure, located an older copy here: http://www.iconpos.com/pos/home/iconpos/bbs.php?id=file&q=view&uid=2"
+            "http://www.seetrol.com/en/features/features3.php"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "SmarTTY",
-        "Description": "SmarTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Netviewer (GoToMeet)",
+        "Description": "Netviewer (GoToMeet) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10737,9 +10984,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "c:\\Program Files (x86)\\Sysprogs\\SmarTTY\\*",
-                "*\\Sysprogs\\SmarTTY\\*",
-                "*\\SmarTTY.exe"
+                "nvClient.exe",
+                "netviewer.exe"
             ]
         },
         "Artifacts": {
@@ -10750,16 +10996,18 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/smartty_processes_sigma.yml",
-                "Description": "Detects potential processes activity of SmarTTY RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer__gotomeet__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Netviewer (GoToMeet) RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "Obsolute - found copy here: https://www.enviolet.com/en/service/online-consultant.html"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Impero Connect",
-        "Description": "Impero Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CarotDAV",
+        "Description": "CarotDAV is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -10777,42 +11025,32 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ImperoClientSVC.exe"
+                "C:\\Program Files (x86)\\Rei Software\\CarotDAV\\*",
+                "*\\Rei Software\\CarotDAV\\*",
+                "*\\CarotDAV.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "imperosoftware.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_network_sigma.yml",
-                "Description": "Detects potential network activity of Impero Connect RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Impero Connect RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/carotdav_processes_sigma.yml",
+                "Description": "Detects potential processes activity of CarotDAV RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "247ithelp.com (ConnectWise)",
-        "Description": "247ithelp.com (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Duplicati",
+        "Description": "Duplicati is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10827,44 +11065,31 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "Remote Workforce Client.exe"
+                "c:\\Program Files\\*\\Duplicati.Server.exe",
+                "*\\*\\Duplicati.Server.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.247ithelp.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/247ithelp.com__connectwise__network_sigma.yml",
-                "Description": "Detects potential network activity of 247ithelp.com (ConnectWise) RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/247ithelp.com__connectwise__processes_sigma.yml",
-                "Description": "Detects potential processes activity of 247ithelp.com (ConnectWise) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/duplicati_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Duplicati RMM tool"
             }
         ],
-        "References": [
-            "Similar / replaced by ScreenConnect"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Remobo",
-        "Description": "Remobo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Netop Remote Control (aka Impero Connect)",
+        "Description": "Netop Remote Control (aka Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -10879,9 +11104,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "remobo.exe",
-                "remobo_client.exe",
-                "remobo_tracker.exe"
+                "nhostsvc.exe",
+                "nhstw32.exe",
+                "nldrw32.exe",
+                "rmserverconsolemediator.exe"
             ]
         },
         "Artifacts": {
@@ -10892,8 +11118,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "remobo.en.softonic.com"
+                        "imperosoftware.com/impero-connect/"
                     ],
                     "Ports": []
                 }
@@ -10901,22 +11126,20 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_network_sigma.yml",
-                "Description": "Detects potential network activity of Remobo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__aka_impero_connect__network_sigma.yml",
+                "Description": "Detects potential network activity of Netop Remote Control (aka Impero Connect) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Remobo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__aka_impero_connect__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Netop Remote Control (aka Impero Connect) RMM tool"
             }
         ],
-        "References": [
-            "https://www.remobo.com - DOA as of 2024"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "CloudFuze",
-        "Description": "CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Onionshare",
+        "Description": "Onionshare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -10933,7 +11156,12 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\Program Files (x86)\\OnionShare\\*",
+                "*\\OnionShare\\*",
+                "*\\onionshare*.exe",
+                "OnionShare-win*.msi"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -10941,13 +11169,18 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/onionshare_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Onionshare RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Free Tools Launcher",
-        "Description": "Free Tools Launcher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SecureCRT",
+        "Description": "SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -10965,8 +11198,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\ManageEngine\\ManageEngine Free Tools\\Launcher\\*",
-                "*\\ManageEngine\\*"
+                "C:\\*\\SecureCRT.EXE",
+                "*\\SecureCRT.EXE",
+                "*\\VanDyke Software\\ClientPack\\*"
             ]
         },
         "Artifacts": {
@@ -10975,13 +11209,18 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/securecrt_processes_sigma.yml",
+                "Description": "Detects potential processes activity of SecureCRT RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Echoware",
-        "Description": "Echoware is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "GetScreen",
+        "Description": "GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/7/2024",
@@ -10999,31 +11238,47 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "echoserver*.exe",
-                "echoware.dll"
+                "GetScreen.exe",
+                "getscreen.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "getscreen.me",
+                        "GetScreen.me",
+                        "*.getscreen.me"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/echoware_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Echoware RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_network_sigma.yml",
+                "Description": "Detects potential network activity of GetScreen RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_processes_sigma.yml",
+                "Description": "Detects potential processes activity of GetScreen RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://docs.getscreen.me/self-hosted/system-requirements/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Zoho Assist",
-        "Description": "Zoho Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Pandora RC (eHorus)",
+        "Description": "Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11038,16 +11293,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "zaservice.exe",
-                "ZMAgent.exe",
-                "C:\\*\\ZA_Access.exe",
-                "ZohoMeeting.exe",
-                "Zohours.exe",
-                "zohotray.exe",
-                "ZohoURSService.exe",
-                "*\\ZA_Access.exe",
-                "Zaservice.exe",
-                "za_connect.exe"
+                "ehorus standalone.exe",
+                "ehorus_agent.exe"
             ]
         },
         "Artifacts": {
@@ -11058,19 +11305,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.zoho.com.au",
-                        "*.zohoassist.jp",
-                        "assist.zoho.com",
-                        "zoho.com/assist/",
-                        "*.zoho.in",
-                        "downloads.zohodl.com.cn",
-                        "*.zohoassist.com",
-                        "downloads.zohocdn.com",
-                        "gateway.zohoassist.com",
-                        "*.zohoassist.com.cn",
-                        "*.zoho.com.cn",
-                        "*.zoho.com",
-                        "*.zoho.eu"
+                        "portal.ehorus.com"
                     ],
                     "Ports": []
                 }
@@ -11078,25 +11313,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_network_sigma.yml",
-                "Description": "Detects potential network activity of Zoho Assist RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__network_sigma.yml",
+                "Description": "Detects potential network activity of Pandora RC (eHorus) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Zoho Assist RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Pandora RC (eHorus) RMM tool"
             }
         ],
         "References": [
-            "https://www.zoho.com/assist/kb/firewall-configuration.html"
+            "https://pandorafms.com/manual/!current/en/documentation/09_pandora_rc/01_pandora_rc_introduction"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "KiTTY",
-        "Description": "KiTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Rapid7",
+        "Description": "Rapid7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11111,28 +11346,44 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\*\\kitty.exe",
-                "*\\kitty.exe"
+                "ir_agent.exe",
+                "rapid7_agent_core.exe",
+                "rapid7_endpoint_broker.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.analytics.insight.rapid7.com",
+                        "*.endpoint.ingress.rapid7.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kitty_processes_sigma.yml",
-                "Description": "Detects potential processes activity of KiTTY RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_network_sigma.yml",
+                "Description": "Detects potential network activity of Rapid7 RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Rapid7 RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://docs.rapid7.com/insightvm/configure-communications-with-the-insight-platform/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Proton Drive",
-        "Description": "Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "aws-cli",
+        "Description": "aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -11149,7 +11400,12 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\Program Files\\Amazon\\AWSCLI\\*",
+                "*\\Amazon\\AWSCLI\\*",
+                "*\\AWSCLIV*.msi",
+                "*\\AWSCLISetup.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -11157,16 +11413,21 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aws-cli_processes_sigma.yml",
+                "Description": "Detects potential processes activity of aws-cli RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "SimpleHelp",
-        "Description": "SimpleHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Electric AI (Kaseya)",
+        "Description": "Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11180,47 +11441,23 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "simplehelpcustomer.exe",
-                "simpleservice.exe",
-                "simplegatewayservice.exe",
-                "remote access.exe",
-                "windowslauncher.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed",
-                        "simple-help.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_network_sigma.yml",
-                "Description": "Detects potential network activity of SimpleHelp RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of SimpleHelp RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [
-            "https://simple-help.com/remote-support"
+            "https://www.electric.ai/product/device-management-solutions - Usess Kaseya/jamf"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "CloudFlare Tunnel",
-        "Description": "CloudFlare Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Basecamp",
+        "Description": "Basecamp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/7/2024",
@@ -11237,9 +11474,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "cloudflared.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -11249,7 +11484,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "cloudflare.com/products/tunnel/"
+                        "basecamp.com"
                     ],
                     "Ports": []
                 }
@@ -11257,22 +11492,18 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_network_sigma.yml",
-                "Description": "Detects potential network activity of CloudFlare Tunnel RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_processes_sigma.yml",
-                "Description": "Detects potential processes activity of CloudFlare Tunnel RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/basecamp_network_sigma.yml",
+                "Description": "Detects potential network activity of Basecamp RMM tool"
             }
         ],
         "References": [
-            "cloudflare.com/products/tunnel/"
+            "basecamp.com - No specific RMM tool listed"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "GoTo Opener",
-        "Description": "GoTo Opener is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Ultra VNC",
+        "Description": "Ultra VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -11290,8 +11521,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\GoTo Opener",
-                "*\\GoTo Opener"
+                "C:\\Program Files\\uvnc bvba\\UltraVNC\\*",
+                "*\\uvnc bvba\\UltraVNC\\*",
+                "*\\UVNC_Launch.exe",
+                "*\\winvnc.exe",
+                "*\\vncviewer.exe"
             ]
         },
         "Artifacts": {
@@ -11300,16 +11534,21 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultra_vnc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Ultra VNC RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Pcvisit",
-        "Description": "Pcvisit is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "BeamYourScreen",
+        "Description": "BeamYourScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11324,10 +11563,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "pcvisit.exe",
-                "pcvisit_client.exe",
-                "pcvisit-easysupport.exe",
-                "pcvisit_service_client.exe"
+                "beamyourscreen.exe",
+                "beamyourscreen-host.exe"
             ]
         },
         "Artifacts": {
@@ -11338,8 +11575,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.pcvisit.de",
-                        "pcvisit.de"
+                        "beamyourscreen.com",
+                        "*.beamyourscreen.com"
                     ],
                     "Ports": []
                 }
@@ -11347,22 +11584,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_network_sigma.yml",
-                "Description": "Detects potential network activity of Pcvisit RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_network_sigma.yml",
+                "Description": "Detects potential network activity of BeamYourScreen RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Pcvisit RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_processes_sigma.yml",
+                "Description": "Detects potential processes activity of BeamYourScreen RMM tool"
             }
         ],
         "References": [
-            "https://www.pcvisit.de/"
+            "beamyourscreen redirects to https://www.mikogo.com/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Mocha VNC Lite",
-        "Description": "Mocha VNC Lite is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Quick Assist",
+        "Description": "Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -11380,27 +11617,42 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "This installs a modified VNC and cannot be blocked by path separate from VNC",
-                "This installs a modified VNC and cannot be blocked by path separate from VNC",
-                "*\\RealVNC\\VNC4\\*"
+                "quickassist.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.support.services.microsoft.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_network_sigma.yml",
+                "Description": "Detects potential network activity of Quick Assist RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Quick Assist RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Laplink Gold",
-        "Description": "Laplink Gold is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Netviewer",
+        "Description": "Netviewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11415,8 +11667,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "tsircusr.exe",
-                "laplink.exe"
+                "netviewer*.exe",
+                "netviewer.exe"
             ]
         },
         "Artifacts": {
@@ -11427,8 +11679,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "wen.laplink.com/product/laplink-gold"
+                        "download.cnet.com/Net-Viewer/3000-2370_4-10034828.html"
                     ],
                     "Ports": []
                 }
@@ -11436,25 +11687,23 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_network_sigma.yml",
-                "Description": "Detects potential network activity of Laplink Gold RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer_network_sigma.yml",
+                "Description": "Detects potential network activity of Netviewer RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Laplink Gold RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Netviewer RMM tool"
             }
         ],
-        "References": [
-            "wen.laplink.com/product/laplink-gold"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Cyberduck",
-        "Description": "Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RemoteCall",
+        "Description": "RemoteCall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11469,29 +11718,49 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\Cyberduck\\*",
-                "*\\Cyberduck\\*",
-                "*\\Cyberduck.exe"
+                "rcengmgru.exe",
+                "rcmgrsvc.exe",
+                "rxstartsupport.exe",
+                "rcstartsupport.exe",
+                "raautoup.exe",
+                "agentu.exe",
+                "remotesupportplayeru.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.remotecall.com",
+                        "*.startsupport.com",
+                        "remotecall.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cyberduck_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Cyberduck RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotecall_network_sigma.yml",
+                "Description": "Detects potential network activity of RemoteCall RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotecall_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RemoteCall RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://help.remotecall.com/hc/en-us/articles/360005128814--RemoteCall-Server-List-For-Firewall"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Iperius Remote",
-        "Description": "Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ISL Online",
+        "Description": "ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/8/2024",
@@ -11509,8 +11778,14 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "iperius.exe",
-                "iperiusremote.exe"
+                "*\\ISLLight.exe",
+                "isllight.exe",
+                "ISLLightClient.exe",
+                "C:\\Program Files (x86)\\ISL Online\\ISL Light*",
+                "*\\ISL Online\\ISL Light*",
+                "ISLLight.exe",
+                "isllightservice.exe",
+                "islalwaysonmonitor.exe"
             ]
         },
         "Artifacts": {
@@ -11521,10 +11796,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.iperiusremote.com",
-                        "*.iperius.com",
-                        "*.iperius-rs.com",
-                        "iperiusremote.com"
+                        "*.islonline.com",
+                        "*.islonline.net"
                     ],
                     "Ports": []
                 }
@@ -11532,25 +11805,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_network_sigma.yml",
-                "Description": "Detects potential network activity of Iperius Remote RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml",
+                "Description": "Detects potential network activity of ISL Online RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Iperius Remote RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ISL Online RMM tool"
             }
         ],
         "References": [
-            "https://www.iperiusremote.com/download-iperius-remote-desktop-windows.aspx"
+            "https://help.islonline.com/19818/165940"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "BeamYourScreen",
-        "Description": "BeamYourScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Kabuto",
+        "Description": "Kabuto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11565,8 +11838,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "beamyourscreen.exe",
-                "beamyourscreen-host.exe"
+                "Kabuto.App.Runner.exe"
             ]
         },
         "Artifacts": {
@@ -11577,8 +11849,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "beamyourscreen.com",
-                        "*.beamyourscreen.com"
+                        "*.kabuto.io",
+                        "repairtechsolutions.com/kabuto/"
                     ],
                     "Ports": []
                 }
@@ -11586,25 +11858,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_network_sigma.yml",
-                "Description": "Detects potential network activity of BeamYourScreen RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kabuto_network_sigma.yml",
+                "Description": "Detects potential network activity of Kabuto RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_processes_sigma.yml",
-                "Description": "Detects potential processes activity of BeamYourScreen RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kabuto_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Kabuto RMM tool"
             }
         ],
         "References": [
-            "beamyourscreen redirects to https://www.mikogo.com/"
+            "https://www.repairtechsolutions.com/documentation/kabuto/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "TeleDesktop",
-        "Description": "TeleDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "N-Able Advanced Monitoring Agent",
+        "Description": "N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11619,9 +11891,12 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "pstlaunch.exe",
-                "ptdskclient.exe",
-                "ptdskhost.exe"
+                "Agent_*_RW.exe",
+                "BASEClient.exe",
+                "BASupApp.exe",
+                "BASupSrvc.exe",
+                "BASupSrvcCnfg.exe",
+                "BASupTSHelper.exe"
             ]
         },
         "Artifacts": {
@@ -11632,8 +11907,17 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "tele-desk.com"
+                        "*remote.management",
+                        "*.logicnow.com",
+                        "*systemmonitor.us",
+                        "*systemmonitor.eu.com",
+                        "*system-monitor.com",
+                        "systemmonitor.us.cdn.cloudflare.net",
+                        "*cloudbackup.management",
+                        "*systemmonitor.co.uk",
+                        "*.n-able.com",
+                        "*.beanywhere.com ",
+                        "*.swi-tc.com"
                     ],
                     "Ports": []
                 }
@@ -11641,25 +11925,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_network_sigma.yml",
-                "Description": "Detects potential network activity of TeleDesktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_network_sigma.yml",
+                "Description": "Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of TeleDesktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_processes_sigma.yml",
+                "Description": "Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool"
             }
         ],
         "References": [
-            "http://potomacsoft.com/ - DOA as of 2024"
+            "https://documentation.n-able.com/takecontrol/troubleshooting/Content/kb/Take-Control-Standalone-Ports-and-Domains-Firewall-and-AV-Exclusions.htm"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Parallels Access",
-        "Description": "Parallels Access is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "GoTo Opener",
+        "Description": "GoTo Opener is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11674,49 +11958,64 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "parallelsaccess-*.exe",
-                "TSClient.exe",
-                "prl_deskctl_agent.exe",
-                "prl_deskctl_wizard.exe",
-                "prl_pm_service.exe"
+                "C:\\Program Files (x86)\\GoTo Opener",
+                "*\\GoTo Opener"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.parallels.com",
-                        "parallels.com/products/ras/try"
-                    ],
-                    "Ports": []
-                }
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "Remcos",
+        "Description": "Remcos is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "remcos*.exe"
             ]
         },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_network_sigma.yml",
-                "Description": "Detects potential network activity of Parallels Access RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Parallels Access RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remcos_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Remcos RMM tool"
             }
         ],
-        "References": [
-            "https://kb.parallels.com/en/129097"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Basecamp",
-        "Description": "Basecamp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "HelpBeam",
+        "Description": "HelpBeam is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11730,7 +12029,9 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "helpbeam*.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -11740,7 +12041,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "basecamp.com"
+                        "helpbeam.software.informer.com"
                     ],
                     "Ports": []
                 }
@@ -11748,21 +12049,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/basecamp_network_sigma.yml",
-                "Description": "Detects potential network activity of Basecamp RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpbeam_network_sigma.yml",
+                "Description": "Detects potential network activity of HelpBeam RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpbeam_processes_sigma.yml",
+                "Description": "Detects potential processes activity of HelpBeam RMM tool"
             }
         ],
         "References": [
-            "basecamp.com - No specific RMM tool listed"
+            "https://www.helpbeam.com domain for sale in 2024"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Weezo",
-        "Description": "Weezo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "LiteManager",
+        "Description": "LiteManager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11777,9 +12082,12 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "weezohttpd.exe",
-                "weezo.exe",
-                "weezo setup*.exe"
+                "lmnoipserver.exe",
+                "ROMFUSClient.exe",
+                "romfusclient.exe",
+                "romviewer.exe",
+                "romserver.exe",
+                "ROMServer.exe"
             ]
         },
         "Artifacts": {
@@ -11790,10 +12098,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.weezo.me",
-                        "weezo.net",
-                        "*.weezo.net",
-                        "weezo.en.softonic.com"
+                        "*.litemanager.ru",
+                        "*.litemanager.com",
+                        "litemanager.com"
                     ],
                     "Ports": []
                 }
@@ -11801,53 +12108,158 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_network_sigma.yml",
-                "Description": "Detects potential network activity of Weezo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_network_sigma.yml",
+                "Description": "Detects potential network activity of LiteManager RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Weezo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_processes_sigma.yml",
+                "Description": "Detects potential processes activity of LiteManager RMM tool"
             }
         ],
         "References": [
-            "weezo.en.softonic.com"
+            "https://www.litemanager.com/articles/LiteManager_remote_access_to_a_desktop_via_the_Internet_or_LAN/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "X2Go",
-        "Description": "X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
+        "Name": "Alpemix",
+        "Description": "Alpemix is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
+        "Author": "Nasreddine Bencherchali",
+        "Created": "2024-08-05",
+        "LastModified": "2024-08-05",
         "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
+            "Website": "https://www.alpemix.com/en/Home",
+            "PEMetadata": [
+                {
+                    "Filename": "Alpemix.exe",
+                    "OriginalFileName": "Alpemix",
+                    "Description": "Alpemix",
+                    "Product": "Alpemix",
+                    "InternalName": "Alpemix"
+                }
+            ],
             "Privileges": "",
             "Free": "",
             "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
+            "SupportedOS": [
+                "Windows",
+                "Linux",
+                "Android",
+                "Mac",
+                "IOS"
+            ],
+            "Capabilities": [
+                "5 Different Solutions for Remote Support",
+                "Access to Unattended Computers",
+                "Access to User Account Control (UAC) Screens",
+                "Add Your Own Logo",
+                "Auto Sizing",
+                "Automatic Update",
+                "Clipboard Transfer",
+                "Computer Independent Licensing",
+                "Contact List and Groups",
+                "Encrypted Communication",
+                "External Communication Barrier",
+                "File Transfer",
+                "Instant Messaging",
+                "Multi-Platform Support",
+                "Multiple Chat",
+                "Multiple Connections",
+                "No Port Forwarding Required",
+                "Peer to Peer Connection (p2p)",
+                "Receiving Offline Message",
+                "Remote Restart",
+                "ReportingRestricting The Authority",
+                "Screen Sharing",
+                "Sending Announcement Message",
+                "Sharing a certain part of the screen",
+                "Video Recording",
+                "Voice Communication",
+                "Who is currently supporting?",
+                "Working in Black Screen Mode"
+            ],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\AlpemixService.exe",
+                "C:\\AlpemixSrvc\\"
+            ]
         },
         "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
+            "Disk": [
+                {
+                    "File": "%localappdata%\\Alpemix\\Alpemix.ini",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                }
+            ],
+            "EventLog": [
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "AlpemixSrvc",
+                    "ImagePath": "*\\Alpemix.exe servicestartxxx",
+                    "Description": "Service installation event as result of Alpemix installation."
