diff --git a/website/pages/tools/.gitkeep b/website/pages/tools/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/website/pages/tools/air_explorer.mdx b/website/pages/tools/air_explorer.mdx deleted file mode 100644 index e8b59fa..0000000 --- a/website/pages/tools/air_explorer.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Air Explorer" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Air Explorer - -Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of Air Explorer RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_explorer_processes_sigma.yml) - - diff --git a/website/pages/tools/air_live_drive.mdx b/website/pages/tools/air_live_drive.mdx deleted file mode 100644 index 0f28639..0000000 --- a/website/pages/tools/air_live_drive.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Air Live Drive" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Air Live Drive - -Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of Air Live Drive RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_live_drive_processes_sigma.yml) - - diff --git a/website/pages/tools/amazon__cloud__drive.mdx b/website/pages/tools/amazon__cloud__drive.mdx deleted file mode 100644 index c352ff7..0000000 --- a/website/pages/tools/amazon__cloud__drive.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Amazon (Cloud) Drive" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Amazon (Cloud) Drive - -Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of Amazon (Cloud) Drive RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/amazon__cloud__drive_processes_sigma.yml) - - diff --git a/website/pages/tools/aria2.mdx b/website/pages/tools/aria2.mdx deleted file mode 100644 index cb2f2a1..0000000 --- a/website/pages/tools/aria2.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "aria2" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# aria2 - -aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of aria2 RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aria2_processes_sigma.yml) - - diff --git a/website/pages/tools/aweray__awesun_.mdx b/website/pages/tools/aweray__awesun_.mdx deleted file mode 100644 index 10c92dd..0000000 --- a/website/pages/tools/aweray__awesun_.mdx +++ /dev/null @@ -1,50 +0,0 @@ ---- -description = "AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "AweRay (AweSun)" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# AweRay (AweSun) - -AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of AweRay (AweSun) RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__network_sigma.yml) -- Detects potential processes activity of AweRay (AweSun) RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__processes_sigma.yml) - - diff --git a/website/pages/tools/aws-cli.mdx b/website/pages/tools/aws-cli.mdx deleted file mode 100644 index 2d158e9..0000000 --- a/website/pages/tools/aws-cli.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "aws-cli" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# aws-cli - -aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of aws-cli RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aws-cli_processes_sigma.yml) - - diff --git a/website/pages/tools/azure_storage_explorer.mdx b/website/pages/tools/azure_storage_explorer.mdx deleted file mode 100644 index 5c5da0b..0000000 --- a/website/pages/tools/azure_storage_explorer.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Azure Storage Explorer" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Azure Storage Explorer - -Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of Azure Storage Explorer RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/azure_storage_explorer_processes_sigma.yml) - - diff --git a/website/pages/tools/beyondtrust__bomgar_.mdx b/website/pages/tools/beyondtrust__bomgar_.mdx index 2bfce27..d300129 100644 --- a/website/pages/tools/beyondtrust__bomgar_.mdx +++ b/website/pages/tools/beyondtrust__bomgar_.mdx @@ -23,7 +23,7 @@ BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More info /> #### Installation Paths - + @@ -36,7 +36,7 @@ BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More info #### Network Artifacts - + diff --git a/website/pages/tools/bomgar.mdx b/website/pages/tools/bomgar.mdx deleted file mode 100644 index 09b143b..0000000 --- a/website/pages/tools/bomgar.mdx +++ /dev/null @@ -1,50 +0,0 @@ ---- -description = "Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Bomgar" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Bomgar - -Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of Bomgar RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_network_sigma.yml) -- Detects potential processes activity of Bomgar RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_processes_sigma.yml) - - diff --git a/website/pages/tools/bomgar_-_now_beyondtrust.mdx b/website/pages/tools/bomgar_-_now_beyondtrust.mdx deleted file mode 100644 index 9836bbb..0000000 --- a/website/pages/tools/bomgar_-_now_beyondtrust.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Bomgar - Now BeyondTrust" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Bomgar - Now BeyondTrust - -Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/box.mdx b/website/pages/tools/box.mdx deleted file mode 100644 index be30dfe..0000000 --- a/website/pages/tools/box.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "Box is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Box" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Box - -Box is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of Box RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/box_processes_sigma.yml) - - diff --git a/website/pages/tools/chicken__of_the_vnc_.mdx b/website/pages/tools/chicken__of_the_vnc_.mdx index 2161bd6..aa6ea28 100644 --- a/website/pages/tools/chicken__of_the_vnc_.mdx +++ b/website/pages/tools/chicken__of_the_vnc_.mdx @@ -37,4 +37,6 @@ Chicken (of the VNC) is a remote monitoring and management (RMM) tool. More info +### References +- [https://github.com/flit/cotvnc](https://github.com/flit/cotvnc) diff --git a/website/pages/tools/chrome_remote_desktop.mdx b/website/pages/tools/chrome_remote_desktop.mdx index 08f33c9..365a640 100644 --- a/website/pages/tools/chrome_remote_desktop.mdx +++ b/website/pages/tools/chrome_remote_desktop.mdx @@ -36,7 +36,7 @@ Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More inf #### Network Artifacts - + diff --git a/website/pages/tools/cloud_explorer.mdx b/website/pages/tools/cloud_explorer.mdx deleted file mode 100644 index f29dc74..0000000 --- a/website/pages/tools/cloud_explorer.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Cloud Explorer" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Cloud Explorer - -Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/cloud_turtle.mdx b/website/pages/tools/cloud_turtle.mdx deleted file mode 100644 index e8f9db0..0000000 --- a/website/pages/tools/cloud_turtle.mdx +++ /dev/null @@ -1,42 +0,0 @@ ---- -description = "Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Cloud Turtle" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Cloud Turtle - -Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/cloudberry_explorer.mdx b/website/pages/tools/cloudberry_explorer.mdx deleted file mode 100644 index 563a191..0000000 --- a/website/pages/tools/cloudberry_explorer.mdx +++ /dev/null @@ -1,42 +0,0 @@ ---- -description = "CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "CloudBerry Explorer" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# CloudBerry Explorer - -CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/cloudbuckit.mdx b/website/pages/tools/cloudbuckit.mdx deleted file mode 100644 index dffe29f..0000000 --- a/website/pages/tools/cloudbuckit.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "CloudBuckIt" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# CloudBuckIt - -CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of CloudBuckIt RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudbuckit_processes_sigma.yml) - - diff --git a/website/pages/tools/cloudexplorer.mdx b/website/pages/tools/cloudexplorer.mdx deleted file mode 100644 index 61b4be0..0000000 --- a/website/pages/tools/cloudexplorer.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "CloudExplorer" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# CloudExplorer - -CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/cloudfuze.mdx b/website/pages/tools/cloudfuze.mdx deleted file mode 100644 index 9222218..0000000 --- a/website/pages/tools/cloudfuze.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "CloudFuze" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# CloudFuze - -CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/cloudgopher.mdx b/website/pages/tools/cloudgopher.mdx deleted file mode 100644 index 35cdc2a..0000000 --- a/website/pages/tools/cloudgopher.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "CloudGopher" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# CloudGopher - -CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/cloudhq.mdx b/website/pages/tools/cloudhq.mdx deleted file mode 100644 index 577c0c2..0000000 --- a/website/pages/tools/cloudhq.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "CloudHQ" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# CloudHQ - -CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/cloudmounter.mdx b/website/pages/tools/cloudmounter.mdx deleted file mode 100644 index 5ef6cdf..0000000 --- a/website/pages/tools/cloudmounter.