+                }
+            ],
+            "Registry": [
+                {
+                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\AlpemixSrvcx",
+                    "Description": "N/A"
+                }
+            ],
+            "Network": [
+                {
+                    "Domains": [
+                        "*.alpemix.com"
+                    ],
+                    "Ports": [
+                        443
+                    ],
+                    "Description": "N/A"
+                },
+                {
+                    "Domains": [
+                        "*.teknopars.com"
+                    ],
+                    "Ports": [
+                        80
+                    ],
+                    "Description": "N/A"
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_registry_sigma.yml",
+                "Description": "Detects potential registry activity of Alpemix RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_network_sigma.yml",
+                "Description": "Detects potential network activity of Alpemix RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_files_sigma.yml",
+                "Description": "Detects potential files activity of Alpemix RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Alpemix RMM tool"
+            }
+        ],
+        "References": [
+            "https://www.alpemix.com/en/remote-access"
+        ],
+        "Acknowledgement": [
+            {
+                "Person": "Nasreddine Bencherchali",
+                "Handle": "@nas_bench"
+            }
+        ]
     },
     {
-        "Name": "DriveMaker",
-        "Description": "DriveMaker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Xpra",
+        "Description": "Xpra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -11865,8 +12277,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\*\\DriveMaker.exe",
-                "*\\DriveMaker.exe"
+                "C:\\Program Files (x86)\\Xpra\\*",
+                "*\\Xpra\\*",
+                "*\\Xpra-Launcher.exe",
+                "*\\Xpra-x86_64_Setup.exe"
             ]
         },
         "Artifacts": {
@@ -11877,16 +12291,16 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/drivemaker_processes_sigma.yml",
-                "Description": "Detects potential processes activity of DriveMaker RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xpra_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Xpra RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Dev Tunnels (aka Visual Studio Dev Tunnel)",
-        "Description": "Dev Tunnels (aka Visual Studio Dev Tunnel) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CloudMounter",
+        "Description": "CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -11903,37 +12317,34 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\Program Files\\CloudMounter\\*",
+                "*\\CloudMounter\\*",
+                "*\\CloudMounter\\*",
+                "*\\cloudmounter.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.yml",
-                "Description": "Detects potential network activity of Dev Tunnels (aka Visual Studio Dev Tunnel) RMM tool"
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudmounter_processes_sigma.yml",
+                "Description": "Detects potential processes activity of CloudMounter RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Connectwise Automate (LabTech)",
-        "Description": "Connectwise Automate (LabTech) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Panorama9",
+        "Description": "Panorama9 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -11948,9 +12359,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ltsvc.exe",
-                "ltsvcmon.exe",
-                "lttray.exe"
+                "p9agent*.exe"
             ]
         },
         "Artifacts": {
@@ -11961,7 +12370,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.hostedrmm.com"
+                        "trusted.panorama9.com",
+                        "changes.panorama9.com",
+                        "panorama9.com"
                     ],
                     "Ports": []
                 }
@@ -11969,25 +12380,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__network_sigma.yml",
-                "Description": "Detects potential network activity of Connectwise Automate (LabTech) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_network_sigma.yml",
+                "Description": "Detects potential network activity of Panorama9 RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Connectwise Automate (LabTech) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Panorama9 RMM tool"
             }
         ],
         "References": [
-            "https://www.connectwise.com/company/announcements/labtech-now-connectwise-automate"
+            "https://support.panorama9.com/en/articles/1859605-what-ports-and-hosts-does-the-p9-agent-communicate-with"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Splashtop (Beta)",
-        "Description": "Splashtop (Beta) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Any Support",
+        "Description": "Any Support is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/27/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12002,10 +12413,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "SRServer.exe",
-                "SplashtopSOS.exe",
-                "Splashtop_Streamer_Windows*.exe",
-                "SRManager.exe"
+                "ManualLauncher.exe"
             ]
         },
         "Artifacts": {
@@ -12016,7 +12424,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "splashtop.com"
+                        "*.anysupport.net"
                     ],
                     "Ports": []
                 }
@@ -12024,23 +12432,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__network_sigma.yml",
-                "Description": "Detects potential network activity of Splashtop (Beta) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_network_sigma.yml",
+                "Description": "Detects potential network activity of Any Support RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Splashtop (Beta) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Any Support RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://www.anysupport.net/introduce_howto.php"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Google Drive",
-        "Description": "Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Remobo",
+        "Description": "Remobo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12055,31 +12465,44 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\Google\\Drive File Stream\\*",
-                "*\\Google\\Drive File Stream\\*",
-                "*Users\\*\\AppData\\*\\Google\\DriveFS*",
-                "G:\\My Drive*",
-                "*\\GoogleDriveFS.exe"
+                "remobo.exe",
+                "remobo_client.exe",
+                "remobo_tracker.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "user_managed",
+                        "remobo.en.softonic.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/google_drive_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Google Drive RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_network_sigma.yml",
+                "Description": "Detects potential network activity of Remobo RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Remobo RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://www.remobo.com - DOA as of 2024"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Netop",
-        "Description": "Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CloudBerry Explorer",
+        "Description": "CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -12094,174 +12517,26 @@
             "Free": "",
             "Verification": "",
             "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files\\Danware Data\\NetOp Packn Deploy\\*",
-                "*\\Danware Data\\NetOp Packn Deploy\\*",
-                "*\\Netop Remote Control\\*"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Kaseya (VSA)",
-        "Description": "Kaseya (VSA) aka Unigma is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
-        "Author": "Nasreddine Bencherchali",
-        "Created": "2024-08-05",
-        "LastModified": "2024-08-05",
-        "Details": {
-            "Website": "",
-            "PEMetadata": [
-                {
-                    "Filename": "agentmon.exe"
-                },
-                {
-                    "Filename": "KaUpdHlp.exe"
-                },
-                {
-                    "Filename": "KaUsrTsk.exe",
-                    "OriginalFileName": "",
-                    "Description": ""
-                }
-            ],
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\Kaseya\\",
-                "C:\\ProgramData\\Kaseya\\"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [
-                {
-                    "File": "%localappdata%\\Kaseya\\Log\\KaseyaLiveConnect\\*",
-                    "Description": "Kaseya Live Connect logs",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "~/Library/Logs/com.kaseya/KaseyaLiveConnect/*",
-                    "Description": "Kaseya Live Connect logs",
-                    "OS": "MacOS"
-                },
-                {
-                    "File": "C:\\ProgramData\\Kaseya\\Log\\Endpoint\\*",
-                    "Description": "Kaseya Endpoint logs",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files*\\Kaseya\\*\\agentmon.log",
-                    "Description": "Kaseya Agent Monitor log"
-                },
-                {
-                    "File": "/var/log/system.log",
-                    "Description": "Kaseya Agent Monitor log",
-                    "OS": "MacOS 32bit"
-                },
-                {
-                    "File": " ~/opt/kaseya/*/logs*",
-                    "Description": "Kaseya Agent Monitor log",
-                    "OS": "MacOS 64bit"
-                },
-                {
-                    "File": "C:\\Users\\*\\AppData\\Local\\Temp\\KASetup.log",
-                    "Description": "Kaseya Setup log in user temp directory",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Windows\\Temp\\KASetup.log",
-                    "Description": "Kaseya Setup log in Windows temp directory",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\ProgramData\\Kaseya\\Log\\KaseyaEdgeServices\\*",
-                    "Description": "Kaseya Edge Services logs",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Kaseya\\api\\v1.0\\logs\\",
-                    "Description": "Kaseya API logs",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Kaseya\\api\\v1.5\\endpoint\\logs",
-                    "Description": "Kaseya API logs",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Kaseya\\api\\v1.5\\endpoints\\logs",
-                    "Description": "Kaseya API logs",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Kaseya\\Log\\MakeSelfSignedCert.exe\\",
-                    "Description": "Certificate creation",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Kaseya\\WebPages\\install\\makecert.txt",
-                    "Description": "Certificate creation",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\KaseyaEndpoint*",
-                    "Description": "Endpoint service logs",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\Session_*",
-                    "Description": "Session logs",
-                    "OS": "Windows"
-                }
-            ],
-            "EventLog": [],
-            "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "deploy01.kaseya.com",
-                        "*managedsupport.kaseya.net",
-                        "*.kaseya.net",
-                        "kaseya.com"
-                    ],
-                    "Ports": []
-                }
-            ]
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__network_sigma.yml",
-                "Description": "Detects potential network activity of Kaseya (VSA) RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__files_sigma.yml",
-                "Description": "Detects potential files activity of Kaseya (VSA) RMM tool"
-            }
-        ],
-        "References": [
-            "https://helpdesk.kaseya.com/hc/en-gb/articles/229012608-Software-Deployment-URL-Port-Requirements",
-            "https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations",
-            "https://ruler-project.github.io/ruler-project/RULER/remote/Kaseya/",
-            "https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations"
-        ],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "C:\\Program Files\\CloudBerryLab\\CloudBerry Drive\\*",
+                "*\\CloudBerryLab\\CloudBerry Drive\\*"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "HelpBeam",
-        "Description": "HelpBeam is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "KickIdler",
+        "Description": "KickIdler is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/8/2024",
@@ -12279,7 +12554,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "helpbeam*.exe"
+                "grabberEM.*msi",
+                "grabberTT*.msi"
             ]
         },
         "Artifacts": {
@@ -12290,7 +12566,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "helpbeam.software.informer.com"
+                        "kickidler.com",
+                        "my.kickidler.com"
                     ],
                     "Ports": []
                 }
@@ -12298,25 +12575,21 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpbeam_network_sigma.yml",
-                "Description": "Detects potential network activity of HelpBeam RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpbeam_processes_sigma.yml",
-                "Description": "Detects potential processes activity of HelpBeam RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kickidler_network_sigma.yml",
+                "Description": "Detects potential network activity of KickIdler RMM tool"
             }
         ],
         "References": [
-            "https://www.helpbeam.com domain for sale in 2024"
+            "https://www.kickidler.com/for-it/faq/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Quest KACE Agent (formerly Dell KACE)",
-        "Description": "Quest KACE Agent (formerly Dell KACE) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Rocket Remote Desktop",
+        "Description": "Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12331,45 +12604,31 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "konea.exe"
+                "RDConsole.exe",
+                "RocketRemoteDesktop_Setup.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.kace.com",
-                        "www.quest.com/kace/"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quest_kace_agent__formerly_dell_kace__network_sigma.yml",
-                "Description": "Detects potential network activity of Quest KACE Agent (formerly Dell KACE) RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quest_kace_agent__formerly_dell_kace__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Quest KACE Agent (formerly Dell KACE) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rocket_remote_desktop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Rocket Remote Desktop RMM tool"
             }
         ],
-        "References": [
-            "https://support.quest.com/kb/4211365/which-network-ports-and-urls-are-required-for-the-kace-sma-appliance-to-function"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "DeskShare",
-        "Description": "DeskShare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "DW Service",
+        "Description": "DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12384,8 +12643,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "TeamTaskManager.exe",
-                "DSGuest.exe"
+                "dwagent.exe",
+                "dwagsvc.exe"
             ]
         },
         "Artifacts": {
@@ -12396,7 +12655,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed"
+                        "*.dwservice.net"
                     ],
                     "Ports": []
                 }
@@ -12404,25 +12663,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskshare_network_sigma.yml",
-                "Description": "Detects potential network activity of DeskShare RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml",
+                "Description": "Detects potential network activity of DW Service RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskshare_processes_sigma.yml",
-                "Description": "Detects potential processes activity of DeskShare RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml",
+                "Description": "Detects potential processes activity of DW Service RMM tool"
             }
         ],
         "References": [
-            "https://www.deskshare.com/help/fml/Active-and-Passive-connection-mode.aspx"
+            "https://news.dwservice.net/dwservice-security-infrastructure/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "rdpwrap",
-        "Description": "rdpwrap is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Terminals",
+        "Description": "Terminals is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12436,45 +12695,21 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "RDPWInst.exe",
-                "RDPCheck.exe",
-                "RDPConf.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed",
-                        "github.com/stascorp/rdpwrap"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_network_sigma.yml",
-                "Description": "Detects potential network activity of rdpwrap RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_processes_sigma.yml",
-                "Description": "Detects potential processes activity of rdpwrap RMM tool"
-            }
-        ],
-        "References": [
-            "github.com/stascorp/rdpwrap"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Total Software Deployment",
-        "Description": "Total Software Deployment is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Core FTP",
+        "Description": "Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -12492,10 +12727,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\ProgramData\\Total Software Deployment\\*",
-                "*\\Total Software Deployment\\*",
-                "*\\tniwinagent.exe",
-                "*\\Tsdservice.exe"
+                "C:\\*\\coreftplite.exe",
+                "*\\coreftplite.exe"
             ]
         },
         "Artifacts": {
@@ -12506,19 +12739,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/total_software_deployment_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Total Software Deployment RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/core_ftp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Core FTP RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "PuTTY",
-        "Description": "PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Echoware",
+        "Description": "Echoware is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12532,7 +12765,10 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "echoserver*.exe",
+                "echoware.dll"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -12540,16 +12776,21 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/echoware_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Echoware RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "FixMe.it",
-        "Description": "FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ToDesk",
+        "Description": "ToDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12564,18 +12805,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "FixMeit Unattended Access Setup.exe",
-                "TiExpertStandalone.exe",
-                "FixMeitClient*.exe",
-                "FixMeit Client.exe",
-                "FixMeit Expert Setup.exe",
-                "TiExpertCore.exe",
-                "fixmeitclient.exe",
-                "TiClientCore.exe",
-                "TiClientHelper*.exe",
-                "no installation required | recommend blocking fixme[.]it SaaS portal",
-                "no installation required | recommend blocking fixme[.]it SaaS portal",
-                "9380CC75B872221A7425D7503565B67580407F60"
+                "todesk.exe",
+                "ToDesk_Service.exe",
+                "ToDesk_Setup.exe"
             ]
         },
         "Artifacts": {
@@ -12586,11 +12818,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.fixme.it",
-                        "*.techinline.net",
-                        "fixme.it",
-                        "*set.me",
-                        "*setme.net"
+                        "todesk.com",
+                        "*.todesk.com",
+                        "*.todesk.com",
+                        "todesktop.com"
                     ],
                     "Ports": []
                 }
@@ -12598,25 +12829,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_network_sigma.yml",
-                "Description": "Detects potential network activity of FixMe.it RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/todesk_network_sigma.yml",
+                "Description": "Detects potential network activity of ToDesk RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_processes_sigma.yml",
-                "Description": "Detects potential processes activity of FixMe.it RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/todesk_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ToDesk RMM tool"
             }
         ],
         "References": [
-            "https://docs.fixme.it/general-questions/which-ports-and-servers-does-fixme-it-use"
+            "https://www.todesk.com/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "RDPView",
-        "Description": "RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "aria2",
+        "Description": "aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12631,45 +12862,33 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "dwrcs.exe"
+                "C:\\ProgramData\\CentraStage\\AEMAgent\\*",
+                "*ProgramData\\CentraStage\\AEMAgent\\*",
+                "*\\Steinberg\\Download Assistant\\3rd Party\\optional\\aria2\\*",
+                "*\\aria2c.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed",
-                        "systemmanager.ru/dntu.en/rdp_view.htm"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_network_sigma.yml",
-                "Description": "Detects potential network activity of RDPView RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RDPView RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aria2_processes_sigma.yml",
+                "Description": "Detects potential processes activity of aria2 RMM tool"
             }
         ],
-        "References": [
-            "systemmanager.ru/dntu.en/rdp_view.htm - Same as Damware"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Fortra",
-        "Description": "Fortra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "mstsc",
+        "Description": "mstsc is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12683,39 +12902,32 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "fortra.com"
-                    ],
-                    "Ports": []
-                }
+            "InstallationPaths": [
+                "C:\\Windows\\System32\\mstsc.exe",
+                "*Windows\\System32\\mstsc.exe"
             ]
         },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fortra_network_sigma.yml",
-                "Description": "Detects potential network activity of Fortra RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mstsc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of mstsc RMM tool"
             }
         ],
-        "References": [
-            "https://www.fortra.com - No free/cloud RMM softwars listed"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "ISL Light",
-        "Description": "ISL Light is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RemotePC",
+        "Description": "RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12730,9 +12942,16 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "islalwaysonmonitor.exe",
-                "isllight.exe",
-                "isllightservice.exe"
+                "C:\\Program Files (x86)\\RemotePC\\*",
+                "Idrive.File-Transfer",
+                "*\\RemotePC\\*",
+                "remotepcservice.exe",
+                "RemotePC.exe",
+                "remotepchost.exe",
+                "idrive.RemotePCAgent",
+                "rpcsuite.exe",
+                "*\\RemotePCService.exe",
+                "RemotePCService.exe"
             ]
         },
         "Artifacts": {
@@ -12743,7 +12962,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "islonline.com"
+                        "*.remotedesktop.com",
+                        "*.remotepc.com",
+                        "www.remotepc.com",
+                        "remotepc.com"
                     ],
                     "Ports": []
                 }
@@ -12751,23 +12973,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_network_sigma.yml",
-                "Description": "Detects potential network activity of ISL Light RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_network_sigma.yml",
+                "Description": "Detects potential network activity of RemotePC RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ISL Light RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RemotePC RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://www.remotedesktop.com/helpdesk/faq-firewall"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Pocket Controller (Soti Xsight)",
-        "Description": "Pocket Controller (Soti Xsight) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Raidrive",
+        "Description": "Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12782,46 +13006,28 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "pocketcontroller.exe",
-                "wysebrowser.exe",
-                "XSightService.exe"
+                "C:\\*\\OpenBoxLab\\RaiDrive\\*",
+                "*\\OpenBoxLab\\RaiDrive\\*",
+                "service = raidrive_*",
+                "Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\OpenBoxLab\\RaiDrive\\Drives"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*soti.net"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__network_sigma.yml",
-                "Description": "Detects potential network activity of Pocket Controller (Soti Xsight) RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Pocket Controller (Soti Xsight) RMM tool"
-            }
-        ],
-        "References": [
-            "https://pulse.soti.net/support/soti-xsight/help/"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "GatherPlace-desktop sharing",
-        "Description": "GatherPlace-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "UltraViewer",
+        "Description": "UltraViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12836,9 +13042,18 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "gp3.exe",
-                "gp4.exe",
-                "gp5.exe"
+                "UltraViewer_Service.exe",
+                "UltraViewer_setup*",
+                "UltraViewer_Desktop.exe",
+                "ultraviewer.exe",
+                "C:\\Program Files (x86)\\UltraViewer\\UltraViewer_Desktop.exe",
+                "*\\UltraViewer\\",
+                "*\\UltraViewer_Desktop.exe",
+                "ultraviewer_desktop.exe",
+                "ultraviewer_service.exe",
+                "UltraViewer_Desktop.exe",
+                "UltraViewer_setup*",
+                "UltraViewer_Service.exe"
             ]
         },
         "Artifacts": {
@@ -12849,9 +13064,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.gatherplace.com",
-                        "*.gatherplace.net",
-                        "gatherplace.com"
+                        "* .ultraviewer.net",
+                        "ultraviewer.net"
                     ],
                     "Ports": []
                 }
@@ -12859,22 +13073,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_network_sigma.yml",
-                "Description": "Detects potential network activity of GatherPlace-desktop sharing RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_network_sigma.yml",
+                "Description": "Detects potential network activity of UltraViewer RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_processes_sigma.yml",
-                "Description": "Detects potential processes activity of GatherPlace-desktop sharing RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_processes_sigma.yml",
+                "Description": "Detects potential processes activity of UltraViewer RMM tool"
             }
         ],
         "References": [
-            "https://www.gatherplace.com/kb?id=136377"
+            "https://www.ultraviewer.net/en/200000026-summary-of-ultraviewer-s-security-information.html"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Electric",
-        "Description": "Electric is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ManageEngine",
+        "Description": "ManageEngine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -12891,37 +13105,35 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "InstallShield Setup.exe",
+                "ManageEngine_Remote_Access_Plus.exe",
+                "*\\dcagentservice.exe",
+                "C:\\Program Files (x86)\\DesktopCentral_Agent\\bin\\*",
+                "*\\DesktopCentral_Agent\\bin\\*"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "electric.ai"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml",
-                "Description": "Detects potential network activity of Electric RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ManageEngine RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Site24x7",
-        "Description": "Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Anyplace Control",
+        "Description": "Anyplace Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/13/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12936,10 +13148,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "MEAgentHelper.exe",
-                "MonitoringAgent.exe",
-                "Site24x7WindowsAgentTrayIcon.exe",
-                "Site24x7PluginAgent.exe"
+                "apc_host.exe"
             ]
         },
         "Artifacts": {
@@ -12950,12 +13159,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "plus*.site24x7.com",
-                        "plus*.site24x7.eu",
-                        "plus*.site24x7.in",
-                        "plus*.site24x7.cn",
-                        "plus*.site24x7.net.au",
-                        "site24x7.com/msp"
+                        "anyplace-control.com"
                     ],
                     "Ports": []
                 }
@@ -12963,25 +13167,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_network_sigma.yml",
-                "Description": "Detects potential network activity of Site24x7 RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_network_sigma.yml",
+                "Description": "Detects potential network activity of Anyplace Control RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Site24x7 RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Anyplace Control RMM tool"
             }
         ],
         "References": [
-            "https://support.site24x7.com/portal/en/kb/articles/which-ports-do-i-need-to-allow-access-in-my-firewall-to-use-site24x7-agent"
+            "http://www.anyplace-control.com/anyplace-control/help/faq.htm"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "MeshCentral",
-        "Description": "MeshCentral is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Microsoft Quick Assist",
+        "Description": "Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -12996,8 +13200,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "meshcentral*.exe",
-                "mesh*.exe"
+                "quickassist.exe"
             ]
         },
         "Artifacts": {
@@ -13008,8 +13211,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "meshcentral.com"
+                        "user_managed"
                     ],
                     "Ports": []
                 }
@@ -13017,25 +13219,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_network_sigma.yml",
-                "Description": "Detects potential network activity of MeshCentral RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_network_sigma.yml",
+                "Description": "Detects potential network activity of Microsoft Quick Assist RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_processes_sigma.yml",
-                "Description": "Detects potential processes activity of MeshCentral RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Microsoft Quick Assist RMM tool"
             }
         ],
         "References": [
-            "https://ylianst.github.io/MeshCentral/meshcentral/"
+            "https://support.microsoft.com/en-us/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "MSP360",
-        "Description": "MSP360 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CrossLoop",
+        "Description": "CrossLoop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13050,17 +13252,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "Online Backup.exe",
-                "CBBackupPlan.exe",
-                "Cloud.Backup.Scheduler.exe",
-                "Cloud.Backup.RM.Service.exe",
-                "cbb.exe",
-                "CloudRaService.exe",
-                "CloudRaSd.exe",
-                "CloudRaCmd.exe",
-                "CloudRaUtilities.exe",
-                "Remote Desktop.exe",
-                "Connect.exe"
+                "crossloopservice.exe",
+                "CrossLoopConnect.exe",
+                "WinVNCStub.exe"
             ]
         },
         "Artifacts": {
@@ -13071,10 +13265,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.cloudberrylab.com",
-                        "*.msp360.com",
-                        "*.mspbackups.com",
-                        "msp360.com"
+                        "*.crossloop.com",
+                        "crossloop.en.softonic.com"
                     ],
                     "Ports": []
                 }
@@ -13082,100 +13274,51 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_network_sigma.yml",
-                "Description": "Detects potential network activity of MSP360 RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crossloop_network_sigma.yml",
+                "Description": "Detects potential network activity of CrossLoop RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_processes_sigma.yml",
-                "Description": "Detects potential processes activity of MSP360 RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crossloop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of CrossLoop RMM tool"
             }
         ],
         "References": [
-            "https://kb.msp360.com/managed-backup-service/mbs-tcp-ports-configuration#"
+            "www.CrossLoop.com -> redirects to avast.com"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "ScreenConnect",
-        "Description": "ScreenConnect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "Ali Alwashali, Nasreddine Bencherchali",
-        "Created": "2023-10-01",
-        "LastModified": "2024-08-03",
+        "Name": "247ithelp.com (ConnectWise)",
+        "Description": "247ithelp.com (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "2/8/2024",
         "Details": {
-            "Website": "https://www.connectwise.com",
-            "PEMetadata": [
-                {
-                    "Filename": "",
-                    "OriginalFileName": "",
-                    "Description": ""
-                }
-            ],
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
             "Privileges": "",
-            "Free": "14-Days Free Trial",
+            "Free": "",
             "Verification": "",
-            "SupportedOS": [
-                "Android",
-                "IOS",
-                "Linux",
-                "Mac",
-                "Windows"
-            ],
-            "Capabilities": [
-                "Command Line Support",
-                "File Transfer",
-                "Install Windows updates",
-                "Receive notification when user performs a predefined event",
-                "Remote Command Line",
-                "Remote Control",
-                "Sound Capture",
-                "Start / Stop services",
-                "View event logs"
-            ],
+            "SupportedOS": [],
+            "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\ScreenConnect Client (Random)\\ScreenConnect.ClientService.exe",
-                "Remote Workforce Client.exe",
-                "*\\*\\ScreenConnect.ClientService.exe",
-                "C:\\Program Files (x86)\\ScreenConnect Client (<string ID>)\\*",
-                "*\\ScreenConnect Client*\\*",
-                "*\\*\\ScreenConnect.WindowsClient.exe",
-                "screenconnect*.exe",
-                "screenconnect.windowsclient.exe",
-                "Remote Workforce Client.exe",
-                "screenconnect*.exe",
-                "ConnectWiseControl*.exe",
-                "connectwise*.exe",
-                "screenconnect.windowsclient.exe",
-                "screenconnect.clientservice.exe"
+                "Remote Workforce Client.exe"
             ]
         },
         "Artifacts": {
-            "Disk": [
-                {
-                    "File": "C:\\Program Files*\\ScreenConnect\\App_Data\\Session.db",
-                    "Description": "ScreenConnect session database",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Program Files*\\ScreenConnect\\App_Data\\User.xml",
-                    "Description": "ScreenConnect user configuration",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\ProgramData\\ScreenConnect Client*\\user.config",
-                    "Description": "ScreenConnect client user configuration",
-                    "OS": "Windows"
-                }
-            ],
+            "Disk": [],
             "EventLog": [],
             "Registry": [],
             "Network": [
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "control.connectwise.com",
-                        "*.connectwise.com",
-                        "*.screenconnect.com"
+                        "*.247ithelp.com"
                     ],
                     "Ports": []
                 }
@@ -13183,29 +13326,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_network_sigma.yml",
-                "Description": "Detects potential network activity of ScreenConnect RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_files_sigma.yml",
-                "Description": "Detects potential files activity of ScreenConnect RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/247ithelp.com__connectwise__network_sigma.yml",
+                "Description": "Detects potential network activity of 247ithelp.com (ConnectWise) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ScreenConnect RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/247ithelp.com__connectwise__processes_sigma.yml",
+                "Description": "Detects potential processes activity of 247ithelp.com (ConnectWise) RMM tool"
             }
         ],
         "References": [
-            "https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/"
+            "Similar / replaced by ScreenConnect"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Microsoft TSC",
-        "Description": "Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Quick Assist",
+        "Description": "Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13220,7 +13359,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "termsrv.exe"
+                "quickassist.exe"
             ]
         },
         "Artifacts": {
@@ -13231,21 +13370,60 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Microsoft TSC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Quick Assist RMM tool"
             }
         ],
-        "References": [
-            "https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application"
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "GoodSync",
+        "Description": "GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "installation requires paid version of GoodSync Server",
+                "installation requires paid version of GoodSync Server",
+                "GoodSync-vsub-Setup.exe",
+                "A40B81B36CDC2D24910FC58816E50DCDE21BD1A9"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goodsync_processes_sigma.yml",
+                "Description": "Detects potential processes activity of GoodSync RMM tool"
+            }
         ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Tanium",
-        "Description": "Tanium is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FastViewer",
+        "Description": "FastViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13260,11 +13438,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "TaniumClient.exe",
-                "TaniumCX.exe",
-                "TaniumExecWrapper.exe",
-                "TaniumFileInfo.exe",
-                "TPowerShell.exe"
+                "fastclient.exe",
+                "fastmaster.exe",
+                "FastViewer.exe"
             ]
         },
         "Artifacts": {
@@ -13275,8 +13451,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "cloud.tanium.com",
-                        "*.cloud.tanium.com"
+                        "*.fastviewer.com",
+                        "fastviewer.com"
                     ],
                     "Ports": []
                 }
@@ -13284,22 +13460,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_network_sigma.yml",
-                "Description": "Detects potential network activity of Tanium RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_network_sigma.yml",
+                "Description": "Detects potential network activity of FastViewer RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Tanium RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_processes_sigma.yml",
+                "Description": "Detects potential processes activity of FastViewer RMM tool"
             }
         ],
         "References": [
-            "https://help.tanium.com/bundle/ug_client_cloud/page/client/platform_connections.html"
+            "https://fastviewer.com/demo/EN_FastViewer_Server%20Installation%20Configuration.pdf"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Ultra VNC",
-        "Description": "Ultra VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SmarTTY",
+        "Description": "SmarTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -13317,11 +13493,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\uvnc bvba\\UltraVNC\\*",
-                "*\\uvnc bvba\\UltraVNC\\*",
-                "*\\UVNC_Launch.exe",
-                "*\\winvnc.exe",
-                "*\\vncviewer.exe"
+                "c:\\Program Files (x86)\\Sysprogs\\SmarTTY\\*",
+                "*\\Sysprogs\\SmarTTY\\*",
+                "*\\SmarTTY.exe"
             ]
         },
         "Artifacts": {
@@ -13332,19 +13506,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultra_vnc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Ultra VNC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/smartty_processes_sigma.yml",
+                "Description": "Detects potential processes activity of SmarTTY RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Remote Manipulator System",
-        "Description": "Remote Manipulator System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ConnectWise Control",
+        "Description": "ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13359,8 +13533,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "rfusclient.exe",
-                "rutserv.exe"
+                "screenconnect.clientservice.exe",
+                "connectwisecontrol.client.exe",
+                "screenconnect.windowsclient.exe",
+                "connectwisechat-customer.exe"
             ]
         },
         "Artifacts": {
@@ -13371,8 +13547,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.internetid.ru",
-                        "rmansys.ru"
+                        "live.screenconnect.com",
+                        "control.connectwise.com"
                     ],
                     "Ports": []
                 }
@@ -13380,25 +13556,63 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_network_sigma.yml",
-                "Description": "Detects potential network activity of Remote Manipulator System RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml",
+                "Description": "Detects potential network activity of ConnectWise Control RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Remote Manipulator System RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ConnectWise Control RMM tool"
             }
         ],
-        "References": [
-            "https://rmansys.ru/files/"
+        "References": [],
+        "Acknowledgement": []
+    },
+    {
+        "Name": "CloudBuckIt",
+        "Description": "CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
+        "Details": {
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
+            "Vulnerabilities": [],
+            "InstallationPaths": [
+                "C:\\Program Files (x86)\\CloudBuckIt\\*",
+                "*\\CloudBuckIt\\*",
+                "*\\CloudBuckIt*.exe"
+            ]
+        },
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudbuckit_processes_sigma.yml",
+                "Description": "Detects potential processes activity of CloudBuckIt RMM tool"
+            }
         ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Domotz",
-        "Description": "Domotz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "OptiTune",
+        "Description": "OptiTune is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13413,12 +13627,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "domotz.exe",
-                "Domotz Pro Desktop App.exe",
-                "domotz_bash.exe",
-                "domotz*.exe",
-                "Domotz Pro Desktop App Setup*.exe",
-                "domotz-windows*.exe"
+                "OTService.exe",
+                "OTPowerShell.exe"
             ]
         },
         "Artifacts": {
@@ -13429,9 +13639,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.domotz.co",
-                        "domotz.com",
-                        "*cell-1.domotz.com"
+                        "*.optitune.us",
+                        "*.opti-tune.com"
                     ],
                     "Ports": []
                 }
@@ -13439,25 +13648,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_network_sigma.yml",
-                "Description": "Detects potential network activity of Domotz RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/optitune_network_sigma.yml",
+                "Description": "Detects potential network activity of OptiTune RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Domotz RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/optitune_processes_sigma.yml",
+                "Description": "Detects potential processes activity of OptiTune RMM tool"
             }
         ],
         "References": [
-            "https://help.domotz.com/tips-tricks/unblock-outgoing-connections-on-firewall/"
+            "https://www.bravurasoftware.com/optitune/support/faq.aspx"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "FixMe",
-        "Description": "FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Visual Studio Dev Tunnel",
+        "Description": "Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13471,14 +13680,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "FixMeit Client.exe",
-                "TiExpertStandalone.exe",
-                "FixMeitClient*.exe",
-                "TiExpertCore.exe",
-                "FixMeit Unattended Access Setup.exe",
-                "FixMeit Expert Setup.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -13488,7 +13690,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "fixme.it"
+                        "global.rel.tunnels.api.visualstudio.com",
+                        "*.rel.tunnels.api.visualstudio.com",
+                        "*.devtunnels.ms"
                     ],
                     "Ports": []
                 }
@@ -13496,20 +13700,18 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_network_sigma.yml",
-                "Description": "Detects potential network activity of FixMe RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml",
-                "Description": "Detects potential processes activity of FixMe RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/visual_studio_dev_tunnel_network_sigma.yml",
+                "Description": "Detects potential network activity of Visual Studio Dev Tunnel RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/security"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "rclone",
-        "Description": "rclone is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Devolutions Remote Desktop Manager",
+        "Description": "Devolutions Remote Desktop Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -13526,12 +13728,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "portable tool. No install path",
-                "portable tool. No install path",
-                "rclone*.zip",
-                "*\\rclone.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -13539,21 +13736,16 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rclone_processes_sigma.yml",
-                "Description": "Detects potential processes activity of rclone RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Tanium Deploy",
-        "Description": "Tanium Deploy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Sorillus",
+        "Description": "Sorillus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13567,7 +13759,10 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "Sorillus-Launcher*.exe",
+                "Sorillus Launcher.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -13577,7 +13772,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "tanium.com/products/tanium-deploy"
+                        "*.sorillus.com",
+                        "sorillus.com"
                     ],
                     "Ports": []
                 }
@@ -13585,19 +13781,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_deploy_network_sigma.yml",
-                "Description": "Detects potential network activity of Tanium Deploy RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_network_sigma.yml",
+                "Description": "Detects potential network activity of Sorillus RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Sorillus RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://sorillus.com/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "N-ABLE Remote Access Software",
-        "Description": "N-ABLE Remote Access Software is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "BeInSync",
+        "Description": "BeInSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13611,7 +13813,9 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "Beinsync*.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -13621,7 +13825,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "n-able.com"
+                        "*.beinsync.net",
+                        "*.beinsync.com"
                     ],
                     "Ports": []
                 }
@@ -13629,16 +13834,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_remote_access_software_network_sigma.yml",
-                "Description": "Detects potential network activity of N-ABLE Remote Access Software RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_network_sigma.yml",
+                "Description": "Detects potential network activity of BeInSync RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_processes_sigma.yml",
+                "Description": "Detects potential processes activity of BeInSync RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://en.wikipedia.org/wiki/Phoenix_Technologies"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Quick Assist",
-        "Description": "Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Free Tools Launcher",
+        "Description": "Free Tools Launcher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -13656,153 +13867,26 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "quickassist.exe"
+                "C:\\Program Files\\ManageEngine\\ManageEngine Free Tools\\Launcher\\*",
+                "*\\ManageEngine\\*"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.support.services.microsoft.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_network_sigma.yml",
-                "Description": "Detects potential network activity of Quick Assist RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Quick Assist RMM tool"
-            }
-        ],
+        "Detections": [],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "AnyViewer",
-        "Description": "AnyViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
-        "Author": "@kostastsale",
-        "Created": "2024-08-03",
-        "LastModified": "2024-08-03",
-        "Details": {
-            "Website": "https://www.anyviewer.com/",
-            "PEMetadata": [
-                {
-                    "Filename": "AnyViewer.exe",
-                    "OriginalFileName": "AnyViewer",
-                    "Description": "Splash Window"
-                },
-                {
-                    "Filename": "RCClient.exe",
-                    "OriginalFileName": "RCClient.exe",
-                    "Description": "AnyViewer Core"
-                },
-                {
-                    "Filename": "ScreanCap.exe",
-                    "Description": "Screan capture"
-                },
-                {
-                    "Filename": "AVCore.exe"
-                },
-                {
-                    "Filename": "RCService.exe"
-                }
-            ],
-            "Privileges": "System",
-            "Free": "up to 10 devices",
-            "Verification": "None",
-            "SupportedOS": [
-                "Windows"
-            ],
-            "Capabilities": [
-                "Remote desktop",
-                "Remote file transfer",
-                "Remote monitoring and management",
-                "Remote shell open"
-            ],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\AnyViewer\\*"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [
-                {
-                    "EventID": 4688,
-                    "ProviderName": "Microsoft-Security-Auditing",
-                    "LogFile": "Security.evtx",
-                    "CommandLine": "\"C:\\\\Program Files (x86)\\\\AnyViewer\\\\AVCore.exe\" -d",
-                    "Description": "Taking actions on the remote machine such as opening a command prompt."
-                },
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "RCService",
-                    "ImagePath": "C:\\\\Program Files (x86)\\\\AnyViewer\\\\RCService.exe",
-                    "Description": "AnyViewer service installation service."
-                }
-            ],
-            "Registry": [],
-            "Network": [
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "*.anyviewer.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "*.aomeisoftware.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                }
-            ]
-        },
-        "Detections": [
-            {
-                "Name": "Arbitrary code execution and remote sessions via Action1 RMM",
-                "Description": "Threat hunting rule for detecting the execution of arbitrary code and remote sessions via Action1 RMM",
-                "author": "@kostastsale",
-                "Link": "https://github.com/tsale/Sigma_rules/blob/main/Threat%20Hunting%20Queries/Anyviewer.yml"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyviewer_network_sigma.yml",
-                "Description": "Detects potential network activity of AnyViewer RMM tool"
-            }
-        ],
-        "References": [
-            "https://www.anyviewer.com/how-to/how-to-open-firewall-ports-for-remote-desktop-0427-gc.html",
-            "https://www.anyviewer.com/help/remote-technical-support.html"
-        ],
-        "Acknowledgement": [
-            {
-                "Person": "Kostas",
-                "Handle": "@kostastsale"
-            }
-        ]
-    },
-    {
-        "Name": "Naverisk",
-        "Description": "Naverisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Centurion",
+        "Description": "Centurion is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13817,7 +13901,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "AgentSetup-*.exe"
+                "ctiserv.exe"
             ]
         },
         "Artifacts": {
@@ -13828,8 +13912,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "naverisk.com"
+                        "centuriontech.com"
                     ],
                     "Ports": []
                 }
@@ -13837,25 +13920,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/naverisk_network_sigma.yml",
-                "Description": "Detects potential network activity of Naverisk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centurion_network_sigma.yml",
+                "Description": "Detects potential network activity of Centurion RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/naverisk_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Naverisk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centurion_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Centurion RMM tool"
             }
         ],
         "References": [
-            "http://kb.naverisk.com/en/articles/2811223-deploying-naverisk-agents"
+            "https://data443.atlassian.net/servicedesk/customer/portal/20"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Addigy",
-        "Description": "Addigy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "DriveMaker",
+        "Description": "DriveMaker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/27/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -13870,208 +13953,65 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "addigy-*.pkg"
+                "C:\\*\\DriveMaker.exe",
+                "*\\DriveMaker.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "prod.addigy.com",
-                        "grtmprod.addigy.com",
-                        "agents.addigy.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/addigy_network_sigma.yml",
-                "Description": "Detects potential network activity of Addigy RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/drivemaker_processes_sigma.yml",
+                "Description": "Detects potential processes activity of DriveMaker RMM tool"
             }
         ],
-        "References": [
-            "https://addigy.com/"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Action1",
-        "Description": "Action1 is a powerful Remote Monitoring and Management(RMM) tool that enables users to execute commands, scripts, and binaries. \nThrough the web interface of action1, the administrator must create a new policy or an app to establish remote execution and then points that the agent is installed.\n",
-        "Author": "@kostastsale",
-        "Created": "2024-08-03",
-        "LastModified": "2024-08-03",
+        "Name": "SmartCode Web VNC",
+        "Description": "SmartCode Web VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Author": "",
+        "Created": "",
+        "LastModified": "",
         "Details": {
-            "Website": "https://www.action1.com/",
-            "PEMetadata": [
-                {
-                    "Filename": "action1_connector.exe"
-                },
-                {
-                    "Filename": "action1_remote.exe"
-                },
-                {
-                    "Filename": "action1_update.exe"
-                },
-                {
-                    "Filename": "action1_agent.exe",
-                    "OriginalFileName": "action1_agent.exe",
-                    "Description": "Endpoint Agent"
-                }
-            ],
-            "Privileges": "SYSTEM",
-            "Free": "Yes",
-            "Verification": "Corporate email required although temporary email services are accepted",
-            "SupportedOS": [
-                "Windows"
-            ],
-            "Capabilities": [
-                "Backup and disaster recovery",
-                "Billing and invoicing",
-                "Customer portal",
-                "HelpDesk and ticketing",
-                "Mobile app",
-                "Network discovery",
-                "Patch management",
-                "Remote monitoring and management",
-                "Reporting and analytics"
-            ],
+            "Website": "",
+            "PEMetadata": {
+                "Filename": "",
+                "OriginalFileName": "",
+                "Description": ""
+            },
+            "Privileges": "",
+            "Free": "",
+            "Verification": "",
+            "SupportedOS": [],
+            "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Windows\\Action1\\*"
+                "C:\\Program Files\\TightVNC\\*",
+                "*\\TightVNC\\*"
             ]
         },
         "Artifacts": {
-            "Disk": [
-                {
-                    "File": "C:\\Windows\\Action1\\action1_agent.exe",
-                    "Description": "Action1 service binary",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Windows\\Action1\\*",
-                    "Description": "Multiple files and binaries related to Action1 installation",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Windows\\Action1\\scripts\\*",
-                    "Description": "Multiple scripts related to Action1 installation",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Windows\\Action1\\rule_data\\*",
-                    "Description": "Files related to Action1 rules",
-                    "OS": "Windows"
-                },
-                {
-                    "File": "C:\\Windows\\Action1\\action1_log_*.log",
-                    "Description": "Contains history, errors, system notifications. Incoming and outgoing connections.",
-                    "OS": "Windows"
-                }
-            ],
-            "EventLog": [
-                {
-                    "EventID": 7045,
-                    "ProviderName": "Service Control Manager",
-                    "LogFile": "System.evtx",
-                    "ServiceName": "Action1 Agent",
-                    "ImagePath": "\"C:\\\\Windows\\\\Action1\\\\action1_agent.exe\"",
-                    "Description": "Service installation event as result of Action1 installation."
-                },
-                {
-                    "EventID": 4688,
-                    "ProviderName": "Microsoft-Security-Auditing",
-                    "LogFile": "Security.evtx",
-                    "CommandLine": "C:\\Windows\\Action1\\action1_agent.exe service",
-                    "Description": "Service installation event as result of Action1 installation."
-                },
-                {
-                    "EventID": 4688,
-                    "ProviderName": "Microsoft-Security-Auditing",
-                    "LogFile": "Security.evtx",
-                    "CommandLine": "C:\\Windows\\Action1\\action1_agent.exe loggedonuser",
-                    "Description": "Executing command to get logged on user."
-                }
-            ],
-            "Registry": [
-                {
-                    "Path": "HKLM\\System\\CurrentControlSet\\Services\\A1Agent",
-                    "Description": "Service installation event as result of Action1 installation."
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps\\action1_agent.exe",
-                    "Description": "Ensures that detailed crash information is available for analysis, which aids in maintaining the stability and reliability of the software."
-                },
-                {
-                    "Path": "HKLM\\SOFTWARE\\WOW6432Node\\Action1",
-                    "Description": "Storing its configuration settings and other relevant information"
-                }
-            ],
-            "Network": [
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "*.action1.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                },
-                {
-                    "Description": "N/A",
-                    "Domains": [
-                        "a1-backend-packages.s3.amazonaws.com"
-                    ],
-                    "Ports": [
-                        443
-                    ]
-                }
-            ]
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
         },
-        "Detections": [
-            {
-                "Name": "Arbitrary code execution and remote sessions via Action1 RMM",
-                "Description": "Threat hunting rule for detecting the execution of arbitrary code and remote sessions via Action1 RMM",
-                "author": "@kostastsale",
-                "Link": "https://github.com/tsale/Sigma_rules/blob/ea87e4fc851207ca0f002ec043624f2b3bf1b2da/Threat%20Hunting%20Queries/Action1_RMM.yml"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_registry_sigma.yml",
-                "Description": "Detects potential registry activity of Action1 RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_network_sigma.yml",
-                "Description": "Detects potential network activity of Action1 RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/action1_files_sigma.yml",
-                "Description": "Detects potential files activity of Action1 RMM tool"
-            }
-        ],
-        "References": [
-            "https://www.action1.com/documentation/firewall-configuration/",
-            "https://www.action1.com/documentation/",
-            "https://twitter.com/Kostastsale/status/1646256901506605063?s=20",
-            "https://ruler-project.github.io/ruler-project/RULER/remote/Action1/"
-        ],
-        "Acknowledgement": [
-            {
-                "Person": "Kostas",
-                "Handle": "@kostastsale"
-            }
-        ]
+        "Detections": [],
+        "References": [],
+        "Acknowledgement": []
     },
     {
-        "Name": "AliWangWang-remote-control",
-        "Description": "AliWangWang-remote-control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "TightVNC",
+        "Description": "TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14086,7 +14026,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "alitask.exe"
+                "tvnviewer.exe",
+                "TightVNCViewerPortable*.exe",
+                "tvnserver.exe"
             ]
         },
         "Artifacts": {
@@ -14097,7 +14039,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "wangwang.taobao.com"
+                        "user_managed",
+                        "tightvnc.com"
                     ],
                     "Ports": []
                 }
@@ -14105,22 +14048,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aliwangwang-remote-control_network_sigma.yml",
-                "Description": "Detects potential network activity of AliWangWang-remote-control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_network_sigma.yml",
+                "Description": "Detects potential network activity of TightVNC RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aliwangwang-remote-control_processes_sigma.yml",
-                "Description": "Detects potential processes activity of AliWangWang-remote-control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of TightVNC RMM tool"
             }
         ],
         "References": [
-            "https://github.com/KKomarov/AliWangWangEng/blob/master/chs.locale"
+            "https://www.tightvnc.com/doc/win/TightVNC_for_Windows-Installation_and_Getting_Started.pdf"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "FreeRDP",
-        "Description": "FreeRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Free Ping Tool",
+        "Description": "Free Ping Tool is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -14137,7 +14080,10 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "can't find this one",
+                "can't find this one"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -14150,11 +14096,11 @@
         "Acknowledgement": []
     },
     {
-        "Name": "MioNet (Also known as WD Anywhere Access)",
-        "Description": "MioNet (Also known as WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Parallels Access",
+        "Description": "Parallels Access is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14169,65 +14115,160 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "mionet.exe",
-                "mionetmanager.exe"
+                "parallelsaccess-*.exe",
+                "TSClient.exe",
+                "prl_deskctl_agent.exe",
+                "prl_deskctl_wizard.exe",
+                "prl_pm_service.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.parallels.com",
+                        "parallels.com/products/ras/try"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mionet__also_known_as_wd_anywhere_access__processes_sigma.yml",
-                "Description": "Detects potential processes activity of MioNet (Also known as WD Anywhere Access) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_network_sigma.yml",
+                "Description": "Detects potential network activity of Parallels Access RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Parallels Access RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://kb.parallels.com/en/129097"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "SmartCode Web VNC",
-        "Description": "SmartCode Web VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
+        "Name": "AnyViewer",
+        "Description": "AnyViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
+        "Author": "@kostastsale",
+        "Created": "2024-08-03",
+        "LastModified": "2024-08-03",
         "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
+            "Website": "https://www.anyviewer.com/",
+            "PEMetadata": [
+                {
+                    "Filename": "AnyViewer.exe",
+                    "OriginalFileName": "AnyViewer",
+                    "Description": "Splash Window"
+                },
+                {
+                    "Filename": "RCClient.exe",
+                    "OriginalFileName": "RCClient.exe",
+                    "Description": "AnyViewer Core"
+                },
+                {
+                    "Filename": "ScreanCap.exe",
+                    "Description": "Screan capture"
+                },
+                {
+                    "Filename": "AVCore.exe"
+                },
+                {
+                    "Filename": "RCService.exe"
+                }
+            ],
+            "Privileges": "System",
+            "Free": "up to 10 devices",
+            "Verification": "None",
+            "SupportedOS": [
+                "Windows"
+            ],
+            "Capabilities": [
+                "Remote desktop",
+                "Remote file transfer",
+                "Remote monitoring and management",
+                "Remote shell open"
+            ],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\TightVNC\\*",
-                "*\\TightVNC\\*"
+                "C:\\Program Files (x86)\\AnyViewer\\*"
             ]
         },
         "Artifacts": {
             "Disk": [],
-            "EventLog": [],
+            "EventLog": [
+                {
+                    "EventID": 4688,
+                    "ProviderName": "Microsoft-Security-Auditing",
+                    "LogFile": "Security.evtx",
+                    "CommandLine": "\"C:\\\\Program Files (x86)\\\\AnyViewer\\\\AVCore.exe\" -d",
+                    "Description": "Taking actions on the remote machine such as opening a command prompt."
+                },
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "RCService",
+                    "ImagePath": "C:\\\\Program Files (x86)\\\\AnyViewer\\\\RCService.exe",
+                    "Description": "AnyViewer service installation service."