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "CloudMounter" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# CloudMounter - -CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of CloudMounter RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudmounter_processes_sigma.yml) - - diff --git a/website/pages/tools/cloudsfer.mdx b/website/pages/tools/cloudsfer.mdx deleted file mode 100644 index be271b6..0000000 --- a/website/pages/tools/cloudsfer.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Cloudsfer" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Cloudsfer - -Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/cloudxplorer.mdx b/website/pages/tools/cloudxplorer.mdx deleted file mode 100644 index e2b7a30..0000000 --- a/website/pages/tools/cloudxplorer.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "CloudXplorer" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# CloudXplorer - -CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of CloudXplorer RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudxplorer_processes_sigma.yml) - - diff --git a/website/pages/tools/connectwise_control.mdx b/website/pages/tools/connectwise_control.mdx index 13a967e..b462071 100644 --- a/website/pages/tools/connectwise_control.mdx +++ b/website/pages/tools/connectwise_control.mdx @@ -23,7 +23,7 @@ ConnectWise Control is a remote monitoring and management (RMM) tool. More infor /> #### Installation Paths - + diff --git a/website/pages/tools/core_ftp.mdx b/website/pages/tools/core_ftp.mdx deleted file mode 100644 index 4be7dbb..0000000 --- a/website/pages/tools/core_ftp.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Core FTP" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Core FTP - -Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of Core FTP RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/core_ftp_processes_sigma.yml) - - diff --git a/website/pages/tools/cruz.mdx b/website/pages/tools/cruz.mdx deleted file mode 100644 index f6a5ff4..0000000 --- a/website/pages/tools/cruz.mdx +++ /dev/null @@ -1,46 +0,0 @@ ---- -description = "Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Cruz" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Cruz - -Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of Cruz RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cruz_network_sigma.yml) - - diff --git a/website/pages/tools/cuteftp.mdx b/website/pages/tools/cuteftp.mdx deleted file mode 100644 index 81a8606..0000000 --- a/website/pages/tools/cuteftp.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "CuteFTP" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# CuteFTP - -CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of CuteFTP RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cuteftp_processes_sigma.yml) - - diff --git a/website/pages/tools/cyberduck.mdx b/website/pages/tools/cyberduck.mdx deleted file mode 100644 index 9b3c3e4..0000000 --- a/website/pages/tools/cyberduck.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Cyberduck" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Cyberduck - -Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of Cyberduck RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cyberduck_processes_sigma.yml) - - diff --git a/website/pages/tools/dameware-mini_remote_control_protocol.mdx b/website/pages/tools/dameware-mini_remote_control_protocol.mdx deleted file mode 100644 index 83b2586..0000000 --- a/website/pages/tools/dameware-mini_remote_control_protocol.mdx +++ /dev/null @@ -1,50 +0,0 @@ ---- -description = "Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Dameware-mini remote control Protocol" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Dameware-mini remote control Protocol - -Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of Dameware-mini remote control Protocol RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml) -- Detects potential processes activity of Dameware-mini remote control Protocol RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_processes_sigma.yml) - - diff --git a/website/pages/tools/dameware.mdx b/website/pages/tools/dameware.mdx index 8295167..aa8d589 100644 --- a/website/pages/tools/dameware.mdx +++ b/website/pages/tools/dameware.mdx @@ -23,7 +23,7 @@ DameWare is a remote monitoring and management (RMM) tool. More information will /> #### Installation Paths - + @@ -34,11 +34,16 @@ DameWare is a remote monitoring and management (RMM) tool. More information will +#### Network Artifacts + + ### Detections +- Detects potential network activity of Dameware-mini remote control Protocol RMM tool + - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml) - Detects potential processes activity of DameWare RMM tool - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware_processes_sigma.yml) diff --git a/website/pages/tools/datto.mdx b/website/pages/tools/datto.mdx deleted file mode 100644 index 6c1f5c8..0000000 --- a/website/pages/tools/datto.mdx +++ /dev/null @@ -1,46 +0,0 @@ ---- -description = "Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Datto" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Datto - -Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of Datto RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/datto_network_sigma.yml) - - diff --git a/website/pages/tools/desktop_central.mdx b/website/pages/tools/desktop_central.mdx deleted file mode 100644 index 0921e92..0000000 --- a/website/pages/tools/desktop_central.mdx +++ /dev/null @@ -1,50 +0,0 @@ ---- -description = "Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Desktop Central" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Desktop Central - -Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of Desktop Central RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml) -- Detects potential processes activity of Desktop Central RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml) - - diff --git a/website/pages/tools/drivemaker.mdx b/website/pages/tools/drivemaker.mdx deleted file mode 100644 index b873845..0000000 --- a/website/pages/tools/drivemaker.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "DriveMaker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "DriveMaker" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# DriveMaker - -DriveMaker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of DriveMaker RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/drivemaker_processes_sigma.yml) - - diff --git a/website/pages/tools/dropbox.mdx b/website/pages/tools/dropbox.mdx deleted file mode 100644 index b993c8c..0000000 --- a/website/pages/tools/dropbox.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Dropbox" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Dropbox - -Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of Dropbox RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dropbox_processes_sigma.yml) - - diff --git a/website/pages/tools/electric.mdx b/website/pages/tools/electric.mdx deleted file mode 100644 index 0c29c63..0000000 --- a/website/pages/tools/electric.mdx +++ /dev/null @@ -1,46 +0,0 @@ ---- -description = "Electric is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Electric" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Electric - -Electric is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of Electric RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml) - - diff --git a/website/pages/tools/electric_ai__kaseya_.mdx b/website/pages/tools/electric_ai__kaseya_.mdx index cf3cc2d..be882da 100644 --- a/website/pages/tools/electric_ai__kaseya_.mdx +++ b/website/pages/tools/electric_ai__kaseya_.mdx @@ -32,10 +32,16 @@ Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More info +#### Network Artifacts + + +### Detections +- Detects potential network activity of Electric RMM tool + - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml) ### References - [https://www.electric.ai/product/device-management-solutions - Usess Kaseya/jamf](https://www.electric.ai/product/device-management-solutions - Usess Kaseya/jamf) diff --git a/website/pages/tools/expandrive.mdx b/website/pages/tools/expandrive.mdx deleted file mode 100644 index 6dc72b5..0000000 --- a/website/pages/tools/expandrive.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "ExpanDrive" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# ExpanDrive - -ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of ExpanDrive RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/expandrive_processes_sigma.yml) - - diff --git a/website/pages/tools/filezilla.mdx b/website/pages/tools/filezilla.mdx deleted file mode 100644 index 6732cc1..0000000 --- a/website/pages/tools/filezilla.