+                }
+            ],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "*.anyviewer.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "*.aomeisoftware.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
+        "Detections": [
+            {
+                "Name": "Arbitrary code execution and remote sessions via Action1 RMM",
+                "Description": "Threat hunting rule for detecting the execution of arbitrary code and remote sessions via Action1 RMM",
+                "author": "@kostastsale",
+                "Link": "https://github.com/tsale/Sigma_rules/blob/main/Threat%20Hunting%20Queries/Anyviewer.yml"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyviewer_network_sigma.yml",
+                "Description": "Detects potential network activity of AnyViewer RMM tool"
+            }
+        ],
+        "References": [
+            "https://www.anyviewer.com/how-to/how-to-open-firewall-ports-for-remote-desktop-0427-gc.html",
+            "https://www.anyviewer.com/help/remote-technical-support.html"
+        ],
+        "Acknowledgement": [
+            {
+                "Person": "Kostas",
+                "Handle": "@kostastsale"
+            }
+        ]
     },
     {
-        "Name": "Onionshare",
-        "Description": "Onionshare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "LANDesk",
+        "Description": "LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14242,30 +14283,52 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\OnionShare\\*",
-                "*\\OnionShare\\*",
-                "*\\onionshare*.exe",
-                "OnionShare-win*.msi"
+                "issuser.exe",
+                "landeskagentbootstrap.exe",
+                "LANDeskPortalManager.exe",
+                "ldinv32.exe",
+                "ldsensors.exe",
+                "C:\\Program Files (x86)\\LANDesk\\*",
+                "*\\LANDesk\\*",
+                "*\\issuser.exe",
+                "*\\softmon.exe",
+                "*\\tmcsvc.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.ivanticloud.com",
+                        "*.ivanti.com",
+                        "ivanti.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/onionshare_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Onionshare RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_network_sigma.yml",
+                "Description": "Detects potential network activity of LANDesk RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_processes_sigma.yml",
+                "Description": "Detects potential processes activity of LANDesk RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://forums.ivanti.com/s/article/URL-exception-list-for-Ivanti-Security-Controls?language=en_US"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Air Live Drive",
-        "Description": "Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Datto",
+        "Description": "Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -14282,33 +14345,37 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files\\AirLiveDrive\\*",
-                "*\\AirLiveDrive\\*",
-                "*\\AirLiveDrive.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "datto.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_live_drive_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Air Live Drive RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/datto_network_sigma.yml",
+                "Description": "Detects potential network activity of Datto RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Rocket Remote Desktop",
-        "Description": "Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ngrok",
+        "Description": "ngrok is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14323,31 +14390,47 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "RDConsole.exe",
-                "RocketRemoteDesktop_Setup.exe"
+                "ngrok.exe",
+                "C:\\*\\ngrok.zip",
+                "*\\ngrok*"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "user_managed",
+                        "ngrok.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rocket_remote_desktop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Rocket Remote Desktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_network_sigma.yml",
+                "Description": "Detects potential network activity of ngrok RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ngrok RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://ngrok.com/docs/guides/running-behind-firewalls/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "WebRDP",
-        "Description": "WebRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Chrome Remote Desktop",
+        "Description": "Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14362,7 +14445,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "webrdp.exe"
+                "remote_host.exe",
+                "remoting_host.exe",
+                "C:\\Program Files (x86)\\Google\\Chrome Remote Desktop\\*",
+                "*\\Google\\Chrome Remote Desktop\\*",
+                "*\\remoting_host.exe"
             ]
         },
         "Artifacts": {
@@ -14373,8 +14460,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "github.com/Mikej81/WebRDP"
+                        "*remotedesktop-pa.googleapis.com",
+                        "*remotedesktop.google.com",
+                        "remotedesktop.google.com"
                     ],
                     "Ports": []
                 }
@@ -14382,22 +14470,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_network_sigma.yml",
-                "Description": "Detects potential network activity of WebRDP RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml",
+                "Description": "Detects potential network activity of Chrome Remote Desktop RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of WebRDP RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Chrome Remote Desktop RMM tool"
             }
         ],
         "References": [
-            "github.com/Mikej81/WebRDP"
+            "https://support.google.com/chrome/a/answer/2799701?hl=en"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "BeyondTrust",
-        "Description": "BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "PuTTY",
+        "Description": "PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -14427,11 +14515,11 @@
         "Acknowledgement": []
     },
     {
-        "Name": "SuperOps",
-        "Description": "SuperOps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Google Drive",
+        "Description": "Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14446,46 +14534,31 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "superopsticket.exe",
-                "superops.exe"
+                "C:\\Program Files\\Google\\Drive File Stream\\*",
+                "*\\Google\\Drive File Stream\\*",
+                "*Users\\*\\AppData\\*\\Google\\DriveFS*",
+                "G:\\My Drive*",
+                "*\\GoogleDriveFS.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.superopsbeta.com",
-                        "superops.ai",
-                        "serv.superopsalpha.com",
-                        "*.superops.ai",
-                        "*.superopsalpha.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superops_network_sigma.yml",
-                "Description": "Detects potential network activity of SuperOps RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superops_processes_sigma.yml",
-                "Description": "Detects potential processes activity of SuperOps RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/google_drive_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Google Drive RMM tool"
             }
         ],
-        "References": [
-            "https://support.superops.com/en/articles/6632028-how-to-download-and-deploy-the-agent"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "RemotePass",
-        "Description": "RemotePass is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SysAid",
+        "Description": "SysAid is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -14503,43 +14576,30 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "remotepass-access.exe",
-                "rpaccess.exe",
-                "rpwhostscr.exe"
+                "C:\\Program Files\\SysAidServer\\*",
+                "*\\SysAidServer\\*",
+                "*\\SysAid\\*",
+                "*\\IliAS.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "remotepass.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepass_network_sigma.yml",
-                "Description": "Detects potential network activity of RemotePass RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepass_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RemotePass RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sysaid_processes_sigma.yml",
+                "Description": "Detects potential processes activity of SysAid RMM tool"
             }
         ],
-        "References": [
-            "https://www.remotepass.com/rpaccess.html - DOA as of 2024"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Itarian",
-        "Description": "Itarian is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ITSupport247 (ConnectWise)",
+        "Description": "ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/8/2024",
@@ -14557,16 +14617,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ITSMAgent.exe",
-                "RViewer.exe",
-                "ItsmRsp.exe",
-                "RAccess.exe",
-                "RmmService.exe",
-                "ITarianRemoteAccessSetup.exe",
-                "RDesktop.exe",
-                "ComodoRemoteControl.exe",
-                "ITSMService.exe",
-                "RHost.exe"
+                "saazapsc.exe"
             ]
         },
         "Artifacts": {
@@ -14577,11 +14628,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "mdmsupport.comodo.com",
-                        "*.itsm-us1.comodo.com",
-                        "*.cmdm.comodo.com",
-                        "remoteaccess.itarian.com",
-                        "servicedesk.itarian.com"
+                        "*.itsupport247.net"
                     ],
                     "Ports": []
                 }
@@ -14589,25 +14636,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itarian_network_sigma.yml",
-                "Description": "Detects potential network activity of Itarian RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__network_sigma.yml",
+                "Description": "Detects potential network activity of ITSupport247 (ConnectWise) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itarian_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Itarian RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__processes_sigma.yml",
+                "Description": "Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool"
             }
         ],
         "References": [
-            "https://help.itarian.com/topic-459-1-1005-14776-Appendix-1b---Endpoint-Manager-Services---IP-Nos,-Host-Names-and-Port-Details---US-Customers.html"
+            "https://control.itsupport247.net/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "PSEXEC",
-        "Description": "PSEXEC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Cloud Explorer",
+        "Description": "Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14621,46 +14668,24 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "psexec.exe",
-                "psexecsvc.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec_network_sigma.yml",
-                "Description": "Detects potential network activity of PSEXEC RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec_processes_sigma.yml",
-                "Description": "Detects potential processes activity of PSEXEC RMM tool"
-            }
-        ],
-        "References": [
-            "https://learn.microsoft.com/en-us/sysinternals/downloads/psexec"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Level.io",
-        "Description": "Level.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ZOC",
+        "Description": "ZOC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14675,47 +14700,32 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "level-windows-amd64.exe",
-                "level.exe",
-                "level-remote-control-ffmpeg.exe"
+                "C:\\Program Files\\ZOC8\\*",
+                "*\\ZOC?\\*",
+                "*\\zoc.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "level.io",
-                        "*.level.io"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_network_sigma.yml",
-                "Description": "Detects potential network activity of Level.io RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Level.io RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ZOC RMM tool"
             }
         ],
-        "References": [
-            "https://docs.level.io/1.0/admin-guides/troubleshooting-agent-issues"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "ezHelp",
-        "Description": "ezHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Cloudsfer",
+        "Description": "Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14729,48 +14739,24 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "ezhelpclientmanager.exe",
-                "ezHelpManager.exe",
-                "ezhelpclient.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.ezhelp.co.kr",
-                        "ezhelp.co.kr"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "InstallationPaths": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ezhelp_network_sigma.yml",
-                "Description": "Detects potential network activity of ezHelp RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ezhelp_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ezHelp RMM tool"
-            }
-        ],
-        "References": [
-            "https://www.exhelp.co.kr"
-        ],
+        "Artifacts": {
+            "Disk": [],
+            "EventLog": [],
+            "Registry": [],
+            "Network": []
+        },
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Kabuto",
-        "Description": "Kabuto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Pcvisit",
+        "Description": "Pcvisit is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14785,7 +14771,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "Kabuto.App.Runner.exe"
+                "pcvisit.exe",
+                "pcvisit_client.exe",
+                "pcvisit-easysupport.exe",
+                "pcvisit_service_client.exe"
             ]
         },
         "Artifacts": {
@@ -14796,8 +14785,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.kabuto.io",
-                        "repairtechsolutions.com/kabuto/"
+                        "*.pcvisit.de",
+                        "pcvisit.de"
                     ],
                     "Ports": []
                 }
@@ -14805,25 +14794,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kabuto_network_sigma.yml",
-                "Description": "Detects potential network activity of Kabuto RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_network_sigma.yml",
+                "Description": "Detects potential network activity of Pcvisit RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kabuto_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Kabuto RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Pcvisit RMM tool"
             }
         ],
         "References": [
-            "https://www.repairtechsolutions.com/documentation/kabuto/"
+            "https://www.pcvisit.de/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Synergy",
-        "Description": "Synergy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Instant Housecall",
+        "Description": "Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14837,7 +14826,12 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "hsloader.exe",
+                "ihcserver.exe",
+                "instanthousecall.exe",
+                "instanthousecall.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -14847,7 +14841,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed"
+                        "*.instanthousecall.com",
+                        "*.instanthousecall.net",
+                        "instanthousecall.com",
+                        "secure.instanthousecall.com"
                     ],
                     "Ports": []
                 }
@@ -14855,18 +14852,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/synergy_network_sigma.yml",
-                "Description": "Detects potential network activity of Synergy RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_network_sigma.yml",
+                "Description": "Detects potential network activity of Instant Housecall RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Instant Housecall RMM tool"
             }
         ],
         "References": [
-            "https://symless.com/synergy"
+            "https://instanthousecall.com/features/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "ConnectWise",
-        "Description": "ConnectWise is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "MioNet (Also known as WD Anywhere Access)",
+        "Description": "MioNet (Also known as WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -14884,8 +14885,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\ScreenConnect Client (<string ID>)\\*",
-                "*\\ScreenConnect*Client*\\*"
+                "mionet.exe",
+                "mionetmanager.exe"
             ]
         },
         "Artifacts": {
@@ -14894,16 +14895,21 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mionet__also_known_as_wd_anywhere_access__processes_sigma.yml",
+                "Description": "Detects potential processes activity of MioNet (Also known as WD Anywhere Access) RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "TigerVNC",
-        "Description": "TigerVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "rdp2tcp",
+        "Description": "rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -14918,252 +14924,46 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "tigervnc*.exe",
-                "winvnc4.exe",
-                "C:\\Program Files\\TightVNC\\*",
-                "*\\TightVNC\\*",
-                "*\\tvnserver.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed"
-                    ],
-                    "Ports": []
-                }
-            ]
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tigervnc_network_sigma.yml",
-                "Description": "Detects potential network activity of TigerVNC RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tigervnc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of TigerVNC RMM tool"
-            }
-        ],
-        "References": [
-            "https://github.com/TigerVNC/tigervnc/releases"
-        ],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "GoToMyPC",
-        "Description": "GoToMyPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
-        "Author": "Nasreddine Bencherchali",
-        "Created": "2024-08-05",
-        "LastModified": "2024-08-05",
-        "Details": {
-            "Website": "",
-            "PEMetadata": [
-                {
-                    "Filename": "AppCore.exe"
-                },
-                {
-                    "Filename": "g2comm.exe"
-                },
-                {
-                    "Filename": "g2file*.exe"
-                },
-                {
-                    "Filename": "g2fileh.exe"
-                },
-                {
-                    "Filename": "g2host.exe"
-                },
-                {
-                    "Filename": "g2m_download.exe"
-                },
-                {
-                    "Filename": "g2mainh.exe"
-                },
-                {
-                    "Filename": "G2MChat.exe"
-                },
-                {
-                    "Filename": "G2MCodecInstExtractor.exe"
-                },
-                {
-                    "Filename": "G2MComm.exe"
-                },
-                {
-                    "Filename": "G2MCoreInstExtractor.exe"
-                },
-                {
-                    "Filename": "G2MFeedback.exe"
-                },
-                {
-                    "Filename": "G2MHost.exee"
-                },
-                {
-                    "Filename": "G2MInstaller.exe"
-                },
-                {
-                    "Filename": "G2MInstallerExtractor.exe"
-                },
-                {
-                    "Filename": "G2MInstHigh.exe"
-                },
-                {
-                    "Filename": "G2MLauncher.exe"
-                },
-                {
-                    "Filename": "G2MMatchMaking.exe"
-                },
-                {
-                    "Filename": "G2MMaterials.exe"
-                },
-                {
-                    "Filename": "G2MPolling.exe"
-                },
-                {
-                    "Filename": "G2MQandA.exe"
-                },
-                {
-                    "Filename": "G2MRecorder.exe"
-                },
-                {
-                    "Filename": "G2MScrUtil64.exe"
-                },
-                {
-                    "Filename": "G2MSessionControl.exe"
-                },
-                {
-                    "Filename": "G2MStart.exe"
-                },
-                {
-                    "Filename": "G2MTesting.exe"
-                },
-                {
-                    "Filename": "G2MTranscoder.exe"
-                },
-                {
-                    "Filename": "G2MUI.exe"
-                },
-                {
-                    "Filename": "G2MUninstall.exe"
-                },
-                {
-                    "Filename": "g2mupload.exe"
-                },
-                {
-                    "Filename": "g2mvideoconference.exe"
-                },
-                {
-                    "Filename": "G2MView.exe"
-                },
-                {
-                    "Filename": "g2printh.exe"
-                },
-                {
-                    "Filename": "g2quick.exe"
-                },
-                {
-                    "Filename": "g2svc.exe"
-                },
-                {
-                    "Filename": "g2tray.exe"
-                },
-                {
-                    "Filename": "gopcsrv.exe"
-                },
-                {
-                    "Filename": "GoToScrUtils.exe"
-                },
-                {
-                    "Filename": "GoTo.exe",
-                    "OriginalFileName": "",
-                    "Description": ""
-                }
-            ],
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\GoToMyPC\\*"
+                "tdp2tcp.exe",
+                "rdp2tcp.py"
             ]
         },
         "Artifacts": {
-            "Disk": [
-                {
-                    "File": "%AppData%\\GoTo\\Logs\\goto.log",
-                    "Description": "N/A",
-                    "OS": "Windows"
-                }
-            ],
+            "Disk": [],
             "EventLog": [],
-            "Registry": [
-                {
-                    "Path": "HKEY_LOCAL_MACHINE\\WOW6432Node\\Citrix\\GoToMyPc",
-                    "Description": "Configuration settings including registration email"
-                },
-                {
-                    "Path": "HKEY_LOCAL_MACHINE\\WOW6432Node\\Citrix\\GoToMyPc\\GuestInvite",
-                    "Description": "Guest invites send to connect"
-                },
-                {
-                    "Path": "HKEY_CURRENT_USER\\SOFTWARE\\Citrix\\GoToMyPc\\FileTransfer\\history",
-                    "Description": "hostname of the computer making connections and location of transferred files"
-                },
-                {
-                    "Path": "HKEY_USERS\\<SID>\\SOFTWARE\\Citrix\\GoToMyPc\\FileTransfer\\history",
-                    "Description": "hostname of the computer making connections and location of transferred files"
-                }
-            ],
+            "Registry": [],
             "Network": [
                 {
-                    "Description": "N/A",
+                    "Description": "Known remote domains",
                     "Domains": [
-                        "*.GoToMyPC.com"
+                        "user_managed",
+                        "github.com/V-E-O/rdp2tcp"
                     ],
-                    "Ports": [
-                        "N/A"
-                    ]
+                    "Ports": []
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotomypc_registry_sigma.yml",
-                "Description": "Detects potential registry activity of GoToMyPC RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotomypc_network_sigma.yml",
-                "Description": "Detects potential network activity of GoToMyPC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_network_sigma.yml",
+                "Description": "Detects potential network activity of rdp2tcp RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotomypc_files_sigma.yml",
-                "Description": "Detects potential files activity of GoToMyPC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of rdp2tcp RMM tool"
             }
         ],
         "References": [
-            "https://support.logmeininc.com/gotomypc/help/what-are-the-optimal-firewall-configurations#",
-            "https://support.goto.com/training/help/how-do-i-configure-gototraining-to-work-with-firewalls",
-            "https://ruler-project.github.io/ruler-project/RULER/remote/Citrix%20GoToMyPC/"
+            "github.com/V-E-O/rdp2tcp"
         ],
-        "Acknowledgement": [
-            {
-                "Person": "Phill Moore",
-                "Handle": "@phillmoore"
-            }
-        ]
+        "Acknowledgement": []
     },
     {
-        "Name": "Laplink Everywhere",
-        "Description": "Laplink Everywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RunSmart",
+        "Description": "RunSmart is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15177,14 +14977,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "laplink.exe",
-                "laplink-everywhere-setup*.exe",
-                "laplinkeverywhere.exe",
-                "llrcservice.exe",
-                "serverproxyservice.exe",
-                "OOSysAgent.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -15194,9 +14987,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "everywhere.laplink.com",
-                        "le.laplink.com",
-                        "atled.syspectr.com"
+                        "runsmart.io"
                     ],
                     "Ports": []
                 }
@@ -15204,25 +14995,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_everywhere_network_sigma.yml",
-                "Description": "Detects potential network activity of Laplink Everywhere RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_everywhere_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Laplink Everywhere RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/runsmart_network_sigma.yml",
+                "Description": "Detects potential network activity of RunSmart RMM tool"
             }
         ],
-        "References": [
-            "https://everywhere.laplink.com/docs"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Syspectr",
-        "Description": "Syspectr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Fortra",
+        "Description": "Fortra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/26/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15236,10 +15021,7 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": [
-                "oo-syspectr*.exe",
-                "OOSysAgent.exe"
-            ]
+            "InstallationPaths": []
         },
         "Artifacts": {
             "Disk": [],
@@ -15249,8 +15031,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "atled.syspectr.com",
-                        "app.syspectr.com"
+                        "fortra.com"
                     ],
                     "Ports": []
                 }
@@ -15258,25 +15039,21 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syspectr_network_sigma.yml",
-                "Description": "Detects potential network activity of Syspectr RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syspectr_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Syspectr RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fortra_network_sigma.yml",
+                "Description": "Detects potential network activity of Fortra RMM tool"
             }
         ],
         "References": [
-            "https://www.syspectr.com/en/installation-in-a-network"
+            "https://www.fortra.com - No free/cloud RMM softwars listed"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Remote Utilities",
-        "Description": "Remote Utilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "RemoteUtilities",
+        "Description": "RemoteUtilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15292,7 +15069,11 @@
             "Vulnerabilities": [],
             "InstallationPaths": [
                 "rutview.exe",
-                "rutserv.exe"
+                "*\\Remote Manipulator System - Server\\*",
+                "C:\\Program Files\\Remote Utilities\\*",
+                "*\\Remote Utilities\\*",
+                "rutserv.exe",
+                "*\\rutserv.exe"
             ]
         },
         "Artifacts": {
@@ -15303,7 +15084,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.internetid.ru"
+                        "remoteutilities.com"
                     ],
                     "Ports": []
                 }
@@ -15311,22 +15092,20 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_utilities_network_sigma.yml",
-                "Description": "Detects potential network activity of Remote Utilities RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_network_sigma.yml",
+                "Description": "Detects potential network activity of RemoteUtilities RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_utilities_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Remote Utilities RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_processes_sigma.yml",
+                "Description": "Detects potential processes activity of RemoteUtilities RMM tool"
             }
         ],
-        "References": [
-            "https://www.remoteutilities.com/download/"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Remcos",
-        "Description": "Remcos is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "rclone",
+        "Description": "rclone is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -15344,7 +15123,10 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "remcos*.exe"
+                "portable tool. No install path",
+                "portable tool. No install path",
+                "rclone*.zip",
+                "*\\rclone.exe"
             ]
         },
         "Artifacts": {
@@ -15355,16 +15137,16 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remcos_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Remcos RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rclone_processes_sigma.yml",
+                "Description": "Detects potential processes activity of rclone RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "ISL Online",
-        "Description": "ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Level.io",
+        "Description": "Level.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/8/2024",
@@ -15382,13 +15164,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "islalwaysonmonitor.exe",
-                "isllight.exe",
-                "isllightservice.exe",
-                "ISLLightClient.exe",
-                "C:\\Program Files (x86)\\ISL Online\\ISL Light*",
-                "*\\ISL Online\\ISL Light*",
-                "*\\ISLLight.exe"
+                "level-windows-amd64.exe",
+                "level.exe",
+                "level-remote-control-ffmpeg.exe"
             ]
         },
         "Artifacts": {
@@ -15399,8 +15177,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.islonline.com",
-                        "*.islonline.net"
+                        "level.io",
+                        "*.level.io"
                     ],
                     "Ports": []
                 }
@@ -15408,25 +15186,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml",
-                "Description": "Detects potential network activity of ISL Online RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_network_sigma.yml",
+                "Description": "Detects potential network activity of Level.io RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ISL Online RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Level.io RMM tool"
             }
         ],
         "References": [
-            "https://help.islonline.com/19818/165940"
+            "https://docs.level.io/1.0/admin-guides/troubleshooting-agent-issues"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "DragonDisk",
-        "Description": "DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Jump Cloud",
+        "Description": "Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15441,29 +15219,38 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\Almageste\\DragonDisk\\*",
-                "*\\Almageste\\DragonDisk\\*",
-                "*\\DragonDisk.exe"
+                "JumpCloud*.exe "
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.api.jumpcloud.com",
+                        "*.assist.jumpcloud.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dragondisk_processes_sigma.yml",
-                "Description": "Detects potential processes activity of DragonDisk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_cloud_network_sigma.yml",
+                "Description": "Detects potential network activity of Jump Cloud RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://jumpcloud.com/support/understand-remote-assist-agent"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "FleetDeck.io",
-        "Description": "FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Royal TS",
+        "Description": "Royal TS is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -15481,11 +15268,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "fleetdeck_agent_svc.exe",
-                "fleetdeck_commander_svc.exe",
-                "fleetdeck_installer.exe",
-                "fleetdeck_commander_launcher.exe",
-                "fleetdeck_agent.exe"
+                "royalts.exe"
             ]
         },
         "Artifacts": {
@@ -15496,7 +15279,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "fleetdeck.io"
+                        "royalapps.com"
                     ],
                     "Ports": []
                 }
@@ -15504,23 +15287,23 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_network_sigma.yml",
-                "Description": "Detects potential network activity of FleetDeck.io RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_network_sigma.yml",
+                "Description": "Detects potential network activity of Royal TS RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_processes_sigma.yml",
-                "Description": "Detects potential processes activity of FleetDeck.io RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Royal TS RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Chrome Remote Desktop",
-        "Description": "Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "MioNet (WD Anywhere Access)",
+        "Description": "MioNet (WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/7/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15535,50 +15318,33 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "remote_host.exe",
-                "remoting_host.exe",
-                "C:\\Program Files (x86)\\Google\\Chrome Remote Desktop\\*",
-                "*\\Google\\Chrome Remote Desktop\\*",
-                "*\\remoting_host.exe"
+                "mionet.exe",
+                "mionetmanager.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
-            "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*remotedesktop-pa.googleapis.com",
-                        "*remotedesktop.google.com",
-                        "remotedesktop.google.com"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Registry": [],
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml",
-                "Description": "Detects potential network activity of Chrome Remote Desktop RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Chrome Remote Desktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mionet__wd_anywhere_access__processes_sigma.yml",
+                "Description": "Detects potential processes activity of MioNet (WD Anywhere Access) RMM tool"
             }
         ],
         "References": [
-            "https://support.google.com/chrome/a/answer/2799701?hl=en"
+            "https://en.wikipedia.org/wiki/WD_Anywhere_Access - DOA as of 2016"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "RealVNC",
-        "Description": "RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SpyAnywhere",
+        "Description": "SpyAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15592,21 +15358,43 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "sysdiag.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.spytech-web.com",
+                        "spyanywhere.com"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_network_sigma.yml",
+                "Description": "Detects potential network activity of SpyAnywhere RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_processes_sigma.yml",
+                "Description": "Detects potential processes activity of SpyAnywhere RMM tool"
+            }
+        ],
+        "References": [
+            "https://www.spyanywhere.com/support.shtml"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "rsync",
-        "Description": "rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "FreeFileSync",
+        "Description": "FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -15623,7 +15411,11 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\Program Files\\FreeFileSync\\*",
+                "*\\FreeFileSync\\*",
+                "*\\FreeFileSync.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -15631,16 +15423,21 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freefilesync_processes_sigma.yml",
+                "Description": "Detects potential processes activity of FreeFileSync RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Datto",
-        "Description": "Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Ericom AccessNow",
+        "Description": "Ericom AccessNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15654,7 +15451,10 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "accessserver*.exe",
+                "accessserver.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -15664,7 +15464,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "datto.com"
+                        "user_managed",
+                        "ericom.com"
                     ],
                     "Ports": []
                 }
@@ -15672,16 +15473,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/datto_network_sigma.yml",
-                "Description": "Detects potential network activity of Datto RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_network_sigma.yml",
+                "Description": "Detects potential network activity of Ericom AccessNow RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Ericom AccessNow RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://www.ericom.com/connect-accessnow/"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "CloudExplorer",
-        "Description": "CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ExpanDrive",
+        "Description": "ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -15698,7 +15505,10 @@
             "SupportedOS": [],
             "Capabilities": [],
             "Vulnerabilities": [],
-            "InstallationPaths": []
+            "InstallationPaths": [
+                "C:\\Users\\*\\ExpanDrive.exe",
+                "*\\ExpanDrive.exe"
+            ]
         },
         "Artifacts": {
             "Disk": [],
@@ -15706,16 +15516,21 @@
             "Registry": [],
             "Network": []
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/expandrive_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ExpanDrive RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Supremo",
-        "Description": "Supremo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Level.io",
+        "Description": "Level.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/13/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15730,10 +15545,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "supremo.exe",
-                "supremoservice.exe",
-                "supremosystem.exe",
-                "supremohelper.exe"
+                "level-windows-amd64.exe",
+                "level.exe",
+                "level-remote-control-ffmpeg.exe"
             ]
         },
         "Artifacts": {
@@ -15744,9 +15558,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "supremocontrol.com",
-                        "*.supremocontrol.com",
-                        "* .nanosystems.it"
+                        "level.io",
+                        "*.level.io"
                     ],
                     "Ports": []
                 }
@@ -15754,22 +15567,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_network_sigma.yml",
-                "Description": "Detects potential network activity of Supremo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_network_sigma.yml",
+                "Description": "Detects potential network activity of Level.io RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Supremo RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Level.io RMM tool"
             }
         ],
         "References": [
-            "https://www.supremocontrol.com/frequently-asked-questions/"
+            "https://docs.level.io/1.0/admin-guides/troubleshooting-agent-issues"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "GoToAssist Agent Desktop Console",
-        "Description": "GoToAssist Agent Desktop Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "MultCloud",
+        "Description": "MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -15787,8 +15600,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\*\\G2RDesktopConsole-x64.msi",
-                "*\\G2RDesktopConsole-x64.msi"
+                "requires sign up",
+                "requires sign up"
             ]
         },
         "Artifacts": {
@@ -15802,11 +15615,11 @@
         "Acknowledgement": []
     },
     {
-        "Name": "ConnectWise Control",
-        "Description": "ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Auvik",
+        "Description": "Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15821,10 +15634,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "screenconnect.clientservice.exe",
-                "connectwisecontrol.client.exe",
-                "screenconnect.windowsclient.exe",
-                "connectwisechat-customer.exe"
+                "auvik.engine.exe",
+                "auvik.agent.exe"
             ]
         },
         "Artifacts": {
@@ -15835,8 +15646,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "live.screenconnect.com",
-                        "control.connectwise.com"
+                        "*.my.auvik.com",
+                        "*.auvik.com",
+                        "auvik.com"
                     ],
                     "Ports": []
                 }
@@ -15844,23 +15656,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml",
-                "Description": "Detects potential network activity of ConnectWise Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_network_sigma.yml",
+                "Description": "Detects potential network activity of Auvik RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ConnectWise Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Auvik RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "https://support.auvik.com/hc/en-us/articles/204315700-What-protocols-and-ports-does-the-Auvik-collector-use"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "RemoteView",
-        "Description": "RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Goverlan",
+        "Description": "Goverlan is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15875,10 +15689,14 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "remoteview.exe",
-                "rv.exe",
-                "rvagent.exe",
-                "rvagtray.exe"
+                "goverrmc.exe",
+                "govsrv*.exe",
+                "GovAgentInstallHelper.exe",
+                "GovAgentx64.exe",
+                "GovReachClient.exe",
+                "C:\\Program Files (x86)\\PJ Technologies\\GOVsrv\\*",
+                "*\\PJ Technologies\\GOVsrv\\*",
+                "*\\GovSrv.exe"
             ]
         },
         "Artifacts": {
@@ -15889,9 +15707,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*content.rview.com",
-                        "*.rview.com",
-                        "content.rview.com"
+                        "user_managed",
+                        "goverlan.com"
                     ],
                     "Ports": []
                 }
@@ -15899,59 +15716,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_network_sigma.yml",
-                "Description": "Detects potential network activity of RemoteView RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_network_sigma.yml",
+                "Description": "Detects potential network activity of Goverlan RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_processes_sigma.yml",
-                "Description": "Detects potential processes activity of RemoteView RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Goverlan RMM tool"
             }
         ],
         "References": [
-            "https://help.rview.com/hc/en-us/articles/360005175994--RemoteView-Server-list-for-firewall"
+            "https://www.goverlan.com/pdf/Goverlan-Remote-Control-Software.pdf"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "VNC Connect",
-        "Description": "VNC Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files\\RealVNC\\VNC Server\\*",
-                "*\\RealVNC\\VNC Server\\*"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Syncthing",
-        "Description": "Syncthing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Pcnow",
+        "Description": "Pcnow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -15966,29 +15749,43 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Users\\*\\AppData\\Roaming\\SyncTrayzor\\*",
-                "*Users\\*\\AppData\\Roaming\\SyncTrayzor\\*",
-                "*\\Syncthing.exe"
+                "mwcliun.exe",
+                "pcnmgr.exe",
+                "webexpcnow.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "au.pcmag.com/utilities/21470/webex-pcnow"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncthing_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Syncthing RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_network_sigma.yml",
+                "Description": "Detects potential network activity of Pcnow RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Pcnow RMM tool"
             }
         ],
-        "References": [],
+        "References": [
+            "http://pcnow.webex.com/ - DOA as of 2024"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "KHelpDesk",
-        "Description": "KHelpDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "DeskShare",
+        "Description": "DeskShare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/26/2024",
@@ -16006,7 +15803,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "KHelpDesk.exe"
+                "TeamTaskManager.exe",
+                "DSGuest.exe"
             ]
         },
         "Artifacts": {
@@ -16017,7 +15815,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.khelpdesk.com.br"
+                        "user_managed"
                     ],
                     "Ports": []
                 }
@@ -16025,25 +15823,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_network_sigma.yml",
-                "Description": "Detects potential network activity of KHelpDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskshare_network_sigma.yml",
+                "Description": "Detects potential network activity of DeskShare RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_processes_sigma.yml",
-                "Description": "Detects potential processes activity of KHelpDesk RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/deskshare_processes_sigma.yml",
+                "Description": "Detects potential processes activity of DeskShare RMM tool"
             }
         ],
         "References": [
-            "https://www.khelpdesk.com.br/en-us"
+            "https://www.deskshare.com/help/fml/Active-and-Passive-connection-mode.aspx"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Netop Remote Control (Impero Connect)",
-        "Description": "Netop Remote Control (Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "MyGreenPC",
+        "Description": "MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/26/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -16058,15 +15856,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "nhostsvc.exe",
-                "nhstw32.exe",
-                "ngstw32.exe",
-                "Netop Ondemand.exe",
-                "nldrw32.exe",
-                "rmserverconsolemediator.exe",
-                "ImperoInit.exe",
-                "Connect.Backdrop.cloud*.exe",
-                "ImperoClientSVC.exe"
+                "mygreenpc.exe"
             ]
         },
         "Artifacts": {
@@ -16077,8 +15867,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.connect.backdrop.cloud",
-                        "*.netop.com"
+                        "*mygreenpc.com"
                     ],
                     "Ports": []
                 }
@@ -16086,32 +15875,148 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__network_sigma.yml",
-                "Description": "Detects potential network activity of Netop Remote Control (Impero Connect) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_network_sigma.yml",
+                "Description": "Detects potential network activity of MyGreenPC RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Netop Remote Control (Impero Connect) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_processes_sigma.yml",
+                "Description": "Detects potential processes activity of MyGreenPC RMM tool"
             }
         ],
         "References": [
-            "https://kb.netop.com/article/firewall-and-proxy-server-considerations-when-using-netop-portal-communication-373.html"
+            "http://www.mygreenpc.com/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Bitvise SSH Server",
-        "Description": "Bitvise SSH Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
+        "Name": "GoToMyPC",
+        "Description": "GoToMyPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n",
+        "Author": "Nasreddine Bencherchali",
+        "Created": "2024-08-05",
+        "LastModified": "2024-08-05",
         "Details": {
             "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
+            "PEMetadata": [
+                {
+                    "Filename": "AppCore.exe"
+                },
+                {
+                    "Filename": "g2comm.exe"
+                },
+                {
+                    "Filename": "g2file*.exe"
+                },
+                {
+                    "Filename": "g2fileh.exe"
+                },
+                {
+                    "Filename": "g2host.exe"
+                },
+                {
+                    "Filename": "g2m_download.exe"
+                },
+                {
+                    "Filename": "g2mainh.exe"
+                },
+                {
+                    "Filename": "G2MChat.exe"
+                },
+                {
+                    "Filename": "G2MCodecInstExtractor.exe"
+                },
+                {
+                    "Filename": "G2MComm.exe"
+                },
+                {
+                    "Filename": "G2MCoreInstExtractor.exe"
+                },
+                {
+                    "Filename": "G2MFeedback.exe"
+                },
+                {
+                    "Filename": "G2MHost.exee"
+                },
+                {
+                    "Filename": "G2MInstaller.exe"
+                },
+                {
+                    "Filename": "G2MInstallerExtractor.exe"
+                },
+                {
+                    "Filename": "G2MInstHigh.exe"
+                },
+                {
+                    "Filename": "G2MLauncher.exe"
+                },
+                {
+                    "Filename": "G2MMatchMaking.exe"
+                },
+                {
+                    "Filename": "G2MMaterials.exe"
+                },
+                {
+                    "Filename": "G2MPolling.exe"
+                },
+                {
+                    "Filename": "G2MQandA.exe"
+                },
+                {
+                    "Filename": "G2MRecorder.exe"
+                },
+                {
+                    "Filename": "G2MScrUtil64.exe"
+                },
+                {
+                    "Filename": "G2MSessionControl.exe"
+                },
+                {
+                    "Filename": "G2MStart.exe"
+                },
+                {
+                    "Filename": "G2MTesting.exe"
+                },
+                {
+                    "Filename": "G2MTranscoder.exe"
+                },
+                {
+                    "Filename": "G2MUI.exe"
+                },
+                {
+                    "Filename": "G2MUninstall.exe"
+                },
+                {
+                    "Filename": "g2mupload.exe"
+                },
+                {
+                    "Filename": "g2mvideoconference.exe"
+                },
+                {
+                    "Filename": "G2MView.exe"
+                },
+                {
+                    "Filename": "g2printh.exe"
+                },
+                {
+                    "Filename": "g2quick.exe"
+                },
+                {
+                    "Filename": "g2svc.exe"
+                },
+                {
+                    "Filename": "g2tray.exe"
+                },
+                {
+                    "Filename": "gopcsrv.exe"
+                },
+                {
+                    "Filename": "GoToScrUtils.exe"
+                },
+                {
+                    "Filename": "GoTo.exe",
+                    "OriginalFileName": "",
+                    "Description": ""
+                }
+            ],
             "Privileges": "",
             "Free": "",
             "Verification": "",
@@ -16119,32 +16024,80 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\Bitvise SSH Server\\*",
-                "*\\Bitvise SSH Server\\*",
-                "*\\BvSshServer-Inst.exe"
+                "C:\\Program Files (x86)\\GoToMyPC\\*"
             ]
         },
         "Artifacts": {
-            "Disk": [],
+            "Disk": [
+                {
+                    "File": "%AppData%\\GoTo\\Logs\\goto.log",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                }
+            ],
             "EventLog": [],
-            "Registry": [],
-            "Network": []
+            "Registry": [
+                {
+                    "Path": "HKEY_LOCAL_MACHINE\\WOW6432Node\\Citrix\\GoToMyPc",
+                    "Description": "Configuration settings including registration email"
+                },
+                {
+                    "Path": "HKEY_LOCAL_MACHINE\\WOW6432Node\\Citrix\\GoToMyPc\\GuestInvite",
+                    "Description": "Guest invites send to connect"
+                },
+                {
+                    "Path": "HKEY_CURRENT_USER\\SOFTWARE\\Citrix\\GoToMyPc\\FileTransfer\\history",
+                    "Description": "hostname of the computer making connections and location of transferred files"
+                },
+                {
+                    "Path": "HKEY_USERS\\<SID>\\SOFTWARE\\Citrix\\GoToMyPc\\FileTransfer\\history",
+                    "Description": "hostname of the computer making connections and location of transferred files"
+                }
+            ],
+            "Network": [
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "*.GoToMyPC.com"
+                    ],
+                    "Ports": [
+                        "N/A"
+                    ]
+                }
+            ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_server_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Bitvise SSH Server RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotomypc_registry_sigma.yml",
+                "Description": "Detects potential registry activity of GoToMyPC RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotomypc_network_sigma.yml",
+                "Description": "Detects potential network activity of GoToMyPC RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotomypc_files_sigma.yml",
+                "Description": "Detects potential files activity of GoToMyPC RMM tool"
             }
         ],
-        "References": [],
-        "Acknowledgement": []
+        "References": [
+            "https://support.logmeininc.com/gotomypc/help/what-are-the-optimal-firewall-configurations#",
+            "https://support.goto.com/training/help/how-do-i-configure-gototraining-to-work-with-firewalls",
+            "https://ruler-project.github.io/ruler-project/RULER/remote/Citrix%20GoToMyPC/"
+        ],
+        "Acknowledgement": [
+            {
+                "Person": "Phill Moore",
+                "Handle": "@phillmoore"
+            }
+        ]
     },
     {
-        "Name": "Cloud Turtle",
-        "Description": "Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Jump Desktop",
+        "Description": "Jump Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -16159,26 +16112,51 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files (x86)\\Genie9\\*",
-                "*\\Genie9\\*"
+                "jumpclient.exe",
+                "jumpdesktop.exe",
+                "jumpservice.exe",
+                "jumpconnect.exe",
+                "jumpupdater.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.jumpdesktop.com",
+                        "jumpdesktop.com",
+                        "jumpto.me",
+                        "*.jumpto.me"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_network_sigma.yml",
+                "Description": "Detects potential network activity of Jump Desktop RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Jump Desktop RMM tool"
+            }
+        ],
+        "References": [
+            "https://support.jumpdesktop.com/hc/en-us/articles/360042490351-Administrators-Guide-For-Jump-Desktop-Connect"
+        ],
         "Acknowledgement": []
     },
     {
-        "Name": "Apple Remote Desktop",
-        "Description": "Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Splashtop Remote",
+        "Description": "Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/24/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -16193,7 +16171,13 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ARDAgent.app"
+                "strwinclt.exe",
+                "Splashtop_Streamer_Windows*.exe",
+                "SplashtopSOS.exe",
+                "sragent.exe",
+                "srmanager.exe",
+                "srserver.exe",
+                "srservice.exe"
             ]
         },
         "Artifacts": {
@@ -16204,7 +16188,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed"
+                        "splashtop.com",
+                        "*.api.splashtop.com",
+                        "*.relay.splashtop.com",
+                        "*.api.splashtop.eu"
                     ],
                     "Ports": []
                 }
@@ -16212,21 +16199,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/apple_remote_desktop_network_sigma.yml",
-                "Description": "Detects potential network activity of Apple Remote Desktop RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_network_sigma.yml",
+                "Description": "Detects potential network activity of Splashtop Remote RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Splashtop Remote RMM tool"
             }
         ],
         "References": [
-            "https://support.apple.com/guide/remote-desktop/install-and-set-up-remote-desktop-apdf49e03a4/mac"
+            "https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/115001811966-What-are-the-Firewall-Exceptions-and-IP-addresses-of-Splashtop-servers-Services"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Chrome SSH Extension",
-        "Description": "Chrome SSH Extension is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Distant Desktop",
+        "Description": "Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -16241,49 +16232,39 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Users\\*\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\iodihamcpbpeioajjeobimgagajmlibd*",
-                "*Users\\*\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\iodihamcpbpeioajjeobimgagajmlibd*"
+                "distant-desktop.exe",
+                "dd.exe",
+                "ddsystem.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "*.distantdesktop.com",
+                        "*signalserver.xyz"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "CloudGopher",
-        "Description": "CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml",
+                "Description": "Detects potential network activity of Distant Desktop RMM tool"
             },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": []
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Distant Desktop RMM tool"
+            }
+        ],
+        "References": [
+            "https://www.distantdesktop.com/manual/first-start.htm"
+        ],
         "Acknowledgement": []
     },
     {
@@ -16400,51 +16381,11 @@
         "Acknowledgement": []
     },
     {
-        "Name": "Yandex.Disk",
-        "Description": "Yandex.Disk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\Yandex\\*",
-                "*\\Yandex\\*",
-                "*\\YandexDisk2.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/yandex.disk_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Yandex.Disk RMM tool"
-            }
-        ],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "N-Able Advanced Monitoring Agent",
-        "Description": "N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ZeroTier",
+        "Description": "ZeroTier is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/14/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -16459,13 +16400,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "BASupSrvc.exe",
-                "winagent.exe",
-                "BASupApp.exe",
-                "BASupTSHelper.exe",
-                "Agent_*_RW.exe",
-                "BASEClient.exe",
-                "BASupSrvcCnfg.exe"
+                "zerotier*.msi",
+                "zerotier*.exe",
+                "zero-powershell.exe"
             ]
         },
         "Artifacts": {
@@ -16476,25 +16413,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.beanywhere.com ",
-                        "systemmonitor.co.uk",
-                        "*system-monitor.com",
-                        "cloudbackup.management",
-                        "*systemmonitor.co.uk",
-                        "n-able.com",
-                        "systemmonitor.us",
-                        "*systemmonitor.eu.com",
-                        "*.logicnow.com",
-                        "*.swi-tc.com",
-                        "*remote.management",
-                        "systemmonitor.us.cdn.cloudflare.net",
-                        "*cloudbackup.management",
-                        "remote.management",
-                        "logicnow.com",
-                        "system-monitor.com",
-                        "*systemmonitor.us",
-                        "systemmonitor.eu.com",
-                        "*.n-able.com"
+                        "zerotier.com",
+                        "*.zerotier.com"
                     ],
                     "Ports": []
                 }
@@ -16502,22 +16422,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_network_sigma.yml",
-                "Description": "Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_network_sigma.yml",
+                "Description": "Detects potential network activity of ZeroTier RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_processes_sigma.yml",
-                "Description": "Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ZeroTier RMM tool"
             }
         ],
         "References": [
-            "https://documentation.n-able.com/takecontrol/troubleshooting/Content/kb/Take-Control-Standalone-Ports-and-Domains-Firewall-and-AV-Exclusions.htm"
+            "https://my.zerotier.com/"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "MyIVO",
-        "Description": "MyIVO is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "QQ IM-remote assistance",
+        "Description": "QQ IM-remote assistance is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/9/2024",
@@ -16535,8 +16455,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "myivomgr.exe",
-                "myivomanager.exe"
+                "qq.exe",
+                "QQProtect.exe",
+                "qqpcmgr.exe"
             ]
         },
         "Artifacts": {
@@ -16547,7 +16468,10 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "myivo-server.software.informer.com"
+                        "*.mdt.qq.com",
+                        "*.desktop.qq.com",
+                        "upload_data.qq.com",
+                        "qq-messenger.en.softonic.com"
                     ],
                     "Ports": []
                 }
@@ -16555,22 +16479,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_network_sigma.yml",
-                "Description": "Detects potential network activity of MyIVO RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_network_sigma.yml",
+                "Description": "Detects potential network activity of QQ IM-remote assistance RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_processes_sigma.yml",
-                "Description": "Detects potential processes activity of MyIVO RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_processes_sigma.yml",
+                "Description": "Detects potential processes activity of QQ IM-remote assistance RMM tool"
             }
         ],
         "References": [
-            "myivo.com - DOA as of 2024"
+            "https://en.wikipedia.org/wiki/Tencent_QQ"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "FreeFileSync",
-        "Description": "FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ExtraPuTTY",
+        "Description": "ExtraPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -16588,9 +16512,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Program Files\\FreeFileSync\\*",
-                "*\\FreeFileSync\\*",
-                "*\\FreeFileSync.exe"
+                "C:\\Users\\*\\ExtraPuTTY-0.30-2016-01-28-installer.exe",
+                "*Users\\*\\ExtraPuTTY-0.30-2016-01-28-installer.exe",
+                "*\\ExtraPuTTY-0.30-2016-01-28-installer.exe"
             ]
         },
         "Artifacts": {
@@ -16601,19 +16525,19 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freefilesync_processes_sigma.yml",
-                "Description": "Detects potential processes activity of FreeFileSync RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/extraputty_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ExtraPuTTY RMM tool"
             }
         ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "ITSupport247 (ConnectWise)",
-        "Description": "ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "GoToAssist (GoTo Resolve)",
+        "Description": "GoToAssist (GoTo Resolve) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -16628,41 +16552,24 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "saazapsc.exe"
+                "C:\\ProgramFiles*\\GoTo Machine Installer\\*",
+                "*\\GoTo Machine Installer\\*",
+                "*\\GoTo\\*"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "*.itsupport247.net"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__network_sigma.yml",
-                "Description": "Detects potential network activity of ITSupport247 (ConnectWise) RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__processes_sigma.yml",
-                "Description": "Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool"
-            }
-        ],
-        "References": [
-            "https://control.itsupport247.net/"
-        ],
+        "Detections": [],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "VNC",
-        "Description": "VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "TurboMeeting",
+        "Description": "TurboMeeting is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/14/2024",
@@ -16680,13 +16587,9 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "winvnc*.exe",
-                "vncserver.exe",
-                "winwvc.exe",
-                "winvncsc.exe",
-                "vncserverui.exe",
-                "vncviewer.exe",
-                "winvnc.exe"
+                "pcstarter.exe",
+                "turbomeeting.exe",
+                "turbomeetingstarter.exe"
             ]
         },
         "Artifacts": {
@@ -16698,7 +16601,7 @@
                     "Description": "Known remote domains",
                     "Domains": [
                         "user_managed",
-                        "realvnc.com/en/connect/download/vnc"
+                        "acceo.com/turbomeeting/"
                     ],
                     "Ports": []
                 }
@@ -16706,25 +16609,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_network_sigma.yml",
-                "Description": "Detects potential network activity of VNC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_network_sigma.yml",
+                "Description": "Detects potential network activity of TurboMeeting RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of VNC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_processes_sigma.yml",
+                "Description": "Detects potential processes activity of TurboMeeting RMM tool"
             }
         ],
         "References": [
-            "https://realvnc.com/en/connect/download/vnc"
+            "http://sourcing.rhubcom.com/v5/faqs.html#collapsetwentysix2-topdiv"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "ServerEye",
-        "Description": "ServerEye is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Chrome Remote Desktop",
+        "Description": "Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -16739,8 +16642,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "servereye*.exe",
-                "ServiceProxyLocalSys.exe"
+                "remote_host.exe",
+                "remoting_host.exe",
+                "C:\\Program Files (x86)\\Google\\Chrome Remote Desktop\\*",
+                "*\\Google\\Chrome Remote Desktop\\*",
+                "*\\remoting_host.exe"
             ]
         },
         "Artifacts": {
@@ -16751,7 +16657,9 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.server-eye.de"
+                        "*remotedesktop.google.com",
+                        "*remotedesktop-pa.googleapis.com",
+                        "remotedesktop.google.com"
                     ],
                     "Ports": []
                 }
@@ -16759,25 +16667,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_network_sigma.yml",
-                "Description": "Detects potential network activity of ServerEye RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml",
+                "Description": "Detects potential network activity of Chrome Remote Desktop RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_processes_sigma.yml",
-                "Description": "Detects potential processes activity of ServerEye RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Chrome Remote Desktop RMM tool"
             }
         ],
         "References": [
-            "https://www.servereye.de/wp-content/uploads/Anleitung-zur-Erstinstallation_aktuell.pdf"
+            "https://support.google.com/chrome/a/answer/2799701?hl=en"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Rapid7",
-        "Description": "Rapid7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "SimpleHelp",
+        "Description": "SimpleHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/14/2024",
+        "LastModified": "2/9/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -16792,9 +16700,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "ir_agent.exe",
-                "rapid7_agent_core.exe",
-                "rapid7_endpoint_broker.exe"
+                "simplehelpcustomer.exe",
+                "simpleservice.exe",
+                "simplegatewayservice.exe",
+                "remote access.exe",
+                "windowslauncher.exe"
             ]
         },
         "Artifacts": {
@@ -16805,8 +16715,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*.analytics.insight.rapid7.com",
-                        "*.endpoint.ingress.rapid7.com"
+                        "user_managed",
+                        "simple-help.com"
                     ],
                     "Ports": []
                 }
@@ -16814,57 +16724,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_network_sigma.yml",
-                "Description": "Detects potential network activity of Rapid7 RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_network_sigma.yml",
+                "Description": "Detects potential network activity of SimpleHelp RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Rapid7 RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_processes_sigma.yml",
+                "Description": "Detects potential processes activity of SimpleHelp RMM tool"
             }
         ],
         "References": [
-            "https://docs.rapid7.com/insightvm/configure-communications-with-the-insight-platform/"
+            "https://simple-help.com/remote-support"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "GoToAssist (GoTo Resolve)",
-        "Description": "GoToAssist (GoTo Resolve) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\ProgramFiles*\\GoTo Machine Installer\\*",
-                "*\\GoTo Machine Installer\\*",
-                "*\\GoTo\\*"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Ocamlfuse",
-        "Description": "Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Level",
+        "Description": "Level is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -16887,15 +16762,28 @@
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": []
+            "Network": [
+                {
+                    "Description": "Known remote domains",
+                    "Domains": [
+                        "level.io"
+                    ],
+                    "Ports": []
+                }
+            ]
         },
-        "Detections": [],
+        "Detections": [
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level_network_sigma.yml",
+                "Description": "Detects potential network activity of Level RMM tool"
+            }
+        ],
         "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "GetScreen",
-        "Description": "GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "CrossTec Remote Control",
+        "Description": "CrossTec Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "2/7/2024",
@@ -16913,8 +16801,8 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "GetScreen.exe",
-                "getscreen.exe"
+                "PCIVIDEO.EXE",
+                "supporttool.exe"
             ]
         },
         "Artifacts": {
@@ -16925,9 +16813,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "getscreen.me",
-                        "GetScreen.me",
-                        "*.getscreen.me"
+                        "user_managed",
+                        "crosstecsoftware.com/remotecontrol"
                     ],
                     "Ports": []
                 }
@@ -16935,114 +16822,312 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_network_sigma.yml",
-                "Description": "Detects potential network activity of GetScreen RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crosstec_remote_control_network_sigma.yml",
+                "Description": "Detects potential network activity of CrossTec Remote Control RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_processes_sigma.yml",
-                "Description": "Detects potential processes activity of GetScreen RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crosstec_remote_control_processes_sigma.yml",
+                "Description": "Detects potential processes activity of CrossTec Remote Control RMM tool"
             }
         ],
         "References": [
-            "https://docs.getscreen.me/self-hosted/system-requirements/"
+            "www.crosstecsoftware.com/supporthome.html - domain DOA 2/1/2024"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "MobaXterm",
-        "Description": "MobaXterm is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\*\\MobaXterm_installer_12.1.msi",
-                "*\\MobaXterm_installer_*.msi",
-                "*\\Mobatek\\MobaXterm\\*"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "CrossTec Remote Control",
-        "Description": "CrossTec Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/7/2024",
+        "Name": "TeamViewer",
+        "Description": "TeamViewer is a remote monitoring and management (RMM) tool.\n",
+        "Author": "Nasreddine Bencherchali, Michael Haag",
+        "Created": "2024-08-02",
+        "LastModified": "2024-08-02",
         "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
+            "Website": "https://www.teamviewer.com/en",
+            "PEMetadata": [
+                {
+                    "Filename": "TeamViewer.exe",
+                    "OriginalFileName": "",
+                    "Description": "",
+                    "Product": "TeamViewer"
+                }
+            ],
+            "Privileges": "user",
+            "Free": true,
+            "Verification": false,
+            "SupportedOS": [
+                "Android",
+                "ChromeOS",
+                "IOS",
+                "Linux",
+                "Mac",
+                "Windows"
+            ],
             "Capabilities": [],
-            "Vulnerabilities": [],
+            "Vulnerabilities": [
+                "https://www.cvedetails.com/vulnerability-list/vendor_id-11100/product_id-19942/Teamviewer-Teamviewer.html"
+            ],
             "InstallationPaths": [
-                "PCIVIDEO.EXE",
-                "supporttool.exe"
+                "C:\\Program Files\\TeamViewer\\",
+                "teamviewer_desktop.exe",
+                "teamviewer_service.exe",
+                "teamviewerhost"
             ]
         },
         "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
+            "Disk": [
+                {
+                    "File": "C:\\Users\\<username>\\AppData\\Local\\Temp\\TeamViewer\\TV15Install.log",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "TeamViewer\\d\\d_Logfile\\.log",
+                    "Description": "N/A",
+                    "OS": "Windows",
+                    "Type": "Regex"
+                },
+                {
+                    "File": "C:\\Program Files\\TeamViewer\\Connections_incoming.txt",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files\\TeamViewer\\TVNetwork.log",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%LOCALAPPDATA%\\Temp\\TeamViewer\\TV15Install.log",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%APPDATA%\\\\TeamViewer\\\\TeamViewer\\d\\d_Logfile\\.log",
+                    "Description": "N/A",
+                    "OS": "Windows",
+                    "Type": "Regex"
+                },
+                {
+                    "File": "teamviewerqs.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "tv_w32.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "tv_w64.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "tv_x64.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "teamviewer.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "teamviewer_service.exe",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%LOCALAPPDATA%\\TeamViewer\\Database\\tvchatfilecache.db",
+                    "Description": "SQlite 3 database storing cache about TeamViewer chat",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%LOCALAPPDATA%\\TeamViewer\\RemotePrinting\\tvprint.db",
+                    "Description": "SQlite 3 database storing TeamViewer print jobs",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\TeamViewer.lnk",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Program Files*\\TeamViewer\\connections*.txt",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                },
+                {
+                    "File": "C:\\Users\\*\\AppData\\Roaming\\TeamViewer\\MRU\\RemoteSupport\\*tvc",
+                    "Description": "N/A",
+                    "OS": "Windows"
+                }
+            ],
+            "EventLog": [
+                {
+                    "EventID": 7045,
+                    "ProviderName": "Service Control Manager",
+                    "LogFile": "System.evtx",
+                    "ServiceName": "TeamViewer",
+                    "ImagePath": "\"C:\\\\Program Files\\\\TeamViewer\\\\TeamViewer_Service.exe\"",
+                    "Description": "Service installation event as result of TeamViewer installation."