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "FileZilla" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# FileZilla - -FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of FileZilla RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/filezilla_processes_sigma.yml) - - diff --git a/website/pages/tools/fixme.it.mdx b/website/pages/tools/fixme.it.mdx index e375601..c4d11e4 100644 --- a/website/pages/tools/fixme.it.mdx +++ b/website/pages/tools/fixme.it.mdx @@ -23,7 +23,7 @@ FixMe.it is a remote monitoring and management (RMM) tool. More information will /> #### Installation Paths - + @@ -42,11 +42,9 @@ FixMe.it is a remote monitoring and management (RMM) tool. More information will ### Detections -- Detects potential network activity of FixMe.it RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_network_sigma.yml) -- Detects potential processes activity of FixMe.it RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_processes_sigma.yml) +- Detects potential network activity of FixMe RMM tool + - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_network_sigma.yml) +- Detects potential processes activity of FixMe RMM tool + - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml) -### References -- [https://docs.fixme.it/general-questions/which-ports-and-servers-does-fixme-it-use](https://docs.fixme.it/general-questions/which-ports-and-servers-does-fixme-it-use) diff --git a/website/pages/tools/fixme.mdx b/website/pages/tools/fixme.mdx deleted file mode 100644 index d063f62..0000000 --- a/website/pages/tools/fixme.mdx +++ /dev/null @@ -1,50 +0,0 @@ ---- -description = "FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "FixMe" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# FixMe - -FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of FixMe RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_network_sigma.yml) -- Detects potential processes activity of FixMe RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml) - - diff --git a/website/pages/tools/fleetdeck.io.mdx b/website/pages/tools/fleetdeck.io.mdx index 4c6396e..e10cdf3 100644 --- a/website/pages/tools/fleetdeck.io.mdx +++ b/website/pages/tools/fleetdeck.io.mdx @@ -36,15 +36,17 @@ FleetDeck.io is a remote monitoring and management (RMM) tool. More information #### Network Artifacts - + ### Detections -- Detects potential network activity of FleetDeck.io RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_network_sigma.yml) -- Detects potential processes activity of FleetDeck.io RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_processes_sigma.yml) +- Detects potential network activity of FleetDesk.io RMM tool + - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml) +- Detects potential processes activity of FleetDesk.io RMM tool + - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml) +### References +- [https://fleetdeck.io/faq/](https://fleetdeck.io/faq/) diff --git a/website/pages/tools/fleetdeck.mdx b/website/pages/tools/fleetdeck.mdx deleted file mode 100644 index c537bdf..0000000 --- a/website/pages/tools/fleetdeck.mdx +++ /dev/null @@ -1,50 +0,0 @@ ---- -description = "FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "FleetDeck" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# FleetDeck - -FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of FleetDeck RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_network_sigma.yml) -- Detects potential processes activity of FleetDeck RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_processes_sigma.yml) - - diff --git a/website/pages/tools/fleetdesk.io.mdx b/website/pages/tools/fleetdesk.io.mdx deleted file mode 100644 index 2b9a7c6..0000000 --- a/website/pages/tools/fleetdesk.io.mdx +++ /dev/null @@ -1,52 +0,0 @@ ---- -description = "FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "FleetDesk.io" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# FleetDesk.io - -FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - -#### Network Artifacts - - - - - - -### Detections -- Detects potential network activity of FleetDesk.io RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml) -- Detects potential processes activity of FleetDesk.io RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml) - -### References -- [https://fleetdeck.io/faq/](https://fleetdeck.io/faq/) - diff --git a/website/pages/tools/freefilesync.mdx b/website/pages/tools/freefilesync.mdx deleted file mode 100644 index 338fb95..0000000 --- a/website/pages/tools/freefilesync.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "FreeFileSync" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# FreeFileSync - -FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of FreeFileSync RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freefilesync_processes_sigma.yml) - - diff --git a/website/pages/tools/goodsync.mdx b/website/pages/tools/goodsync.mdx deleted file mode 100644 index 3920292..0000000 --- a/website/pages/tools/goodsync.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "GoodSync" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# GoodSync - -GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of GoodSync RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goodsync_processes_sigma.yml) - - diff --git a/website/pages/tools/google_drive.mdx b/website/pages/tools/google_drive.mdx deleted file mode 100644 index e49e153..0000000 --- a/website/pages/tools/google_drive.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Google Drive" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Google Drive - -Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of Google Drive RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/google_drive_processes_sigma.yml) - - diff --git a/website/pages/tools/manage_engine__desktop_central_.mdx b/website/pages/tools/manage_engine__desktop_central_.mdx index f73d287..70c9511 100644 --- a/website/pages/tools/manage_engine__desktop_central_.mdx +++ b/website/pages/tools/manage_engine__desktop_central_.mdx @@ -42,11 +42,9 @@ Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool ### Detections -- Detects potential network activity of Manage Engine (Desktop Central) RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__network_sigma.yml) -- Detects potential processes activity of Manage Engine (Desktop Central) RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__processes_sigma.yml) +- Detects potential network activity of Desktop Central RMM tool + - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml) +- Detects potential processes activity of Desktop Central RMM tool + - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml) -### References -- [https://www.manageengine.com/products/desktop-central/help/domains-required-for-agent-communication.html](https://www.manageengine.com/products/desktop-central/help/domains-required-for-agent-communication.html) diff --git a/website/pages/tools/microsoft_onedrive.mdx b/website/pages/tools/microsoft_onedrive.mdx deleted file mode 100644 index 1944760..0000000 --- a/website/pages/tools/microsoft_onedrive.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Microsoft OneDrive" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Microsoft OneDrive - -Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/microsoft_quick_assist.mdx b/website/pages/tools/microsoft_quick_assist.mdx index 73194fe..3cb2311 100644 --- a/website/pages/tools/microsoft_quick_assist.mdx +++ b/website/pages/tools/microsoft_quick_assist.mdx @@ -16,7 +16,7 @@ Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More in category={""} created={""} website={""} - lastModified={"2/9/2024"} + lastModified={""} privileges={""} free={ "" } verification={""} @@ -36,7 +36,7 @@ Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More in #### Network Artifacts - + diff --git a/website/pages/tools/microsoft_rdp.mdx b/website/pages/tools/microsoft_rdp.mdx index 22ae727..2907499 100644 --- a/website/pages/tools/microsoft_rdp.mdx +++ b/website/pages/tools/microsoft_rdp.mdx @@ -23,7 +23,7 @@ Microsoft RDP is a remote monitoring and management (RMM) tool. More information /> #### Installation Paths - + diff --git a/website/pages/tools/microsoft_tsc.mdx b/website/pages/tools/microsoft_tsc.mdx index 67737e3..d20a1a4 100644 --- a/website/pages/tools/microsoft_tsc.mdx +++ b/website/pages/tools/microsoft_tsc.mdx @@ -23,7 +23,7 @@ Microsoft TSC is a remote monitoring and management (RMM) tool. More information /> #### Installation Paths - + diff --git a/website/pages/tools/ocamlfuse.mdx b/website/pages/tools/ocamlfuse.mdx deleted file mode 100644 index 62e1040..0000000 --- a/website/pages/tools/ocamlfuse.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Ocamlfuse" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Ocamlfuse - -Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/odrive.mdx b/website/pages/tools/odrive.mdx deleted file mode 100644 index 0307bd6..0000000 --- a/website/pages/tools/odrive.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "ODrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "ODrive" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# ODrive - -ODrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of ODrive RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/odrive_processes_sigma.yml) - - diff --git a/website/pages/tools/pcloud.mdx b/website/pages/tools/pcloud.mdx deleted file mode 100644 index 954bbd5..0000000 --- a/website/pages/tools/pcloud.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "pCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "pCloud" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# pCloud - -pCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of pCloud RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcloud_processes_sigma.yml) - - diff --git a/website/pages/tools/proton_drive.mdx b/website/pages/tools/proton_drive.mdx deleted file mode 100644 index 4953e73..0000000 --- a/website/pages/tools/proton_drive.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Proton Drive" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Proton Drive - -Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/raidrive.mdx b/website/pages/tools/raidrive.mdx deleted file mode 100644 index f4938a5..0000000 --- a/website/pages/tools/raidrive.mdx +++ /dev/null @@ -1,42 +0,0 @@ ---- -description = "Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "Raidrive" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# Raidrive - -Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/rclone.mdx b/website/pages/tools/rclone.mdx deleted file mode 100644 index 5e67de4..0000000 --- a/website/pages/tools/rclone.