+                }
+            ],
+            "Registry": [
+                {
+                    "Path": "HKLM\\SOFTWARE\\TeamViewer\\*",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\<SID>\\SOFTWARE\\TeamViewer\\*",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\TeamViewer\\*",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\TeamViewer\\*",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MainWindowHandle",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImage",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePath",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePosition",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MinimizeToTray",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedCapturingEndpoint",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioSendingVolumeV2",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedRenderingEndpoint",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindow_Mode",
+                    "Description": "N/A"
+                },
+                {
+                    "Path": "HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindowPositions",
+                    "Description": "N/A"
+                }
+            ],
             "Network": [
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "user_managed",
-                        "crosstecsoftware.com/remotecontrol"
+                        "*.teamviewer.com"
                     ],
                     "Ports": []
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "router15.teamviewer.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "client.teamviewer.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                },
+                {
+                    "Description": "N/A",
+                    "Domains": [
+                        "taf.teamviewer.com"
+                    ],
+                    "Ports": [
+                        443
+                    ]
+                }
+            ],
+            "Other": [
+                {
+                    "Type": "Mutex",
+                    "Value": "TeamViewer_LogMutex"
+                },
+                {
+                    "Type": "Mutex",
+                    "Value": "TeamViewerHooks_DynamicMemMutex"
+                },
+                {
+                    "Type": "Mutex",
+                    "Value": "TeamViewer3_Win32_Instance_Mutex"
                 }
             ]
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crosstec_remote_control_network_sigma.yml",
-                "Description": "Detects potential network activity of CrossTec Remote Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_registry_sigma.yml",
+                "Description": "Detects potential registry activity of TeamViewer RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_network_sigma.yml",
+                "Description": "Detects potential network activity of TeamViewer RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crosstec_remote_control_processes_sigma.yml",
-                "Description": "Detects potential processes activity of CrossTec Remote Control RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_files_sigma.yml",
+                "Description": "Detects potential files activity of TeamViewer RMM tool"
+            },
+            {
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_processes_sigma.yml",
+                "Description": "Detects potential processes activity of TeamViewer RMM tool"
             }
         ],
         "References": [
-            "www.crosstecsoftware.com/supporthome.html - domain DOA 2/1/2024"
+            "https://community.teamviewer.com/English/kb/articles/4139-ports-used-by-teamviewer",
+            "https://arista.my.site.com/AristaCommunity/s/article/Security-Analysis-TeamViewer#",
+            "https://www.teamviewer.com/en/global/support/knowledge-base/teamviewer-classic/troubleshooting/log-file-reading-incoming-connection/",
+            "https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html",
+            "https://github.com/Purp1eW0lf/Blue-Team-Notes"
         ],
-        "Acknowledgement": []
+        "Acknowledgement": [
+            {
+                "Person": "Théo Letailleur",
+                "Handle": "in/theosyn"
+            }
+        ]
     },
     {
-        "Name": "Absolute (Computrace)",
-        "Description": "Absolute (Computrace) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Itarian",
+        "Description": "Itarian is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "6/18/2024",
+        "LastModified": "2/8/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -17057,11 +17142,16 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "rpcnet.exe",
-                "ctes.exe",
-                "ctespersitence.exe",
-                "cteshostsvc.exe",
-                "rpcld.exe"
+                "ITSMAgent.exe",
+                "RViewer.exe",
+                "ItsmRsp.exe",
+                "RAccess.exe",
+                "RmmService.exe",
+                "ITarianRemoteAccessSetup.exe",
+                "RDesktop.exe",
+                "ComodoRemoteControl.exe",
+                "ITSMService.exe",
+                "RHost.exe"
             ]
         },
         "Artifacts": {
@@ -17072,8 +17162,11 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*search.namequery.com",
-                        "*server.absolute.com"
+                        "mdmsupport.comodo.com",
+                        "*.itsm-us1.comodo.com",
+                        "*.cmdm.comodo.com",
+                        "remoteaccess.itarian.com",
+                        "servicedesk.itarian.com"
                     ],
                     "Ports": []
                 }
@@ -17081,62 +17174,22 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/absolute__computrace__network_sigma.yml",
-                "Description": "Detects potential network activity of Absolute (Computrace) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itarian_network_sigma.yml",
+                "Description": "Detects potential network activity of Itarian RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/absolute__computrace__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Absolute (Computrace) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itarian_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Itarian RMM tool"
             }
         ],
         "References": [
-            "https://community.absolute.com/s/article/Understanding-Absolutes-Endpoint-Agents-Rpcnet-CTES-and-search-namequery-com"
-        ],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "Xshell",
-        "Description": "Xshell is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "C:\\Program Files (x86)\\NetSarang\\xShell\\*",
-                "*\\NetSarang\\xShell\\*",
-                "*\\xShell.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xshell_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Xshell RMM tool"
-            }
+            "https://help.itarian.com/topic-459-1-1005-14776-Appendix-1b---Endpoint-Manager-Services---IP-Nos,-Host-Names-and-Port-Details---US-Customers.html"
         ],
-        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Amazon (Cloud) Drive",
-        "Description": "Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Bomgar",
+        "Description": "Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
         "LastModified": "",
@@ -17154,47 +17207,7 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "C:\\Users\\*\\AppData\\Local\\Amazon\\Cloud Drive\\*",
-                "*\\AppData\\Local\\Amazon\\Cloud Drive\\*",
-                "*\\AmazonCloudDrive.exe"
-            ]
-        },
-        "Artifacts": {
-            "Disk": [],
-            "EventLog": [],
-            "Registry": [],
-            "Network": []
-        },
-        "Detections": [
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/amazon__cloud__drive_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Amazon (Cloud) Drive RMM tool"
-            }
-        ],
-        "References": [],
-        "Acknowledgement": []
-    },
-    {
-        "Name": "MyGreenPC",
-        "Description": "MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
-        "Author": "",
-        "Created": "",
-        "LastModified": "2/26/2024",
-        "Details": {
-            "Website": "",
-            "PEMetadata": {
-                "Filename": "",
-                "OriginalFileName": "",
-                "Description": ""
-            },
-            "Privileges": "",
-            "Free": "",
-            "Verification": "",
-            "SupportedOS": [],
-            "Capabilities": [],
-            "Vulnerabilities": [],
-            "InstallationPaths": [
-                "mygreenpc.exe"
+                "bomgar-scc.exe"
             ]
         },
         "Artifacts": {
@@ -17205,7 +17218,7 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "*mygreenpc.com"
+                        "beyondtrust.com/brand/bomgar"
                     ],
                     "Ports": []
                 }
@@ -17213,25 +17226,23 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_network_sigma.yml",
-                "Description": "Detects potential network activity of MyGreenPC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_network_sigma.yml",
+                "Description": "Detects potential network activity of Bomgar RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_processes_sigma.yml",
-                "Description": "Detects potential processes activity of MyGreenPC RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Bomgar RMM tool"
             }
         ],
-        "References": [
-            "http://www.mygreenpc.com/"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Level.io",
-        "Description": "Level.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Absolute (Computrace)",
+        "Description": "Absolute (Computrace) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "6/18/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -17246,9 +17257,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "level-windows-amd64.exe",
-                "level.exe",
-                "level-remote-control-ffmpeg.exe"
+                "rpcnet.exe",
+                "ctes.exe",
+                "ctespersitence.exe",
+                "cteshostsvc.exe",
+                "rpcld.exe"
             ]
         },
         "Artifacts": {
@@ -17259,8 +17272,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "level.io",
-                        "*.level.io"
+                        "*search.namequery.com",
+                        "*server.absolute.com"
                     ],
                     "Ports": []
                 }
@@ -17268,25 +17281,25 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_network_sigma.yml",
-                "Description": "Detects potential network activity of Level.io RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/absolute__computrace__network_sigma.yml",
+                "Description": "Detects potential network activity of Absolute (Computrace) RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Level.io RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/absolute__computrace__processes_sigma.yml",
+                "Description": "Detects potential processes activity of Absolute (Computrace) RMM tool"
             }
         ],
         "References": [
-            "https://docs.level.io/1.0/admin-guides/troubleshooting-agent-issues"
+            "https://community.absolute.com/s/article/Understanding-Absolutes-Endpoint-Agents-Rpcnet-CTES-and-search-namequery-com"
         ],
         "Acknowledgement": []
     },
     {
-        "Name": "Microsoft Quick Assist",
-        "Description": "Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "Air Live Drive",
+        "Description": "Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/9/2024",
+        "LastModified": "",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -17301,44 +17314,32 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "quickassist.exe"
+                "C:\\Program Files\\AirLiveDrive\\*",
+                "*\\AirLiveDrive\\*",
+                "*\\AirLiveDrive.exe"
             ]
         },
         "Artifacts": {
             "Disk": [],
             "EventLog": [],
             "Registry": [],
-            "Network": [
-                {
-                    "Description": "Known remote domains",
-                    "Domains": [
-                        "user_managed"
-                    ],
-                    "Ports": []
-                }
-            ]
+            "Network": []
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_network_sigma.yml",
-                "Description": "Detects potential network activity of Microsoft Quick Assist RMM tool"
-            },
-            {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_processes_sigma.yml",
-                "Description": "Detects potential processes activity of Microsoft Quick Assist RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_live_drive_processes_sigma.yml",
+                "Description": "Detects potential processes activity of Air Live Drive RMM tool"
             }
         ],
-        "References": [
-            "https://support.microsoft.com/en-us/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca"
-        ],
+        "References": [],
         "Acknowledgement": []
     },
     {
-        "Name": "Manage Engine (Desktop Central)",
-        "Description": "Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
+        "Name": "ESET Remote Administrator",
+        "Description": "ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.",
         "Author": "",
         "Created": "",
-        "LastModified": "2/8/2024",
+        "LastModified": "2/7/2024",
         "Details": {
             "Website": "",
             "PEMetadata": {
@@ -17353,8 +17354,11 @@
             "Capabilities": [],
             "Vulnerabilities": [],
             "InstallationPaths": [
-                "dcagentservice.exe",
-                "dcagentregister.exe"
+                "einstaller.exe",
+                "era.exe",
+                "ERAAgent.exe",
+                "ezhelp*.exe",
+                "eratool.exe"
             ]
         },
         "Artifacts": {
@@ -17365,12 +17369,8 @@
                 {
                     "Description": "Known remote domains",
                     "Domains": [
-                        "desktopcentral.manageengine.com",
-                        "desktopcentral.manageengine.com.eu",
-                        "desktopcentral.manageengine.cn",
-                        "*.dms.zoho.com",
-                        "*.dms.zoho.com.eu",
-                        "*.-dms.zoho.com.cn"
+                        "user_managed",
+                        "eset.com/me/business/remote-management/remote-administrator/"
                     ],
                     "Ports": []
                 }
@@ -17378,16 +17378,16 @@
         },
         "Detections": [
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__network_sigma.yml",
-                "Description": "Detects potential network activity of Manage Engine (Desktop Central) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_network_sigma.yml",
+                "Description": "Detects potential network activity of ESET Remote Administrator RMM tool"
             },
             {
-                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__processes_sigma.yml",
-                "Description": "Detects potential processes activity of Manage Engine (Desktop Central) RMM tool"
+                "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_processes_sigma.yml",
+                "Description": "Detects potential processes activity of ESET Remote Administrator RMM tool"
             }
         ],
         "References": [
-            "https://www.manageengine.com/products/desktop-central/help/domains-required-for-agent-communication.html"
+            "eset.com/me/business/remote-management/remote-administrator/"
         ],
         "Acknowledgement": []
     }
diff --git a/website/public/rmm_tools_table.csv b/website/public/rmm_tools_table.csv
index f2f184ae..784c623d 100644
--- a/website/public/rmm_tools_table.csv
+++ b/website/public/rmm_tools_table.csv
@@ -1,329 +1,329 @@
 Name,Category,Description,Author
+[Domotz](/rmm_tools/domotz),,Domotz is a remote monitoring and management (RMM) tool. More information will be added as it become...,
 [LabTeach (Connectwise Automate)](/rmm_tools/labteach__connectwise_automate_),,LabTeach (Connectwise Automate) is a remote monitoring and management (RMM) tool. More information w...,
-[Zabbix Agent](/rmm_tools/zabbix_agent),,Zabbix Agent is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Senso.cloud](/rmm_tools/senso.cloud),,Senso.cloud is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[I'm InTouch](/rmm_tools/i'm_intouch),,I'm InTouch is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[RustDesk](/rmm_tools/rustdesk),,RustDesk is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Electric AI (Kaseya)](/rmm_tools/electric_ai__kaseya_),,Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More information will be adde...,
-[ZOC](/rmm_tools/zoc),,ZOC is a remote monitoring and management (RMM) tool. More information will be added as it becomes a...,
-[Any Support](/rmm_tools/any_support),,Any Support is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[PDQ Connect](/rmm_tools/pdq_connect),,PDQ Connect is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[Pcnow](/rmm_tools/pcnow),,Pcnow is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[Quick Assist](/rmm_tools/quick_assist),,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Seetrol](/rmm_tools/seetrol),,Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[CarotDAV](/rmm_tools/carotdav),,CarotDAV is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Goverlan](/rmm_tools/goverlan),,Goverlan is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[OptiTune](/rmm_tools/optitune),,OptiTune is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[EMCO Remote Console](/rmm_tools/emco_remote_console),,EMCO Remote Console is a remote monitoring and management (RMM) tool. More information will be added...,
-[N-Able Advanced Monitoring Agent](/rmm_tools/n-able_advanced_monitoring_agent),,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information ...,
-[Tailscale](/rmm_tools/tailscale),,Tailscale is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Pilixo](/rmm_tools/pilixo),,Pilixo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Remote Desktop Manager (Devolutions)](/rmm_tools/remote_desktop_manager__devolutions_),,Remote Desktop Manager (Devolutions) is a remote monitoring and management (RMM) tool. More informat...,
-[BeyondTrust (Bomgar)](/rmm_tools/beyondtrust__bomgar_),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be adde...,
-[Alpemix](/rmm_tools/alpemix),,Alpemix is a remote monitoring and management (RMM) tool. More information will be added as it becom...,Nasreddine Bencherchali
-[CloudBerry Explorer](/rmm_tools/cloudberry_explorer),,CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added...,
-[Auvik](/rmm_tools/auvik),,Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[Microsoft RDP](/rmm_tools/microsoft_rdp),,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it...,
-[Microsoft OneDrive](/rmm_tools/microsoft_onedrive),,Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added ...,
-[Tactical RMM](/rmm_tools/tactical_rmm),,Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[MioNet (WD Anywhere Access)](/rmm_tools/mionet__wd_anywhere_access_),,MioNet (WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will ...,
-[Comodo RMM](/rmm_tools/comodo_rmm),,Comodo RMM is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Pocket Controller](/rmm_tools/pocket_controller),,Pocket Controller is a remote monitoring and management (RMM) tool. More information will be added a...,
-[NordLocker](/rmm_tools/nordlocker),,NordLocker is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[ExpanDrive](/rmm_tools/expandrive),,ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[OCS inventory](/rmm_tools/ocs_inventory),,OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it...,
-[GotoHTTP](/rmm_tools/gotohttp),,GotoHTTP is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[CloudXplorer](/rmm_tools/cloudxplorer),,CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Terminals](/rmm_tools/terminals),,Terminals is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[ServerEye](/rmm_tools/servereye),,ServerEye is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
 [RPort](/rmm_tools/rport),,RPort is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[CentraStage (Now Datto)](/rmm_tools/centrastage__now_datto_),,CentraStage (Now Datto) is a remote monitoring and management (RMM) tool. More information will be a...,
-[Instant Housecall](/rmm_tools/instant_housecall),,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added a...,
-[CruzControl](/rmm_tools/cruzcontrol),,CruzControl is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[Mikogo](/rmm_tools/mikogo),,Mikogo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[mRemoteNG](/rmm_tools/mremoteng),,mRemoteNG is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[LabTech RMM (Now ConnectWise Automate)](/rmm_tools/labtech_rmm__now_connectwise_automate_),,LabTech RMM (Now ConnectWise Automate) is a remote monitoring and management (RMM) tool. More inform...,
-[ScreenMeet](/rmm_tools/screenmeet),,ScreenMeet is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[RES Automation Manager](/rmm_tools/res_automation_manager),,RES Automation Manager is a remote monitoring and management (RMM) tool. More information will be ad...,
-[Anyplace Control](/rmm_tools/anyplace_control),,Anyplace Control is a remote monitoring and management (RMM) tool. More information will be added as...,
-[Dropbox](/rmm_tools/dropbox),,Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[TightVNC](/rmm_tools/tightvnc),,TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[LiteManager](/rmm_tools/litemanager),,LiteManager is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Azure Storage Explorer](/rmm_tools/azure_storage_explorer),,Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be ad...,
+[PSEXEC (Clone)](/rmm_tools/psexec__clone_),,PSEXEC (Clone) is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[NoMachine](/rmm_tools/nomachine),,NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Microsoft OneDrive](/rmm_tools/microsoft_onedrive),,Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added ...,
+[Xeox](/rmm_tools/xeox),,Xeox is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
+[Netop](/rmm_tools/netop),,Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[KHelpDesk](/rmm_tools/khelpdesk),,KHelpDesk is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
 [Box](/rmm_tools/box),,Box is a remote monitoring and management (RMM) tool. More information will be added as it becomes a...,
-[Sophos-Remote Management System](/rmm_tools/sophos-remote_management_system),,Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information w...,
-[ManageEngine](/rmm_tools/manageengine),,ManageEngine is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Cloud Explorer](/rmm_tools/cloud_explorer),,Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as i...,
-[Splashtop Remote](/rmm_tools/splashtop_remote),,Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as...,
-[Dameware-mini remote control Protocol](/rmm_tools/dameware-mini_remote_control_protocol),,Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More informa...,
-[rdp2tcp](/rmm_tools/rdp2tcp),,rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[FleetDesk.io](/rmm_tools/fleetdesk.io),,FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Jump Cloud](/rmm_tools/jump_cloud),,Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[RuDesktop](/rmm_tools/rudesktop),,RuDesktop is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Bomgar - Now BeyondTrust](/rmm_tools/bomgar_-_now_beyondtrust),,Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be ...,
+[Apple Remote Desktop](/rmm_tools/apple_remote_desktop),,Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be adde...,
+[Royal Server](/rmm_tools/royal_server),,Royal Server is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[FleetDeck.io](/rmm_tools/fleetdeck.io),,FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[rsync](/rmm_tools/rsync),,rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[ISL Online](/rmm_tools/isl_online),,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[NTR Remote](/rmm_tools/ntr_remote),,NTR Remote is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[MeshCentral](/rmm_tools/meshcentral),,MeshCentral is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[JollysFastVNC](/rmm_tools/jollysfastvnc),,JollysFastVNC is a remote monitoring and management (RMM) tool. More information will be added as it...,
+[PuTTY Tray](/rmm_tools/putty_tray),,PuTTY Tray is a remote monitoring and management (RMM) tool. More information will be added as it be...,
 [LogMeIn](/rmm_tools/logmein),,LogMeIn is a remote monitoring and management (RMM) tool. More information will be added as it becom...,Nasreddine Bencherchali
-[SmartFTP](/rmm_tools/smartftp),,SmartFTP is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[NetSupport Manager](/rmm_tools/netsupport_manager),,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added ...,
+[Electric](/rmm_tools/electric),,Electric is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[CruzControl](/rmm_tools/cruzcontrol),,CruzControl is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Netreo](/rmm_tools/netreo),,Netreo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[DW Service](/rmm_tools/dw_service),,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Remote.it](/rmm_tools/remote.it),,Remote.it is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[FileZilla](/rmm_tools/filezilla),,FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[DeskNets](/rmm_tools/desknets),,DeskNets is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[MEGAsync](/rmm_tools/megasync),,MEGAsync is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Bitvise SSH Client](/rmm_tools/bitvise_ssh_client),,Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added ...,
+[Netop Remote Control (Impero Connect)](/rmm_tools/netop_remote_control__impero_connect_),,Netop Remote Control (Impero Connect) is a remote monitoring and management (RMM) tool. More informa...,
+[RemotePass](/rmm_tools/remotepass),,RemotePass is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Addigy](/rmm_tools/addigy),,Addigy is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[Syncro](/rmm_tools/syncro),,Syncro is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[IntelliAdmin Remote Control](/rmm_tools/intelliadmin_remote_control),,IntelliAdmin Remote Control is a remote monitoring and management (RMM) tool. More information will ...,
+[Tanium Deploy](/rmm_tools/tanium_deploy),,Tanium Deploy is a remote monitoring and management (RMM) tool. More information will be added as it...,
+[AweRay](/rmm_tools/aweray),,AweRay is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[UltraVNC](/rmm_tools/ultravnc),,UltraVNC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Site24x7](/rmm_tools/site24x7),,Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Kaseya (VSA)](/rmm_tools/kaseya__vsa_),,Kaseya (VSA) aka Unigma is a remote monitoring and management (RMM) tool. More information will be a...,Nasreddine Bencherchali
+[Cloud Turtle](/rmm_tools/cloud_turtle),,Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[Pulseway](/rmm_tools/pulseway),,Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Dropbox](/rmm_tools/dropbox),,Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[Mikogo](/rmm_tools/mikogo),,Mikogo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[Action1](/rmm_tools/action1),,Action1 is a powerful Remote Monitoring and Management(RMM) tool that enables users to execute comma...,@kostastsale
+[KiTTY](/rmm_tools/kitty),,KiTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[PDQ Connect](/rmm_tools/pdq_connect),,PDQ Connect is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Ericom Connect](/rmm_tools/ericom_connect),,Ericom Connect is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[PSEXEC](/rmm_tools/psexec),,PSEXEC is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[FreeRDP](/rmm_tools/freerdp),,FreeRDP is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[AliWangWang-remote-control](/rmm_tools/aliwangwang-remote-control),,AliWangWang-remote-control is a remote monitoring and management (RMM) tool. More information will b...,