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "rclone is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "rclone" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# rclone - -rclone is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of rclone RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rclone_processes_sigma.yml) - - diff --git a/website/pages/tools/royal_server.mdx b/website/pages/tools/royal_server.mdx index c12dbeb..995f8d7 100644 --- a/website/pages/tools/royal_server.mdx +++ b/website/pages/tools/royal_server.mdx @@ -43,4 +43,6 @@ Royal Server is a remote monitoring and management (RMM) tool. More information - Detects potential network activity of Royal Server RMM tool - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_server_network_sigma.yml) +### References +- [https://royalapps.com/server/main/features](https://royalapps.com/server/main/features) diff --git a/website/pages/tools/rsync.mdx b/website/pages/tools/rsync.mdx deleted file mode 100644 index 4851808..0000000 --- a/website/pages/tools/rsync.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -description = "rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "rsync" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# rsync - -rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- - - - - - -### Forensic Artifacts - - - - - - - - - - diff --git a/website/pages/tools/teracloud.mdx b/website/pages/tools/teracloud.mdx deleted file mode 100644 index 09b2f35..0000000 --- a/website/pages/tools/teracloud.mdx +++ /dev/null @@ -1,45 +0,0 @@ ---- -description = "TeraCLOUD is a remote monitoring and management (RMM) tool. More information will be added as it becomes available." -title = "TeraCLOUD" ---- - - -import {Card, Badges, Details, PEMetadata, DiskArtifacts, EventLogTable, RegistryTable, OtherArtifactsTable, NetworkArtifactsTable} from "../../components/card"; -import {EuiSpacer} from "@elastic/eui" - -# TeraCLOUD - -TeraCLOUD is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. - -### Details -
- -#### Installation Paths - - - - - - -### Forensic Artifacts - - - - - - - - -### Detections -- Detects potential processes activity of TeraCLOUD RMM tool - - [Sigma Rule](https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teracloud_processes_sigma.yml) - - diff --git a/website/pages/tools/x2go.mdx b/website/pages/tools/x2go.mdx index edd9af1..589de7b 100644 --- a/website/pages/tools/x2go.mdx +++ b/website/pages/tools/x2go.mdx @@ -37,4 +37,6 @@ X2Go is a remote monitoring and management (RMM) tool. More information will be +### References +- [https://wiki.x2go.org/doku.php](https://wiki.x2go.org/doku.php) diff --git a/website/public/api/rmm_tools.csv b/website/public/api/rmm_tools.csv index 03f3197..b2d60e8 100644 --- a/website/public/api/rmm_tools.csv +++ b/website/public/api/rmm_tools.csv @@ -4,12 +4,11 @@ Zabbix Agent,,Zabbix Agent is a remote monitoring and management (RMM) tool. Mor Senso.cloud,,Senso.cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"SensoClient.exe, SensoService.exe, aadg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.senso.cloud"", ""senso.cloud""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_network_sigma.yml"", ""Description"": ""Detects potential network activity of Senso.cloud RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/senso.cloud_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Senso.cloud RMM tool""}]",https://support.senso.cloud/support/solutions/articles/79000116305-firewall-and-content-filter-configuration,[] I'm InTouch,,I'm InTouch is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"iit.exe, intouch.exe, I'm InTouch Go Installer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.01com.com"", ""01com.com/imintouch-remote-pc-desktop""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_network_sigma.yml"", ""Description"": ""Detects potential network activity of I'm InTouch RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/i'm_intouch_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of I'm InTouch RMM tool""}]",https://www.01com.com/mobile/imintouch-remote-pc-desktop/faqs/remote-access/,[] RustDesk,,RustDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rustdesk*.exe, rustdesk.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""rustdesk.com"", ""user_managed"", ""web.rustdesk.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of RustDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rustdesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RustDesk RMM tool""}]",https://rustdesk.com/docs/en/,[] -Electric AI (Kaseya),,Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://www.electric.ai/product/device-management-solutions - Usess Kaseya/jamf,[] +Electric AI (Kaseya),,Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""electric.ai""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml"", ""Description"": ""Detects potential network activity of Electric RMM tool""}]",https://www.electric.ai/product/device-management-solutions - Usess Kaseya/jamf,[] ZOC,,ZOC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\ZOC8\*, *\ZOC?\*, *\zoc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ZOC RMM tool""}]",,[] Any Support,,Any Support is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/27/2024,,,,,,,,,,,,ManualLauncher.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.anysupport.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_network_sigma.yml"", ""Description"": ""Detects potential network activity of Any Support RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/any_support_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Any Support RMM tool""}]",https://www.anysupport.net/introduce_howto.php,[] PDQ Connect,,PDQ Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,pdq-connect*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""app.pdq.com"", ""cfcdn.pdq.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of PDQ Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pdq_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PDQ Connect RMM tool""}]",https://connect.pdq.com/hc/en-us/articles/9518992071707-Network-Requirements,[] Pcnow,,Pcnow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"mwcliun.exe, pcnmgr.exe, webexpcnow.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""au.pcmag.com/utilities/21470/webex-pcnow""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pcnow RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcnow_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pcnow RMM tool""}]",http://pcnow.webex.com/ - DOA as of 2024,[] -Quick Assist,,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Quick Assist RMM tool""}]",,[] Seetrol,,Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"seetrolcenter.exe, seetrolclient.exe, seetrolmyservice.exe, seetrolremote.exe, seetrolsetting.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""seetrol.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_network_sigma.yml"", ""Description"": ""Detects potential network activity of Seetrol RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/seetrol_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Seetrol RMM tool""}]",http://www.seetrol.com/en/features/features3.php,[] CarotDAV,,CarotDAV is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Rei Software\CarotDAV\*, *\Rei Software\CarotDAV\*, *\CarotDAV.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/carotdav_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CarotDAV RMM tool""}]",,[] Goverlan,,Goverlan is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"goverrmc.exe, govsrv*.exe, GovAgentInstallHelper.exe, GovAgentx64.exe, GovReachClient.exe, C:\Program Files (x86)\PJ Technologies\GOVsrv\*, *\PJ Technologies\GOVsrv\*, *\GovSrv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""goverlan.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_network_sigma.yml"", ""Description"": ""Detects potential network activity of Goverlan RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goverlan_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Goverlan RMM tool""}]",https://www.goverlan.com/pdf/Goverlan-Remote-Control-Software.pdf,[] @@ -22,19 +21,14 @@ Remote Desktop Manager (Devolutions),,Remote Desktop Manager (Devolutions) is a BeyondTrust (Bomgar),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"bomgar-scc-*.exe, bomgar-scc.exe, bomgar-pac-*.exe, bomgar-pac.exe, bomgar-rdp.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.beyondtrustcloud.com"", ""*.bomgarcloud.com"", ""bomgarcloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml"", ""Description"": ""Detects potential network activity of BeyondTrust (Bomgar) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeyondTrust (Bomgar) RMM tool""}]",https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm,[] Alpemix,,"Alpemix is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. ",Nasreddine Bencherchali,2024-08-05,2024-08-05,https://www.alpemix.com/en/Home,Alpemix.exe,Alpemix,Alpemix,Alpemix,,,,"Windows, Linux, Android, Mac, IOS","5 Different Solutions for Remote Support, Access to Unattended Computers, Access to User Account Control (UAC) Screens, Add Your Own Logo, Auto Sizing, Automatic Update, Clipboard Transfer, Computer Independent Licensing, Contact List and Groups, Encrypted Communication, External Communication Barrier, File Transfer, Instant Messaging, Multi-Platform Support, Multiple Chat, Multiple Connections, No Port Forwarding Required, Peer to Peer Connection (p2p), Receiving Offline Message, Remote Restart, ReportingRestricting The Authority, Screen Sharing, Sending Announcement Message, Sharing a certain part of the screen, Video Recording, Voice Communication, Who is currently supporting?, Working in Black Screen Mode",,"C:\AlpemixService.exe, C:\AlpemixSrvc\","{""Disk"": [{""File"": ""%localappdata%\\Alpemix\\Alpemix.ini"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""AlpemixSrvc"", ""ImagePath"": ""*\\Alpemix.exe servicestartxxx"", ""Description"": ""Service installation event as result of Alpemix installation.""}], ""Registry"": [{""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\AlpemixSrvcx"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.alpemix.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.teknopars.com""], ""Ports"": [80]}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Alpemix RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_network_sigma.yml"", ""Description"": ""Detects potential network activity of Alpemix RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_files_sigma.yml"", ""Description"": ""Detects potential files activity of Alpemix RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/alpemix_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Alpemix RMM tool""}]",https://www.alpemix.com/en/remote-access,"[{""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]" -CloudBerry Explorer,,CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\CloudBerryLab\CloudBerry Drive\*, *\CloudBerryLab\CloudBerry Drive\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Auvik,,Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"auvik.engine.exe, auvik.agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.my.auvik.com"", ""*.auvik.com"", ""auvik.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_network_sigma.yml"", ""Description"": ""Detects potential network activity of Auvik RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/auvik_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Auvik RMM tool""}]",https://support.auvik.com/hc/en-us/articles/204315700-What-protocols-and-ports-does-the-Auvik-collector-use,[] -Microsoft RDP,,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"termsrv.exe, mstsc.exe, Microsoft Remote Desktop","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft RDP RMM tool""}]",https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows,[] -Microsoft OneDrive,,Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Tactical RMM,,Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"tacticalrmm.exe, tacticalrmm.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""login.tailscale.com"", ""login.tailscale.com"", ""docs.tacticalrmm.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tactical RMM RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tactical_rmm_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Tactical RMM RMM tool""}]",docs.tacticalrmm.com,[] MioNet (WD Anywhere Access),,MioNet (WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"mionet.exe, mionetmanager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mionet__wd_anywhere_access__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MioNet (WD Anywhere Access) RMM tool""}]",https://en.wikipedia.org/wiki/WD_Anywhere_Access - DOA as of 2016,[] Comodo RMM,,Comodo RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"itsmagent.exe, rviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.itsm-us1.comodo.com"", ""*mdmsupport.comodo.com"", ""one.comodo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_network_sigma.yml"", ""Description"": ""Detects potential network activity of Comodo RMM RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/comodo_rmm_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Comodo RMM RMM tool""}]","https://help.itarian.com/topic-459-1-1005-14776-Appendix-1b---Endpoint-Manager-Services---IP-Nos,-Host-Names-and-Port-Details---US-Customers.html",[] Pocket Controller,,Pocket Controller is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"pocketcontroller.exe, pocketcloudservice.exe, wysebrowser.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""soti.net/products/soti-pocket-controller""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pocket Controller RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pocket Controller RMM tool""}]",,[] NordLocker,,NordLocker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -ExpanDrive,,ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\ExpanDrive.exe, *\ExpanDrive.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/expandrive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ExpanDrive RMM tool""}]",,[] OCS inventory,,OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"ocsinventory.exe, ocsservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ocsinventory-ng.org""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_network_sigma.yml"", ""Description"": ""Detects potential network activity of OCS inventory RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ocs_inventory_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of OCS inventory RMM tool""}]",https://ocsinventory-ng.org/?page_id=878&lang=en,[] GotoHTTP,,GotoHTTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"GotoHTTP_x64.exe, gotohttp.exe, GotoHTTP*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.gotohttp.com"", ""gotohttp.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_network_sigma.yml"", ""Description"": ""Detects potential network activity of GotoHTTP RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gotohttp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GotoHTTP RMM tool""}]",https://gotohttp.com/goto/help.12x,[] -CloudXplorer,,CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\ClumsyLeaf Software\CloudXplorer\*, *\ClumsyLeaf Software\CloudXplorer\*, *\clumsyleaf.cloudxplorer*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudxplorer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudXplorer RMM tool""}]",,[] Terminals,,Terminals is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] RPort,,RPort is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,rport.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""rport.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rport_network_sigma.yml"", ""Description"": ""Detects potential network activity of RPort RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rport_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RPort RMM tool""}]",https://kb.rport.io/using-the-remote-access,[] CentraStage (Now Datto),,CentraStage (Now Datto) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"CagService.exe, AEMAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.rmm.datto.com"", ""*cc.centrastage.net"", ""datto.com/au/products/rmm/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__network_sigma.yml"", ""Description"": ""Detects potential network activity of CentraStage (Now Datto) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/centrastage__now_datto__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CentraStage (Now Datto) RMM tool""}]",https://rmm.datto.com/help/de/Content/1INTRODUCTION/Requirements/AllowListRequirements.htm,[] @@ -46,17 +40,12 @@ LabTech RMM (Now ConnectWise Automate),,LabTech RMM (Now ConnectWise Automate) i ScreenMeet,,ScreenMeet is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"ScreenMeetSupport.exe, ScreenMeet.Support.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.screenmeet.com"", ""*.scrn.mt""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_network_sigma.yml"", ""Description"": ""Detects potential network activity of ScreenMeet RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenmeet_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ScreenMeet RMM tool""}]",https://docs.screenmeet.com/docs/firewall-white-list,[] RES Automation Manager,,RES Automation Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"wisshell*.exe, wmc.exe, wmc_deployer.exe, wmcsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ivanti.com/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_network_sigma.yml"", ""Description"": ""Detects potential network activity of RES Automation Manager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/res_automation_manager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RES Automation Manager RMM tool""}]",https://forums.ivanti.com/s/article/INFO-Which-ports-does-Ivanti-Automation-use?language=en_US&ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1,[] Anyplace Control,,Anyplace Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,apc_host.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""anyplace-control.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of Anyplace Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anyplace_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Anyplace Control RMM tool""}]",http://www.anyplace-control.com/anyplace-control/help/faq.htm,[] -Dropbox,,Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Dropbox\Client\*, *\Dropbox\Client\*, *\Dropbox.exe, *Users\*\Dropbox\bin\","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dropbox_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Dropbox RMM tool""}]",,[] TightVNC,,TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"tvnviewer.exe, TightVNCViewerPortable*.exe, tvnserver.