+[GotoHTTP](/rmm_tools/gotohttp),,GotoHTTP is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[TeleDesktop](/rmm_tools/teledesktop),,TeleDesktop is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Remote Utilities](/rmm_tools/remote_utilities),,Remote Utilities is a remote monitoring and management (RMM) tool. More information will be added as...,
+[MSP360](/rmm_tools/msp360),,MSP360 is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[Xshell](/rmm_tools/xshell),,Xshell is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[RAdmin](/rmm_tools/radmin),,RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it become...,Nasreddine Bencherchali
+[NateOn-desktop sharing](/rmm_tools/nateon-desktop_sharing),,NateOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be ad...,
+[Splashtop (Beta)](/rmm_tools/splashtop__beta_),,Splashtop (Beta) is a remote monitoring and management (RMM) tool. More information will be added as...,
+[ezHelp](/rmm_tools/ezhelp),,ezHelp is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[BeyondTrust (Bomgar)](/rmm_tools/beyondtrust__bomgar_),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be adde...,
+[ShowMyPC](/rmm_tools/showmypc),,ShowMyPC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Distant Desktop](/rmm_tools/distant_desktop),,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as ...,
+[AweRay (AweSun)](/rmm_tools/aweray__awesun_),,AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as ...,
+[HelpU](/rmm_tools/helpu),,HelpU is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[Solar-PuTTY](/rmm_tools/solar-putty),,Solar-PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[DesktopNow](/rmm_tools/desktopnow),,DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Bitvise SSH Server](/rmm_tools/bitvise_ssh_server),,Bitvise SSH Server is a remote monitoring and management (RMM) tool. More information will be added ...,
+[TigerVNC](/rmm_tools/tigervnc),,TigerVNC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[NinjaOne (formerly NinjaRMM)](/rmm_tools/ninjaone__formerly_ninjarmm_),,NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will...,
+[Chrome SSH Extension](/rmm_tools/chrome_ssh_extension),,Chrome SSH Extension is a remote monitoring and management (RMM) tool. More information will be adde...,
+[Remote Desktop Plus](/rmm_tools/remote_desktop_plus),,Remote Desktop Plus is a remote monitoring and management (RMM) tool. More information will be added...,
+[Microsoft TSC](/rmm_tools/microsoft_tsc),,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it...,
+[Instant Housecall](/rmm_tools/instant_housecall),,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added a...,
+[NordLocker](/rmm_tools/nordlocker),,NordLocker is a remote monitoring and management (RMM) tool. More information will be added as it be...,
 [Pocket Cloud (Wyse)](/rmm_tools/pocket_cloud__wyse_),,Pocket Cloud (Wyse) is a remote monitoring and management (RMM) tool. More information will be added...,
-[Guacamole](/rmm_tools/guacamole),,Guacamole is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Cloudsfer](/rmm_tools/cloudsfer),,Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[LANDesk](/rmm_tools/landesk),,LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[Cruz](/rmm_tools/cruz),,Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
-[pcAnywhere](/rmm_tools/pcanywhere),,pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[mstsc](/rmm_tools/mstsc),,mstsc is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[FreeNX](/rmm_tools/freenx),,FreeNX is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[PSEXEC (Clone)](/rmm_tools/psexec__clone_),,PSEXEC (Clone) is a remote monitoring and management (RMM) tool. More information will be added as i...,
-[SpyAnywhere](/rmm_tools/spyanywhere),,SpyAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[ODrive](/rmm_tools/odrive),,ODrive is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[MultCloud](/rmm_tools/multcloud),,MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Visual Studio Dev Tunnel](/rmm_tools/visual_studio_dev_tunnel),,Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be ...,
-[Xpra](/rmm_tools/xpra),,Xpra is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
-[Royal Apps](/rmm_tools/royal_apps),,Royal Apps is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[eHorus](/rmm_tools/ehorus),,eHorus is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Bomgar](/rmm_tools/bomgar),,Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[SuperPuTTY](/rmm_tools/superputty),,SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[ZeroTier](/rmm_tools/zerotier),,ZeroTier is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Devolutions Remote Desktop Manager](/rmm_tools/devolutions_remote_desktop_manager),,Devolutions Remote Desktop Manager is a remote monitoring and management (RMM) tool. More informatio...,
+[Mocha VNC Lite](/rmm_tools/mocha_vnc_lite),,Mocha VNC Lite is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[FleetDeck](/rmm_tools/fleetdeck),,FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[NetSupport Manager](/rmm_tools/netsupport_manager),,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added ...,
+[S3 Browser](/rmm_tools/s3_browser),,S3 Browser is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[WebRDP](/rmm_tools/webrdp),,WebRDP is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[Syncthing](/rmm_tools/syncthing),,Syncthing is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[DeskDay](/rmm_tools/deskday),,DeskDay is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[Supremo](/rmm_tools/supremo),,Supremo is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[Syspectr](/rmm_tools/syspectr),,Syspectr is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[CloudExplorer](/rmm_tools/cloudexplorer),,CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it...,
+[Laplink Gold](/rmm_tools/laplink_gold),,Laplink Gold is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[CloudXplorer](/rmm_tools/cloudxplorer),,CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it ...,
 [BeAnyWhere](/rmm_tools/beanywhere),,BeAnyWhere is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Quest KACE Agent (formerly Dell KACE)](/rmm_tools/quest_kace_agent__formerly_dell_kace_),,Quest KACE Agent (formerly Dell KACE) is a remote monitoring and management (RMM) tool. More informa...,
+[RuDesktop](/rmm_tools/rudesktop),,RuDesktop is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
 [WebEx (Remote Access)](/rmm_tools/webex__remote_access_),,WebEx (Remote Access) is a remote monitoring and management (RMM) tool. More information will be add...,
-[AnyDesk](/rmm_tools/anydesk),RMM,AnyDesk is a popular remote desktop software that enables users to access and control a computer or ...,"Ali Alwashali, Nasreddine Bencherchali"
-[Free Ping Tool](/rmm_tools/free_ping_tool),,Free Ping Tool is a remote monitoring and management (RMM) tool. More information will be added as i...,
-[S3 Browser](/rmm_tools/s3_browser),,S3 Browser is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Azure Storage Explorer](/rmm_tools/azure_storage_explorer),,Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be ad...,
-[NinjaOne (formerly NinjaRMM)](/rmm_tools/ninjaone__formerly_ninjarmm_),,NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will...,
-[Adobe Connect](/rmm_tools/adobe_connect),,Adobe Connect is a remote monitoring and management (RMM) tool. More information will be added as it...,
-[CloudHQ](/rmm_tools/cloudhq),,CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[Raidrive](/rmm_tools/raidrive),,Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[RemotePC](/rmm_tools/remotepc),,RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[LogMeIn rescue](/rmm_tools/logmein_rescue),,LogMeIn rescue is a remote monitoring and management (RMM) tool. More information will be added as i...,
-[UltraViewer](/rmm_tools/ultraviewer),,UltraViewer is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[aria2](/rmm_tools/aria2),,aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[Pandora RC (eHorus)](/rmm_tools/pandora_rc__ehorus_),,Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added...,
-[IntelliAdmin Remote Control](/rmm_tools/intelliadmin_remote_control),,IntelliAdmin Remote Control is a remote monitoring and management (RMM) tool. More information will ...,
-[MEGAsync](/rmm_tools/megasync),,MEGAsync is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Encapto](/rmm_tools/encapto),,Encapto is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[ShowMyPC](/rmm_tools/showmypc),,ShowMyPC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Lite Manager](/rmm_tools/lite_manager),,Lite Manager is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Netop Remote Control (aka Impero Connect)](/rmm_tools/netop_remote_control__aka_impero_connect_),,Netop Remote Control (aka Impero Connect) is a remote monitoring and management (RMM) tool. More inf...,
-[GoToAssist](/rmm_tools/gotoassist),,GoToAssist is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Ericom Connect](/rmm_tools/ericom_connect),,Ericom Connect is a remote monitoring and management (RMM) tool. More information will be added as i...,
-[TeamViewer](/rmm_tools/teamviewer),,"TeamViewer is a remote monitoring and management (RMM) tool.
-...","Nasreddine Bencherchali, Michael Haag"
-[Access Remote PC](/rmm_tools/access_remote_pc),,Access Remote PC is a remote monitoring and management (RMM) tool. More information will be added as...,
-[DW Service](/rmm_tools/dw_service),,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[SecureCRT](/rmm_tools/securecrt),,SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Acronic Cyber Protect (Remotix)](/rmm_tools/acronic_cyber_protect__remotix_),,Acronic Cyber Protect (Remotix) is a remote monitoring and management (RMM) tool. More information w...,
-[Sorillus](/rmm_tools/sorillus),,Sorillus is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[RemoteView](/rmm_tools/remoteview),,RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Tanium](/rmm_tools/tanium),,Tanium is a remote monitoring and management (RMM) tool. More information will be added as it become...,
 [Barracuda](/rmm_tools/barracuda),,Barracuda is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[DeskDay](/rmm_tools/deskday),,DeskDay is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[RemoteCall](/rmm_tools/remotecall),,RemoteCall is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Splashtop](/rmm_tools/splashtop),,Splashtop is a remote monitoring and management (RMM) tool. More information will be added as it bec...,Nasreddine Bencherchali
-[ManageEngine RMM Central](/rmm_tools/manageengine_rmm_central),,ManageEngine RMM Central is a remote monitoring and management (RMM) tool. More information will be ...,
-[AeroAdmin](/rmm_tools/aeroadmin),,AeroAdmin is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Microsoft TSC](/rmm_tools/microsoft_tsc),,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it...,
-[AweRay (AweSun)](/rmm_tools/aweray__awesun_),,AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as ...,
-[NoMachine](/rmm_tools/nomachine),,NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[UltraVNC](/rmm_tools/ultravnc),,UltraVNC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[I'm InTouch](/rmm_tools/i'm_intouch),,I'm InTouch is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Impero Connect](/rmm_tools/impero_connect),,Impero Connect is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[Remmina](/rmm_tools/remmina),,Remmina is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
 [TeraCLOUD](/rmm_tools/teracloud),,TeraCLOUD is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Instant Housecall](/rmm_tools/instant_housecall),,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added a...,
-[NinjaRMM](/rmm_tools/ninjarmm),,NinjaRMM is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[ngrok](/rmm_tools/ngrok),,ngrok is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[Air Explorer](/rmm_tools/air_explorer),,Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Bitvise SSH Client](/rmm_tools/bitvise_ssh_client),,Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added ...,
+[Tactical RMM](/rmm_tools/tactical_rmm),,Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[FixMe](/rmm_tools/fixme),,FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[ConnectWise Control](/rmm_tools/connectwise_control),,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added...,
+[ScreenMeet](/rmm_tools/screenmeet),,ScreenMeet is a remote monitoring and management (RMM) tool. More information will be added as it be...,
 [Chicken (of the VNC)](/rmm_tools/chicken__of_the_vnc_),,Chicken (of the VNC) is a remote monitoring and management (RMM) tool. More information will be adde...,
-[SkyFex](/rmm_tools/skyfex),,SkyFex is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Ericom AccessNow](/rmm_tools/ericom_accessnow),,Ericom AccessNow is a remote monitoring and management (RMM) tool. More information will be added as...,
-[Microsoft RDP](/rmm_tools/microsoft_rdp),,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it...,
-[Royal Server](/rmm_tools/royal_server),,Royal Server is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Solar-PuTTY](/rmm_tools/solar-putty),,Solar-PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[Duplicati](/rmm_tools/duplicati),,Duplicati is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Remote Desktop Plus](/rmm_tools/remote_desktop_plus),,Remote Desktop Plus is a remote monitoring and management (RMM) tool. More information will be added...,
+[Dev Tunnels (aka Visual Studio Dev Tunnel)](/rmm_tools/dev_tunnels__aka_visual_studio_dev_tunnel_),,Dev Tunnels (aka Visual Studio Dev Tunnel) is a remote monitoring and management (RMM) tool. More in...,
+[Comodo RMM](/rmm_tools/comodo_rmm),,Comodo RMM is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[CloudFuze](/rmm_tools/cloudfuze),,CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Acronic Cyber Protect (Remotix)](/rmm_tools/acronic_cyber_protect__remotix_),,Acronic Cyber Protect (Remotix) is a remote monitoring and management (RMM) tool. More information w...,
+[Remote Manipulator System](/rmm_tools/remote_manipulator_system),,Remote Manipulator System is a remote monitoring and management (RMM) tool. More information will be...,
+[Tailscale](/rmm_tools/tailscale),,Tailscale is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[MyIVO](/rmm_tools/myivo),,MyIVO is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[Adobe Connect](/rmm_tools/adobe_connect),,Adobe Connect is a remote monitoring and management (RMM) tool. More information will be added as it...,
+[Air Explorer](/rmm_tools/air_explorer),,Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[EMCO Remote Console](/rmm_tools/emco_remote_console),,EMCO Remote Console is a remote monitoring and management (RMM) tool. More information will be added...,
+[MobaXterm](/rmm_tools/mobaxterm),,MobaXterm is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Cyberduck](/rmm_tools/cyberduck),,Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[SunLogin](/rmm_tools/sunlogin),,SunLogin is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Microsoft TSC](/rmm_tools/microsoft_tsc),,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it...,
+[Sophos-Remote Management System](/rmm_tools/sophos-remote_management_system),,Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information w...,
+[CloudFlare Tunnel](/rmm_tools/cloudflare_tunnel),,CloudFlare Tunnel is a remote monitoring and management (RMM) tool. More information will be added a...,
+[Iperius Remote](/rmm_tools/iperius_remote),,Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[SmartFTP](/rmm_tools/smartftp),,SmartFTP is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Manage Engine (Desktop Central)](/rmm_tools/manage_engine__desktop_central_),,Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool. More information w...,
+[VNC Connect](/rmm_tools/vnc_connect),,VNC Connect is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Pocket Controller (Soti Xsight)](/rmm_tools/pocket_controller__soti_xsight_),,Pocket Controller (Soti Xsight) is a remote monitoring and management (RMM) tool. More information w...,
+[CloudGopher](/rmm_tools/cloudgopher),,CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[mRemoteNG](/rmm_tools/mremoteng),,mRemoteNG is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Senso.cloud](/rmm_tools/senso.cloud),,Senso.cloud is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Dameware-mini remote control Protocol](/rmm_tools/dameware-mini_remote_control_protocol),,Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More informa...,
+[ScreenConnect](/rmm_tools/screenconnect),,ScreenConnect is a remote monitoring and management (RMM) tool. More information will be added as it...,"Ali Alwashali, Nasreddine Bencherchali"
+[AeroAdmin](/rmm_tools/aeroadmin),,AeroAdmin is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Desktop Central](/rmm_tools/desktop_central),,Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as ...,
+[Pilixo](/rmm_tools/pilixo),,Pilixo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[SuperOps](/rmm_tools/superops),,SuperOps is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Yandex.Disk](/rmm_tools/yandex.disk),,Yandex.Disk is a remote monitoring and management (RMM) tool. More information will be added as it b...,
 [ITSupport247 (ConnectWise)](/rmm_tools/itsupport247__connectwise_),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will b...,
-[GoodSync](/rmm_tools/goodsync),,GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[DesktopNow](/rmm_tools/desktopnow),,DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Remmina](/rmm_tools/remmina),,Remmina is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[CloudMounter](/rmm_tools/cloudmounter),,CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Distant Desktop](/rmm_tools/distant_desktop),,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as ...,
-[DameWare](/rmm_tools/dameware),,DameWare is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Level](/rmm_tools/level),,Level is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[Insync](/rmm_tools/insync),,Insync is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Bomgar - Now BeyondTrust](/rmm_tools/bomgar_-_now_beyondtrust),,Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be ...,
-[ISL Online](/rmm_tools/isl_online),,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Remote.it](/rmm_tools/remote.it),,Remote.it is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Core FTP](/rmm_tools/core_ftp),,Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Netreo](/rmm_tools/netreo),,Netreo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[CuteFTP](/rmm_tools/cuteftp),,CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[CloudBuckIt](/rmm_tools/cloudbuckit),,CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[NoteOn-desktop sharing](/rmm_tools/noteon-desktop_sharing),,NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be ad...,
-[Royal TS](/rmm_tools/royal_ts),,Royal TS is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[DeskNets](/rmm_tools/desknets),,DeskNets is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[QQ IM-remote assistance](/rmm_tools/qq_im-remote_assistance),,QQ IM-remote assistance is a remote monitoring and management (RMM) tool. More information will be a...,
-[PuTTY Tray](/rmm_tools/putty_tray),,PuTTY Tray is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[FileZilla](/rmm_tools/filezilla),,FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[XRDP](/rmm_tools/xrdp),,XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
-[FastViewer](/rmm_tools/fastviewer),,FastViewer is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Jump Desktop](/rmm_tools/jump_desktop),,Jump Desktop is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[pCloud](/rmm_tools/pcloud),,pCloud is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Ivanti Remote Control](/rmm_tools/ivanti_remote_control),,Ivanti Remote Control is a remote monitoring and management (RMM) tool. More information will be add...,
-[BeInSync](/rmm_tools/beinsync),,BeInSync is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[NateOn-desktop sharing](/rmm_tools/nateon-desktop_sharing),,NateOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be ad...,
-[Xeox](/rmm_tools/xeox),,Xeox is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
 [WinSCP](/rmm_tools/winscp),,WinSCP is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Desktop Central](/rmm_tools/desktop_central),,Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as ...,
-[DW Service](/rmm_tools/dw_service),,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[NTR Remote](/rmm_tools/ntr_remote),,NTR Remote is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[aws-cli](/rmm_tools/aws-cli),,aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[TurboMeeting](/rmm_tools/turbomeeting),,TurboMeeting is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[RemoteUtilities](/rmm_tools/remoteutilities),,RemoteUtilities is a remote monitoring and management (RMM) tool. More information will be added as ...,
+[Zabbix Agent](/rmm_tools/zabbix_agent),,Zabbix Agent is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[Splashtop](/rmm_tools/splashtop),,Splashtop is a remote monitoring and management (RMM) tool. More information will be added as it bec...,Nasreddine Bencherchali
+[eHorus](/rmm_tools/ehorus),,eHorus is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[CloudHQ](/rmm_tools/cloudhq),,CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
 [BeyondTrust (Bomgar)](/rmm_tools/beyondtrust__bomgar_),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be adde...,
-[Pulseway](/rmm_tools/pulseway),,Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Panorama9](/rmm_tools/panorama9),,Panorama9 is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[OCS inventory](/rmm_tools/ocs_inventory),,OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it...,
+[CentraStage (Now Datto)](/rmm_tools/centrastage__now_datto_),,CentraStage (Now Datto) is a remote monitoring and management (RMM) tool. More information will be a...,
+[XRDP](/rmm_tools/xrdp),,XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
+[FleetDesk.io](/rmm_tools/fleetdesk.io),,FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it ...,
 [Atera](/rmm_tools/atera),,Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransom...,
-[JollysFastVNC](/rmm_tools/jollysfastvnc),,JollysFastVNC is a remote monitoring and management (RMM) tool. More information will be added as it...,
-[RunSmart](/rmm_tools/runsmart),,RunSmart is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Chrome Remote Desktop](/rmm_tools/chrome_remote_desktop),,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be add...,
+[CuteFTP](/rmm_tools/cuteftp),,CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[SuperPuTTY](/rmm_tools/superputty),,SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[NoteOn-desktop sharing](/rmm_tools/noteon-desktop_sharing),,NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be ad...,
+[X2Go](/rmm_tools/x2go),,X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
+[Cruz](/rmm_tools/cruz),,Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
+[GoToAssist](/rmm_tools/gotoassist),,GoToAssist is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Lite Manager](/rmm_tools/lite_manager),,Lite Manager is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[DameWare](/rmm_tools/dameware),,DameWare is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Total Software Deployment](/rmm_tools/total_software_deployment),,Total Software Deployment is a remote monitoring and management (RMM) tool. More information will be...,
+[Laplink Everywhere](/rmm_tools/laplink_everywhere),,Laplink Everywhere is a remote monitoring and management (RMM) tool. More information will be added ...,
+[FreeNX](/rmm_tools/freenx),,FreeNX is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[SkyFex](/rmm_tools/skyfex),,SkyFex is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[AnyDesk](/rmm_tools/anydesk),RMM,AnyDesk is a popular remote desktop software that enables users to access and control a computer or ...,"Ali Alwashali, Nasreddine Bencherchali"
+[ManageEngine RMM Central](/rmm_tools/manageengine_rmm_central),,ManageEngine RMM Central is a remote monitoring and management (RMM) tool. More information will be ...,
+[Ocamlfuse](/rmm_tools/ocamlfuse),,Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Koofr](/rmm_tools/koofr),,Koofr is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[Insync](/rmm_tools/insync),,Insync is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[Neturo](/rmm_tools/neturo),,Neturo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[Naverisk](/rmm_tools/naverisk),,Naverisk is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[ISL Light](/rmm_tools/isl_light),,ISL Light is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Pocket Controller](/rmm_tools/pocket_controller),,Pocket Controller is a remote monitoring and management (RMM) tool. More information will be added a...,
+[Encapto](/rmm_tools/encapto),,Encapto is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[BeyondTrust](/rmm_tools/beyondtrust),,BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Amazon (Cloud) Drive](/rmm_tools/amazon__cloud__drive),,Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be adde...,
+[N-ABLE Remote Access Software](/rmm_tools/n-able_remote_access_software),,N-ABLE Remote Access Software is a remote monitoring and management (RMM) tool. More information wil...,
+[Guacamole](/rmm_tools/guacamole),,Guacamole is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Microsoft RDP](/rmm_tools/microsoft_rdp),,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it...,
+[Royal Apps](/rmm_tools/royal_apps),,Royal Apps is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Proton Drive](/rmm_tools/proton_drive),,Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[ConnectWise](/rmm_tools/connectwise),,ConnectWise is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[RustDesk](/rmm_tools/rustdesk),,RustDesk is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[RealVNC](/rmm_tools/realvnc),,RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[GoToAssist Agent Desktop Console](/rmm_tools/gotoassist_agent_desktop_console),,GoToAssist Agent Desktop Console is a remote monitoring and management (RMM) tool. More information ...,
+[RES Automation Manager](/rmm_tools/res_automation_manager),,RES Automation Manager is a remote monitoring and management (RMM) tool. More information will be ad...,
+[Zoho Assist](/rmm_tools/zoho_assist),,Zoho Assist is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Weezo](/rmm_tools/weezo),,Weezo is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[Microsoft RDP](/rmm_tools/microsoft_rdp),,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it...,
+[NinjaRMM](/rmm_tools/ninjarmm),,NinjaRMM is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[FixMe.it](/rmm_tools/fixme.it),,FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[pCloud](/rmm_tools/pcloud),,pCloud is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[Ivanti Remote Control](/rmm_tools/ivanti_remote_control),,Ivanti Remote Control is a remote monitoring and management (RMM) tool. More information will be add...,
+[rdpwrap](/rmm_tools/rdpwrap),,rdpwrap is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[LabTech RMM (Now ConnectWise Automate)](/rmm_tools/labtech_rmm__now_connectwise_automate_),,LabTech RMM (Now ConnectWise Automate) is a remote monitoring and management (RMM) tool. More inform...,
+[Connectwise Automate (LabTech)](/rmm_tools/connectwise_automate__labtech_),,Connectwise Automate (LabTech) is a remote monitoring and management (RMM) tool. More information wi...,
+[N-Able Advanced Monitoring Agent](/rmm_tools/n-able_advanced_monitoring_agent),,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information ...,
+[Synergy](/rmm_tools/synergy),,Synergy is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[LogMeIn rescue](/rmm_tools/logmein_rescue),,LogMeIn rescue is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[VNC](/rmm_tools/vnc),,VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes a...,
+[pcAnywhere](/rmm_tools/pcanywhere),,pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Access Remote PC](/rmm_tools/access_remote_pc),,Access Remote PC is a remote monitoring and management (RMM) tool. More information will be added as...,
+[GatherPlace-desktop sharing](/rmm_tools/gatherplace-desktop_sharing),,GatherPlace-desktop sharing is a remote monitoring and management (RMM) tool. More information will ...,
+[ODrive](/rmm_tools/odrive),,ODrive is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[Remote Desktop Manager (Devolutions)](/rmm_tools/remote_desktop_manager__devolutions_),,Remote Desktop Manager (Devolutions) is a remote monitoring and management (RMM) tool. More informat...,