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""tightvnc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of TightVNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tightvnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TightVNC RMM tool""}]",https://www.tightvnc.com/doc/win/TightVNC_for_Windows-Installation_and_Getting_Started.pdf,[] LiteManager,,LiteManager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"lmnoipserver.exe, ROMFUSClient.exe, romfusclient.exe, romviewer.exe, romserver.exe, ROMServer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.litemanager.ru"", ""*.litemanager.com"", ""litemanager.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_network_sigma.yml"", ""Description"": ""Detects potential network activity of LiteManager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/litemanager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LiteManager RMM tool""}]",https://www.litemanager.com/articles/LiteManager_remote_access_to_a_desktop_via_the_Internet_or_LAN/,[] -Box,,Box is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Box\Box\*, *\Box\Box\*, *\Box.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/box_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Box RMM tool""}]",,[] Sophos-Remote Management System,,Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"clientmrinit.exe, mgntsvc.exe, routernt.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.sophos.com"", ""*.sophosupd.com"", ""*.sophosupd.net"", ""community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_network_sigma.yml"", ""Description"": ""Detects potential network activity of Sophos-Remote Management System RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sophos-remote_management_system_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Sophos-Remote Management System RMM tool""}]",community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system,[] ManageEngine,,ManageEngine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"InstallShield Setup.exe, ManageEngine_Remote_Access_Plus.exe, *\dcagentservice.exe, C:\Program Files (x86)\DesktopCentral_Agent\bin\*, *\DesktopCentral_Agent\bin\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ManageEngine RMM tool""}]",,[] -Cloud Explorer,,Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Splashtop Remote,,Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"strwinclt.exe, Splashtop_Streamer_Windows*.exe, SplashtopSOS.exe, sragent.exe, srmanager.exe, srserver.exe, srservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""splashtop.com"", ""*.api.splashtop.com"", ""*.relay.splashtop.com"", ""*.api.splashtop.eu""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_network_sigma.yml"", ""Description"": ""Detects potential network activity of Splashtop Remote RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_remote_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Splashtop Remote RMM tool""}]",https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/115001811966-What-are-the-Firewall-Exceptions-and-IP-addresses-of-Splashtop-servers-Services,[] -Dameware-mini remote control Protocol,,Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"dntus*.exe, dwrcs.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""dameware.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml"", ""Description"": ""Detects potential network activity of Dameware-mini remote control Protocol RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Dameware-mini remote control Protocol RMM tool""}]",,[] rdp2tcp,,rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"tdp2tcp.exe, rdp2tcp.py","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""github.com/V-E-O/rdp2tcp""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_network_sigma.yml"", ""Description"": ""Detects potential network activity of rdp2tcp RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdp2tcp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of rdp2tcp RMM tool""}]",github.com/V-E-O/rdp2tcp,[] -FleetDesk.io,,FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"fleetdeck_agent_svc.exe, fleetdeck_commander_svc.exe, fleetdeck_installer.exe, fleetdeck_agent.exe, fleetdeck_commander_launcher.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fleetdeck.io"", ""cognito-idp.us-west-2.amazonaws.com"", ""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDesk.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDesk.io RMM tool""}]",https://fleetdeck.io/faq/,[] Jump Cloud,,Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,JumpCloud*.exe ,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.api.jumpcloud.com"", ""*.assist.jumpcloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_cloud_network_sigma.yml"", ""Description"": ""Detects potential network activity of Jump Cloud RMM tool""}]",https://jumpcloud.com/support/understand-remote-assist-agent,[] RuDesktop,,RuDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rd.exe, rudesktop*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.rudesktop.ru"", ""rudesktop.ru""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of RuDesktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rudesktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RuDesktop RMM tool""}]",https://rudesktop.ru,[] LogMeIn,,"LogMeIn is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. @@ -65,21 +54,17 @@ SmartFTP,,SmartFTP is a remote monitoring and management (RMM) tool. More inform NetSupport Manager,,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pcictlui.exe, pcicfgui.exe, client32.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.netsupportmanager.com"", ""netsupportmanager.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_network_sigma.yml"", ""Description"": ""Detects potential network activity of NetSupport Manager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NetSupport Manager RMM tool""}]",https://www.netsupportmanager.com/resources/,[] Pocket Cloud (Wyse),,Pocket Cloud (Wyse) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pocketcloud*.exe, pocketcloudservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_cloud__wyse__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pocket Cloud (Wyse) RMM tool""}]",https://wyse-pocketcloud.informer.com/2.1/,[] Guacamole,,Guacamole is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,guacd.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""guacamole.apache.org""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_network_sigma.yml"", ""Description"": ""Detects potential network activity of Guacamole RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/guacamole_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Guacamole RMM tool""}]",guacamole.apache.org,[] -Cloudsfer,,Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] LANDesk,,LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"issuser.exe, landeskagentbootstrap.exe, LANDeskPortalManager.exe, ldinv32.exe, ldsensors.exe, C:\Program Files (x86)\LANDesk\*, *\LANDesk\*, *\issuser.exe, *\softmon.exe, *\tmcsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ivanticloud.com"", ""*.ivanti.com"", ""ivanti.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of LANDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/landesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LANDesk RMM tool""}]",https://forums.ivanti.com/s/article/URL-exception-list-for-Ivanti-Security-Controls?language=en_US,[] -Cruz,,Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""resources.doradosoftware.com/cruz-rmm""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cruz_network_sigma.yml"", ""Description"": ""Detects potential network activity of Cruz RMM tool""}]",,[] pcAnywhere,,pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"awhost32.exe, awrem32.exe, pcaquickconnect.exe, winaw32.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_network_sigma.yml"", ""Description"": ""Detects potential network activity of pcAnywhere RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcanywhere_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of pcAnywhere RMM tool""}]",https://en.wikipedia.org/wiki/PcAnywhere,[] mstsc,,mstsc is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Windows\System32\mstsc.exe, *Windows\System32\mstsc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mstsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of mstsc RMM tool""}]",,[] FreeNX,,FreeNX is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\nxplayer.exe, *\nxplayer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freenx_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FreeNX RMM tool""}]",,[] PSEXEC (Clone),,PSEXEC (Clone) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"paexec.exe, PAExec-*.exe, csexec.exe , remcom.exe, remcomsvc.exe, xcmd.exe, xcmdsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__network_sigma.yml"", ""Description"": ""Detects potential network activity of PSEXEC (Clone) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/psexec__clone__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PSEXEC (Clone) RMM tool""}]",https://www.poweradmin.com/paexec/,[] SpyAnywhere,,SpyAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,sysdiag.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.spytech-web.com"", ""spyanywhere.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_network_sigma.yml"", ""Description"": ""Detects potential network activity of SpyAnywhere RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/spyanywhere_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SpyAnywhere RMM tool""}]",https://www.spyanywhere.com/support.shtml,[] -ODrive,,ODrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\current\, *Users\*\.odrive, *\Odriveapp.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/odrive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ODrive RMM tool""}]",,[] MultCloud,,MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"requires sign up, requires sign up","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Visual Studio Dev Tunnel,,Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""global.rel.tunnels.api.visualstudio.com"", ""*.rel.tunnels.api.visualstudio.com"", ""*.devtunnels.ms""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/visual_studio_dev_tunnel_network_sigma.yml"", ""Description"": ""Detects potential network activity of Visual Studio Dev Tunnel RMM tool""}]",https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/security,[] Xpra,,Xpra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Xpra\*, *\Xpra\*, *\Xpra-Launcher.exe, *\Xpra-x86_64_Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xpra_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Xpra RMM tool""}]",,[] Royal Apps,,Royal Apps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"royalserver.exe, royalts.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal Apps RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_apps_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Royal Apps RMM tool""}]",https://www.royalapps.com/ts/win/download,[] eHorus,,eHorus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,ehorus standalone.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""ehorus.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_network_sigma.yml"", ""Description"": ""Detects potential network activity of eHorus RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ehorus_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of eHorus RMM tool""}]",,[] -Bomgar,,Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,bomgar-scc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""beyondtrust.com/brand/bomgar""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_network_sigma.yml"", ""Description"": ""Detects potential network activity of Bomgar RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Bomgar RMM tool""}]",,[] SuperPuTTY,,SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Downloads\SuperPuTTY\*, *Downloads\SuperPuTTY\*, *\superputty.exe, *\SuperPuTTY\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/superputty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SuperPuTTY RMM tool""}]",,[] ZeroTier,,ZeroTier is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"zerotier*.msi, zerotier*.exe, zero-powershell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""zerotier.com"", ""*.zerotier.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_network_sigma.yml"", ""Description"": ""Detects potential network activity of ZeroTier RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zerotier_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ZeroTier RMM tool""}]",https://my.zerotier.com/,[] Devolutions Remote Desktop Manager,,Devolutions Remote Desktop Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] @@ -89,15 +74,11 @@ AnyDesk,RMM,"AnyDesk is a popular remote desktop software that enables users to ","Ali Alwashali, Nasreddine Bencherchali",2023-09-29,2024-08-02,https://anydesk.com/en,anydesk.exe,AnyDesk.exe,AnyDesk,AnyDesk,User,True,False,"Android, ChromeOS, IOS, Linux, Mac, Windows","File Transfer, File System Access, Remote Control, GUI Support, Command line Support",https://www.cvedetails.com/vulnerability-list/vendor_id-16953/product_id-40173/Anydesk-Anydesk.html,"C:\Program Files (x86)\AnyDesk\*, C:\Program Files\AnyDesk\*","{""Disk"": [{""File"": ""%programdata%\\AnyDesk\\ad_svc.trace"", ""Description"": ""AnyDesk service log file. As well as ad.trace, we can determine the IP address of the other participant and its AnyDesk ID when a connection is established."", ""OS"": ""Windows"", ""Example"": [""info 2022-08-23 10:20:11.969 gsvc 4628 3528 3 anynet.relay_conn - External address: 34.xx.xx.123:46798""]}, {""File"": ""%programdata%\\AnyDesk\\connection_trace.txt"", ""Description"": ""Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)"", ""OS"": ""Windows"", ""Example"": [""Incoming 2022-08-23, 10:23 Passwd 547911884 547911884"", ""Incoming 2022-09-28, 12:39 User 442226597 442226597""]}, {""File"": ""%APPDATA%\\AnyDesk\\connection_trace.txt"", ""Description"": ""Incoming connection logs, contains IP Address of the remote machine and file transfer activity. Only generated on target side. The content indicates how the connection was approved (e.g. the local user authorized it, or a password was used)"", ""OS"": ""Windows"", ""Example"": [""Incoming 2022-08-23, 10:23 Passwd 547911884 547911884"", ""Incoming 2022-09-28, 12:39 User 442226597 442226597""]}, {""File"": ""%APPDATA%\\AnyDesk\\ad.trace"", ""Description"": ""AnyDesk user interface log file. In this log file, we can determine the IP address of the other participant and its AnyDesk ID. It is also possible to track events of file transfer. Below is the Client ID and external IP address of the remote participant."", ""OS"": ""Windows"", ""Example"": [""info 2022-09-28 12:39:26.845 lsvc 9952 9944 21 anynet.any_socket - Client-ID: 442226597 (FPR: 8e28a2a25b30)."", ""info 2022-09-28 12:39:26.845 lsvc 9952 9944 21 anynet.any_socket - Logged in from 12.xx.xx.21:59562 on relay 80e496c0.""]}, {""File"": ""%APPDATA%\\AnyDesk\\chat\\*.txt"", ""Description"": ""If the chat functionality is used, its entries will be printed in a text file in this folder."", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\AnyDesk\\user.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\AnyDesk\\service.conf"", ""Description"": ""Password can be set to auto-validate the session. The password will be saved in a salted hash format."", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\AnyDesk\\service.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\AnyDesk\\system.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\AnyDesk\\system.conf"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\AnyDesk.lnk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\AnyDesk\\Uninstall AnyDesk.lnk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\Videos\\AnyDesk\\*.anydesk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\AnyDesk\\*"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""~/Library/Application Support/AnyDesk/Logs/"", ""Description"": ""N/A"", ""OS"": ""Mac""}, {""File"": ""~/.config/AnyDesk/Logs/"", ""Description"": ""N/A"", ""OS"": ""Linux""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""AnyDesk Service"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\AnyDesk\\\\AnyDesk.exe\"" --service"", ""Description"": ""Service installation event as result of AnyDesk installation.""}], ""Registry"": [{""Path"": ""HKLM\\SOFTWARE\\Clients\\Media\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Classes\\.anydesk\\shell\\open\\command"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Classes\\AnyDesk\\shell\\open\\command"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\AnyDesk Printer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\USBPRINT\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\DRIVERS\\DriverDatabase\\DeviceIds\\WSDPRINT\\AnyDesk"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AnyDesk"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""During setup the boot.net.anydesk.com domain is request over port 443"", ""Domains"": [""boot.net.anydesk.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""relay-[a-f0-9]{8}.net.anydesk.com:443""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""*.anydesk.com""], ""Ports"": [443]}], ""Other"": [{""Type"": ""User-Agent"", ""Value"": ""AnyDesk/*""}, {""Type"": ""NamedPipe"", ""Value"": ""adprinterpipe""}]}","[{""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/builtin/system/service_control_manager/win_system_service_install_anydesk.yml"", ""Description"": ""Anydesk Remote Access Software Service Installation""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/file/file_event/file_event_win_anydesk_artefact.yml"", ""Description"": ""N/A""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk.yml"", ""Description"": ""N/A""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk_silent_install.yml"", ""Description"": ""Remote Access Tool - AnyDesk Silent Installation""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of AnyDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of AnyDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/anydesk_files_sigma.yml"", ""Description"": ""Detects potential files activity of AnyDesk RMM tool""}]","https://support.anydesk.com/knowledge/firewall, https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html, https://github.com/mthcht/awesome-lists/tree/79ced75eebe53bcabf1235b3c17eb11788875482/Lists/RMM/anydesk, https://ruler-project.github.io/ruler-project/RULER/remote/AnyDesk/","[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}, {""Person"": ""Ali Alwashali"", ""Handle"": ""@ali_alwashali""}, {""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]" Free Ping Tool,,Free Ping Tool is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"can't find this one, can't find this one","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] S3 Browser,,S3 Browser is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\S3 Browser\*, *\S3 Browser\*, *\s3browser*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/s3_browser_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of S3 Browser RMM tool""}]",,[] -Azure Storage Explorer,,Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Microsoft Azure Storage Explorer\*, *\Microsoft Azure Storage Explorer\*, *\StorageExplorer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/azure_storage_explorer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Azure Storage Explorer RMM tool""}]",,[] NinjaOne (formerly NinjaRMM),,NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,*ProgramData\NinjaRMMAgent\*,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Adobe Connect,,Adobe Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/27/2024,,,,,,,,,,,,"ConnectAppSetup*.exe, ConnectShellSetup*.exe, Connect.exe, ConnectDetector.