+[RDPView](/rmm_tools/rdpview),,RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[DragonDisk](/rmm_tools/dragondisk),,DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Seetrol](/rmm_tools/seetrol),,Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
 [Netviewer (GoToMeet)](/rmm_tools/netviewer__gotomeet_),,Netviewer (GoToMeet) is a remote monitoring and management (RMM) tool. More information will be adde...,
+[CarotDAV](/rmm_tools/carotdav),,CarotDAV is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Duplicati](/rmm_tools/duplicati),,Duplicati is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Netop Remote Control (aka Impero Connect)](/rmm_tools/netop_remote_control__aka_impero_connect_),,Netop Remote Control (aka Impero Connect) is a remote monitoring and management (RMM) tool. More inf...,
+[Onionshare](/rmm_tools/onionshare),,Onionshare is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[SecureCRT](/rmm_tools/securecrt),,SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[GetScreen](/rmm_tools/getscreen),,GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Pandora RC (eHorus)](/rmm_tools/pandora_rc__ehorus_),,Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added...,
+[Rapid7](/rmm_tools/rapid7),,Rapid7 is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[aws-cli](/rmm_tools/aws-cli),,aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[Electric AI (Kaseya)](/rmm_tools/electric_ai__kaseya_),,Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More information will be adde...,
+[Basecamp](/rmm_tools/basecamp),,Basecamp is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Ultra VNC](/rmm_tools/ultra_vnc),,Ultra VNC is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[BeamYourScreen](/rmm_tools/beamyourscreen),,BeamYourScreen is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[Quick Assist](/rmm_tools/quick_assist),,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it ...,
 [Netviewer](/rmm_tools/netviewer),,Netviewer is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[ConnectWise Control](/rmm_tools/connectwise_control),,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added...,
-[ExtraPuTTY](/rmm_tools/extraputty),,ExtraPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[FleetDeck](/rmm_tools/fleetdeck),,FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[HelpU](/rmm_tools/helpu),,HelpU is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[ESET Remote Administrator](/rmm_tools/eset_remote_administrator),,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be...,
+[RemoteCall](/rmm_tools/remotecall),,RemoteCall is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[ISL Online](/rmm_tools/isl_online),,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Kabuto](/rmm_tools/kabuto),,Kabuto is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[N-Able Advanced Monitoring Agent](/rmm_tools/n-able_advanced_monitoring_agent),,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information ...,
+[GoTo Opener](/rmm_tools/goto_opener),,GoTo Opener is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Remcos](/rmm_tools/remcos),,Remcos is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[HelpBeam](/rmm_tools/helpbeam),,HelpBeam is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[LiteManager](/rmm_tools/litemanager),,LiteManager is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Alpemix](/rmm_tools/alpemix),,Alpemix is a remote monitoring and management (RMM) tool. More information will be added as it becom...,Nasreddine Bencherchali
+[Xpra](/rmm_tools/xpra),,Xpra is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
+[CloudMounter](/rmm_tools/cloudmounter),,CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[Panorama9](/rmm_tools/panorama9),,Panorama9 is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Any Support](/rmm_tools/any_support),,Any Support is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Remobo](/rmm_tools/remobo),,Remobo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[CloudBerry Explorer](/rmm_tools/cloudberry_explorer),,CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added...,
+[KickIdler](/rmm_tools/kickidler),,KickIdler is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Rocket Remote Desktop](/rmm_tools/rocket_remote_desktop),,Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be add...,
+[DW Service](/rmm_tools/dw_service),,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Terminals](/rmm_tools/terminals),,Terminals is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Core FTP](/rmm_tools/core_ftp),,Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Echoware](/rmm_tools/echoware),,Echoware is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
 [ToDesk](/rmm_tools/todesk),,ToDesk is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Distant Desktop](/rmm_tools/distant_desktop),,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as ...,
-[RAdmin](/rmm_tools/radmin),,RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it become...,Nasreddine Bencherchali
+[aria2](/rmm_tools/aria2),,aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[mstsc](/rmm_tools/mstsc),,mstsc is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[RemotePC](/rmm_tools/remotepc),,RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Raidrive](/rmm_tools/raidrive),,Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[UltraViewer](/rmm_tools/ultraviewer),,UltraViewer is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[ManageEngine](/rmm_tools/manageengine),,ManageEngine is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[Anyplace Control](/rmm_tools/anyplace_control),,Anyplace Control is a remote monitoring and management (RMM) tool. More information will be added as...,
+[Microsoft Quick Assist](/rmm_tools/microsoft_quick_assist),,Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be ad...,
 [CrossLoop](/rmm_tools/crossloop),,CrossLoop is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Centurion](/rmm_tools/centurion),,Centurion is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[KickIdler](/rmm_tools/kickidler),,KickIdler is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Syncro](/rmm_tools/syncro),,Syncro is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[AweRay](/rmm_tools/aweray),,AweRay is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[SunLogin](/rmm_tools/sunlogin),,SunLogin is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Koofr](/rmm_tools/koofr),,Koofr is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[SysAid](/rmm_tools/sysaid),,SysAid is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Neturo](/rmm_tools/neturo),,Neturo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[SmarTTY](/rmm_tools/smartty),,SmarTTY is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[Impero Connect](/rmm_tools/impero_connect),,Impero Connect is a remote monitoring and management (RMM) tool. More information will be added as i...,
 [247ithelp.com (ConnectWise)](/rmm_tools/247ithelp.com__connectwise_),,247ithelp.com (ConnectWise) is a remote monitoring and management (RMM) tool. More information will ...,
-[Remobo](/rmm_tools/remobo),,Remobo is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[CloudFuze](/rmm_tools/cloudfuze),,CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Quick Assist](/rmm_tools/quick_assist),,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[GoodSync](/rmm_tools/goodsync),,GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[FastViewer](/rmm_tools/fastviewer),,FastViewer is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[SmarTTY](/rmm_tools/smartty),,SmarTTY is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[ConnectWise Control](/rmm_tools/connectwise_control),,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added...,
+[CloudBuckIt](/rmm_tools/cloudbuckit),,CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[OptiTune](/rmm_tools/optitune),,OptiTune is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Visual Studio Dev Tunnel](/rmm_tools/visual_studio_dev_tunnel),,Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be ...,
+[Devolutions Remote Desktop Manager](/rmm_tools/devolutions_remote_desktop_manager),,Devolutions Remote Desktop Manager is a remote monitoring and management (RMM) tool. More informatio...,
+[Sorillus](/rmm_tools/sorillus),,Sorillus is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[BeInSync](/rmm_tools/beinsync),,BeInSync is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
 [Free Tools Launcher](/rmm_tools/free_tools_launcher),,Free Tools Launcher is a remote monitoring and management (RMM) tool. More information will be added...,
-[Echoware](/rmm_tools/echoware),,Echoware is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Zoho Assist](/rmm_tools/zoho_assist),,Zoho Assist is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[KiTTY](/rmm_tools/kitty),,KiTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[Proton Drive](/rmm_tools/proton_drive),,Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[SimpleHelp](/rmm_tools/simplehelp),,SimpleHelp is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[CloudFlare Tunnel](/rmm_tools/cloudflare_tunnel),,CloudFlare Tunnel is a remote monitoring and management (RMM) tool. More information will be added a...,
-[GoTo Opener](/rmm_tools/goto_opener),,GoTo Opener is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[Pcvisit](/rmm_tools/pcvisit),,Pcvisit is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[Mocha VNC Lite](/rmm_tools/mocha_vnc_lite),,Mocha VNC Lite is a remote monitoring and management (RMM) tool. More information will be added as i...,
-[Laplink Gold](/rmm_tools/laplink_gold),,Laplink Gold is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Cyberduck](/rmm_tools/cyberduck),,Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Iperius Remote](/rmm_tools/iperius_remote),,Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as i...,
-[BeamYourScreen](/rmm_tools/beamyourscreen),,BeamYourScreen is a remote monitoring and management (RMM) tool. More information will be added as i...,
-[TeleDesktop](/rmm_tools/teledesktop),,TeleDesktop is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[Parallels Access](/rmm_tools/parallels_access),,Parallels Access is a remote monitoring and management (RMM) tool. More information will be added as...,
-[Basecamp](/rmm_tools/basecamp),,Basecamp is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Weezo](/rmm_tools/weezo),,Weezo is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[X2Go](/rmm_tools/x2go),,X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes ...,
+[Centurion](/rmm_tools/centurion),,Centurion is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
 [DriveMaker](/rmm_tools/drivemaker),,DriveMaker is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Dev Tunnels (aka Visual Studio Dev Tunnel)](/rmm_tools/dev_tunnels__aka_visual_studio_dev_tunnel_),,Dev Tunnels (aka Visual Studio Dev Tunnel) is a remote monitoring and management (RMM) tool. More in...,
-[Connectwise Automate (LabTech)](/rmm_tools/connectwise_automate__labtech_),,Connectwise Automate (LabTech) is a remote monitoring and management (RMM) tool. More information wi...,
-[Splashtop (Beta)](/rmm_tools/splashtop__beta_),,Splashtop (Beta) is a remote monitoring and management (RMM) tool. More information will be added as...,
-[Google Drive](/rmm_tools/google_drive),,Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Netop](/rmm_tools/netop),,Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[Kaseya (VSA)](/rmm_tools/kaseya__vsa_),,Kaseya (VSA) aka Unigma is a remote monitoring and management (RMM) tool. More information will be a...,Nasreddine Bencherchali
-[HelpBeam](/rmm_tools/helpbeam),,HelpBeam is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Quest KACE Agent (formerly Dell KACE)](/rmm_tools/quest_kace_agent__formerly_dell_kace_),,Quest KACE Agent (formerly Dell KACE) is a remote monitoring and management (RMM) tool. More informa...,
-[DeskShare](/rmm_tools/deskshare),,DeskShare is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[rdpwrap](/rmm_tools/rdpwrap),,rdpwrap is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[Total Software Deployment](/rmm_tools/total_software_deployment),,Total Software Deployment is a remote monitoring and management (RMM) tool. More information will be...,
+[SmartCode Web VNC](/rmm_tools/smartcode_web_vnc),,SmartCode Web VNC is a remote monitoring and management (RMM) tool. More information will be added a...,
+[TightVNC](/rmm_tools/tightvnc),,TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Free Ping Tool](/rmm_tools/free_ping_tool),,Free Ping Tool is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[Parallels Access](/rmm_tools/parallels_access),,Parallels Access is a remote monitoring and management (RMM) tool. More information will be added as...,
+[AnyViewer](/rmm_tools/anyviewer),,AnyViewer is a remote monitoring and management (RMM) tool. More information will be added as it bec...,@kostastsale
+[LANDesk](/rmm_tools/landesk),,LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[Datto](/rmm_tools/datto),,Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[ngrok](/rmm_tools/ngrok),,ngrok is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[Chrome Remote Desktop](/rmm_tools/chrome_remote_desktop),,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be add...,
 [PuTTY](/rmm_tools/putty),,PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[FixMe.it](/rmm_tools/fixme.it),,FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[RDPView](/rmm_tools/rdpview),,RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[Google Drive](/rmm_tools/google_drive),,Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[SysAid](/rmm_tools/sysaid),,SysAid is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[ITSupport247 (ConnectWise)](/rmm_tools/itsupport247__connectwise_),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will b...,
+[Cloud Explorer](/rmm_tools/cloud_explorer),,Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[ZOC](/rmm_tools/zoc),,ZOC is a remote monitoring and management (RMM) tool. More information will be added as it becomes a...,
+[Cloudsfer](/rmm_tools/cloudsfer),,Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Pcvisit](/rmm_tools/pcvisit),,Pcvisit is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[Instant Housecall](/rmm_tools/instant_housecall),,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added a...,
+[MioNet (Also known as WD Anywhere Access)](/rmm_tools/mionet__also_known_as_wd_anywhere_access_),,MioNet (Also known as WD Anywhere Access) is a remote monitoring and management (RMM) tool. More inf...,
+[rdp2tcp](/rmm_tools/rdp2tcp),,rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[RunSmart](/rmm_tools/runsmart),,RunSmart is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
 [Fortra](/rmm_tools/fortra),,Fortra is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[ISL Light](/rmm_tools/isl_light),,ISL Light is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Pocket Controller (Soti Xsight)](/rmm_tools/pocket_controller__soti_xsight_),,Pocket Controller (Soti Xsight) is a remote monitoring and management (RMM) tool. More information w...,
-[GatherPlace-desktop sharing](/rmm_tools/gatherplace-desktop_sharing),,GatherPlace-desktop sharing is a remote monitoring and management (RMM) tool. More information will ...,
-[Electric](/rmm_tools/electric),,Electric is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Site24x7](/rmm_tools/site24x7),,Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[MeshCentral](/rmm_tools/meshcentral),,MeshCentral is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[MSP360](/rmm_tools/msp360),,MSP360 is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[ScreenConnect](/rmm_tools/screenconnect),,ScreenConnect is a remote monitoring and management (RMM) tool. More information will be added as it...,"Ali Alwashali, Nasreddine Bencherchali"
-[Microsoft TSC](/rmm_tools/microsoft_tsc),,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it...,
-[Tanium](/rmm_tools/tanium),,Tanium is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Ultra VNC](/rmm_tools/ultra_vnc),,Ultra VNC is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Remote Manipulator System](/rmm_tools/remote_manipulator_system),,Remote Manipulator System is a remote monitoring and management (RMM) tool. More information will be...,
-[Domotz](/rmm_tools/domotz),,Domotz is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[FixMe](/rmm_tools/fixme),,FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[RemoteUtilities](/rmm_tools/remoteutilities),,RemoteUtilities is a remote monitoring and management (RMM) tool. More information will be added as ...,
 [rclone](/rmm_tools/rclone),,rclone is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Tanium Deploy](/rmm_tools/tanium_deploy),,Tanium Deploy is a remote monitoring and management (RMM) tool. More information will be added as it...,
-[N-ABLE Remote Access Software](/rmm_tools/n-able_remote_access_software),,N-ABLE Remote Access Software is a remote monitoring and management (RMM) tool. More information wil...,
-[Quick Assist](/rmm_tools/quick_assist),,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[AnyViewer](/rmm_tools/anyviewer),,AnyViewer is a remote monitoring and management (RMM) tool. More information will be added as it bec...,@kostastsale
-[Naverisk](/rmm_tools/naverisk),,Naverisk is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Addigy](/rmm_tools/addigy),,Addigy is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Action1](/rmm_tools/action1),,Action1 is a powerful Remote Monitoring and Management(RMM) tool that enables users to execute comma...,@kostastsale
-[AliWangWang-remote-control](/rmm_tools/aliwangwang-remote-control),,AliWangWang-remote-control is a remote monitoring and management (RMM) tool. More information will b...,
-[FreeRDP](/rmm_tools/freerdp),,FreeRDP is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[MioNet (Also known as WD Anywhere Access)](/rmm_tools/mionet__also_known_as_wd_anywhere_access_),,MioNet (Also known as WD Anywhere Access) is a remote monitoring and management (RMM) tool. More inf...,
-[SmartCode Web VNC](/rmm_tools/smartcode_web_vnc),,SmartCode Web VNC is a remote monitoring and management (RMM) tool. More information will be added a...,
-[Onionshare](/rmm_tools/onionshare),,Onionshare is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Air Live Drive](/rmm_tools/air_live_drive),,Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as i...,
-[Rocket Remote Desktop](/rmm_tools/rocket_remote_desktop),,Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be add...,
-[WebRDP](/rmm_tools/webrdp),,WebRDP is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[BeyondTrust](/rmm_tools/beyondtrust),,BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[SuperOps](/rmm_tools/superops),,SuperOps is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[RemotePass](/rmm_tools/remotepass),,RemotePass is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[Itarian](/rmm_tools/itarian),,Itarian is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[PSEXEC](/rmm_tools/psexec),,PSEXEC is a remote monitoring and management (RMM) tool. More information will be added as it become...,
 [Level.io](/rmm_tools/level.io),,Level.io is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[ezHelp](/rmm_tools/ezhelp),,ezHelp is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Kabuto](/rmm_tools/kabuto),,Kabuto is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Synergy](/rmm_tools/synergy),,Synergy is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[ConnectWise](/rmm_tools/connectwise),,ConnectWise is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[TigerVNC](/rmm_tools/tigervnc),,TigerVNC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Jump Cloud](/rmm_tools/jump_cloud),,Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Royal TS](/rmm_tools/royal_ts),,Royal TS is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[MioNet (WD Anywhere Access)](/rmm_tools/mionet__wd_anywhere_access_),,MioNet (WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will ...,
+[SpyAnywhere](/rmm_tools/spyanywhere),,SpyAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[FreeFileSync](/rmm_tools/freefilesync),,FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[Ericom AccessNow](/rmm_tools/ericom_accessnow),,Ericom AccessNow is a remote monitoring and management (RMM) tool. More information will be added as...,
+[ExpanDrive](/rmm_tools/expandrive),,ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Level.io](/rmm_tools/level.io),,Level.io is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[MultCloud](/rmm_tools/multcloud),,MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[Auvik](/rmm_tools/auvik),,Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[Goverlan](/rmm_tools/goverlan),,Goverlan is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[Pcnow](/rmm_tools/pcnow),,Pcnow is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
+[DeskShare](/rmm_tools/deskshare),,DeskShare is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[MyGreenPC](/rmm_tools/mygreenpc),,MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
 [GoToMyPC](/rmm_tools/gotomypc),,GoToMyPC is a remote monitoring and management (RMM) tool. More information will be added as it beco...,Nasreddine Bencherchali
-[Laplink Everywhere](/rmm_tools/laplink_everywhere),,Laplink Everywhere is a remote monitoring and management (RMM) tool. More information will be added ...,
-[Syspectr](/rmm_tools/syspectr),,Syspectr is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Remote Utilities](/rmm_tools/remote_utilities),,Remote Utilities is a remote monitoring and management (RMM) tool. More information will be added as...,
-[Remcos](/rmm_tools/remcos),,Remcos is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[ISL Online](/rmm_tools/isl_online),,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[DragonDisk](/rmm_tools/dragondisk),,DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[FleetDeck.io](/rmm_tools/fleetdeck.io),,FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Chrome Remote Desktop](/rmm_tools/chrome_remote_desktop),,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be add...,
-[RealVNC](/rmm_tools/realvnc),,RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[rsync](/rmm_tools/rsync),,rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[Datto](/rmm_tools/datto),,Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[CloudExplorer](/rmm_tools/cloudexplorer),,CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it...,
-[Supremo](/rmm_tools/supremo),,Supremo is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
-[GoToAssist Agent Desktop Console](/rmm_tools/gotoassist_agent_desktop_console),,GoToAssist Agent Desktop Console is a remote monitoring and management (RMM) tool. More information ...,
-[ConnectWise Control](/rmm_tools/connectwise_control),,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added...,
-[RemoteView](/rmm_tools/remoteview),,RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it be...,
-[VNC Connect](/rmm_tools/vnc_connect),,VNC Connect is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[Syncthing](/rmm_tools/syncthing),,Syncthing is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[KHelpDesk](/rmm_tools/khelpdesk),,KHelpDesk is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Netop Remote Control (Impero Connect)](/rmm_tools/netop_remote_control__impero_connect_),,Netop Remote Control (Impero Connect) is a remote monitoring and management (RMM) tool. More informa...,
-[Bitvise SSH Server](/rmm_tools/bitvise_ssh_server),,Bitvise SSH Server is a remote monitoring and management (RMM) tool. More information will be added ...,
-[Cloud Turtle](/rmm_tools/cloud_turtle),,Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[Apple Remote Desktop](/rmm_tools/apple_remote_desktop),,Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be adde...,
-[Chrome SSH Extension](/rmm_tools/chrome_ssh_extension),,Chrome SSH Extension is a remote monitoring and management (RMM) tool. More information will be adde...,
-[CloudGopher](/rmm_tools/cloudgopher),,CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it b...,
+[Jump Desktop](/rmm_tools/jump_desktop),,Jump Desktop is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[Splashtop Remote](/rmm_tools/splashtop_remote),,Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as...,
+[Distant Desktop](/rmm_tools/distant_desktop),,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as ...,
 [NetSupport Manager](/rmm_tools/netsupport_manager),,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added ...,
 [ESET Remote Administrator](/rmm_tools/eset_remote_administrator),,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be...,
-[Yandex.Disk](/rmm_tools/yandex.disk),,Yandex.Disk is a remote monitoring and management (RMM) tool. More information will be added as it b...,
-[N-Able Advanced Monitoring Agent](/rmm_tools/n-able_advanced_monitoring_agent),,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information ...,
-[MyIVO](/rmm_tools/myivo),,MyIVO is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
-[FreeFileSync](/rmm_tools/freefilesync),,FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it ...,
-[ITSupport247 (ConnectWise)](/rmm_tools/itsupport247__connectwise_),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will b...,
-[VNC](/rmm_tools/vnc),,VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes a...,
-[ServerEye](/rmm_tools/servereye),,ServerEye is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Rapid7](/rmm_tools/rapid7),,Rapid7 is a remote monitoring and management (RMM) tool. More information will be added as it become...,
+[ZeroTier](/rmm_tools/zerotier),,ZeroTier is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
+[QQ IM-remote assistance](/rmm_tools/qq_im-remote_assistance),,QQ IM-remote assistance is a remote monitoring and management (RMM) tool. More information will be a...,
+[ExtraPuTTY](/rmm_tools/extraputty),,ExtraPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it be...,
 [GoToAssist (GoTo Resolve)](/rmm_tools/gotoassist__goto_resolve_),,GoToAssist (GoTo Resolve) is a remote monitoring and management (RMM) tool. More information will be...,
-[Ocamlfuse](/rmm_tools/ocamlfuse),,Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[GetScreen](/rmm_tools/getscreen),,GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[MobaXterm](/rmm_tools/mobaxterm),,MobaXterm is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
+[TurboMeeting](/rmm_tools/turbomeeting),,TurboMeeting is a remote monitoring and management (RMM) tool. More information will be added as it ...,
+[Chrome Remote Desktop](/rmm_tools/chrome_remote_desktop),,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be add...,
+[SimpleHelp](/rmm_tools/simplehelp),,SimpleHelp is a remote monitoring and management (RMM) tool. More information will be added as it be...,
+[Level](/rmm_tools/level),,Level is a remote monitoring and management (RMM) tool. More information will be added as it becomes...,
 [CrossTec Remote Control](/rmm_tools/crosstec_remote_control),,CrossTec Remote Control is a remote monitoring and management (RMM) tool. More information will be a...,
+[TeamViewer](/rmm_tools/teamviewer),,"TeamViewer is a remote monitoring and management (RMM) tool.
+...","Nasreddine Bencherchali, Michael Haag"
+[Itarian](/rmm_tools/itarian),,Itarian is a remote monitoring and management (RMM) tool. More information will be added as it becom...,
+[Bomgar](/rmm_tools/bomgar),,Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it become...,
 [Absolute (Computrace)](/rmm_tools/absolute__computrace_),,Absolute (Computrace) is a remote monitoring and management (RMM) tool. More information will be add...,
-[Xshell](/rmm_tools/xshell),,Xshell is a remote monitoring and management (RMM) tool. More information will be added as it become...,
-[Amazon (Cloud) Drive](/rmm_tools/amazon__cloud__drive),,Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be adde...,
-[MyGreenPC](/rmm_tools/mygreenpc),,MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it bec...,
-[Level.io](/rmm_tools/level.io),,Level.io is a remote monitoring and management (RMM) tool. More information will be added as it beco...,
-[Microsoft Quick Assist](/rmm_tools/microsoft_quick_assist),,Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be ad...,
-[Manage Engine (Desktop Central)](/rmm_tools/manage_engine__desktop_central_),,Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool. More information w...,
+[Air Live Drive](/rmm_tools/air_live_drive),,Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as i...,
+[ESET Remote Administrator](/rmm_tools/eset_remote_administrator),,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be...,