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.adobeconnect.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of Adobe Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/adobe_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Adobe Connect RMM tool""}]",https://helpx.adobe.com/adobe-connect/firewall-proxy-server-configuration-adobe-connect.html,[] -CloudHQ,,CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -Raidrive,,Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\OpenBoxLab\RaiDrive\*, *\OpenBoxLab\RaiDrive\*, service = raidrive_*, Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenBoxLab\RaiDrive\Drives","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] RemotePC,,RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"C:\Program Files (x86)\RemotePC\*, Idrive.File-Transfer, *\RemotePC\*, remotepcservice.exe, RemotePC.exe, remotepchost.exe, idrive.RemotePCAgent, rpcsuite.exe, *\RemotePCService.exe, RemotePCService.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.remotedesktop.com"", ""*.remotepc.com"", ""www.remotepc.com"", ""remotepc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemotePC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remotepc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemotePC RMM tool""}]",https://www.remotedesktop.com/helpdesk/faq-firewall,[] LogMeIn rescue,,LogMeIn rescue is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"support-logmeinrescue*.exe, support-logmeinrescue.exe, lmi_rescue.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.logmeinrescue.com"", ""*.logmeinrescue.eu"", ""logmeinrescue.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_network_sigma.yml"", ""Description"": ""Detects potential network activity of LogMeIn rescue RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/logmein_rescue_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of LogMeIn rescue RMM tool""}]",https://support.logmeinrescue.com/rescue/help/allowlisting-and-rescue,[] UltraViewer,,UltraViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"UltraViewer_Service.exe, UltraViewer_setup*, UltraViewer_Desktop.exe, ultraviewer.exe, C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe, *\UltraViewer\, *\UltraViewer_Desktop.exe, ultraviewer_desktop.exe, ultraviewer_service.exe, UltraViewer_Desktop.exe, UltraViewer_setup*, UltraViewer_Service.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""* .ultraviewer.net"", ""ultraviewer.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of UltraViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultraviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of UltraViewer RMM tool""}]",https://www.ultraviewer.net/en/200000026-summary-of-ultraviewer-s-security-information.html,[] -aria2,,aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\ProgramData\CentraStage\AEMAgent\*, *ProgramData\CentraStage\AEMAgent\*, *\Steinberg\Download Assistant\3rd Party\optional\aria2\*, *\aria2c.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aria2_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of aria2 RMM tool""}]",,[] Pandora RC (eHorus),,Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"ehorus standalone.exe, ehorus_agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""portal.ehorus.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__network_sigma.yml"", ""Description"": ""Detects potential network activity of Pandora RC (eHorus) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pandora_rc__ehorus__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pandora RC (eHorus) RMM tool""}]",https://pandorafms.com/manual/!current/en/documentation/09_pandora_rc/01_pandora_rc_introduction,[] IntelliAdmin Remote Control,,IntelliAdmin Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"iadmin.exe, intelliadmin.exe, agent32.exe, agent64.exe, agent_setup_5.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""*.intelliadmin.com"", ""intelliadmin.com/remote-control""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of IntelliAdmin Remote Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/intelliadmin_remote_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of IntelliAdmin Remote Control RMM tool""}]",intelliadmin.com/remote-control,[] MEGAsync,,MEGAsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Local\MEGAsync\*, *Users\*\AppData\Local\MEGAsync\*, *Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*, *ProgramData\MEGAsync\*, *\MEGAsyncSetup64.exe, *\MEGAupdater.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/megasync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MEGAsync RMM tool""}]",,[] @@ -110,7 +91,6 @@ Ericom Connect,,Ericom Connect is a remote monitoring and management (RMM) tool. TeamViewer,,"TeamViewer is a remote monitoring and management (RMM) tool. ","Nasreddine Bencherchali, Michael Haag",2024-08-02,2024-08-02,https://www.teamviewer.com/en,TeamViewer.exe,,,TeamViewer,user,True,False,"Android, ChromeOS, IOS, Linux, Mac, Windows",,https://www.cvedetails.com/vulnerability-list/vendor_id-11100/product_id-19942/Teamviewer-Teamviewer.html,"C:\Program Files\TeamViewer\, teamviewer_desktop.exe, teamviewer_service.exe, teamviewerhost","{""Disk"": [{""File"": ""C:\\Users\\\\AppData\\Local\\Temp\\TeamViewer\\TV15Install.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""TeamViewer\\d\\d_Logfile\\.log"", ""Description"": ""N/A"", ""OS"": ""Windows"", ""Type"": ""Regex""}, {""File"": ""C:\\Program Files\\TeamViewer\\Connections_incoming.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\TeamViewer\\TVNetwork.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%LOCALAPPDATA%\\Temp\\TeamViewer\\TV15Install.log"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%APPDATA%\\\\TeamViewer\\\\TeamViewer\\d\\d_Logfile\\.log"", ""Description"": ""N/A"", ""OS"": ""Windows"", ""Type"": ""Regex""}, {""File"": ""teamviewerqs.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""tv_w32.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""tv_w64.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""tv_x64.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""teamviewer.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""teamviewer_service.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%LOCALAPPDATA%\\TeamViewer\\Database\\tvchatfilecache.db"", ""Description"": ""SQlite 3 database storing cache about TeamViewer chat"", ""OS"": ""Windows""}, {""File"": ""%LOCALAPPDATA%\\TeamViewer\\RemotePrinting\\tvprint.db"", ""Description"": ""SQlite 3 database storing TeamViewer print jobs"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\TeamViewer.lnk"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files*\\TeamViewer\\connections*.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\AppData\\Roaming\\TeamViewer\\MRU\\RemoteSupport\\*tvc"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""TeamViewer"", ""ImagePath"": ""\""C:\\\\Program Files\\\\TeamViewer\\\\TeamViewer_Service.exe\"""", ""Description"": ""Service installation event as result of TeamViewer installation.""}], ""Registry"": [{""Path"": ""HKLM\\SOFTWARE\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKU\\\\SOFTWARE\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\TeamViewer\\*"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MainWindowHandle"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImage"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePath"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\DesktopWallpaperSingleImagePosition"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MinimizeToTray"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedCapturingEndpoint"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioSendingVolumeV2"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\MultiMedia\\AudioUserSelectedRenderingEndpoint"", ""Description"": ""N/A""}, {""Path"": ""HKLM\\SOFTWARE\\TeamViewer\\ConnectionHistory"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindow_Mode"", ""Description"": ""N/A""}, {""Path"": ""HKU\\SID\\SOFTWARE\\TeamViewer\\ClientWindowPositions"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.teamviewer.com""], ""Ports"": []}, {""Description"": ""N/A"", ""Domains"": [""router15.teamviewer.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""client.teamviewer.com""], ""Ports"": [443]}, {""Description"": ""N/A"", ""Domains"": [""taf.teamviewer.com""], ""Ports"": [443]}], ""Other"": [{""Type"": ""Mutex"", ""Value"": ""TeamViewer_LogMutex""}, {""Type"": ""Mutex"", ""Value"": ""TeamViewerHooks_DynamicMemMutex""}, {""Type"": ""Mutex"", ""Value"": ""TeamViewer3_Win32_Instance_Mutex""}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of TeamViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of TeamViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_files_sigma.yml"", ""Description"": ""Detects potential files activity of TeamViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teamviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TeamViewer RMM tool""}]","https://community.teamviewer.com/English/kb/articles/4139-ports-used-by-teamviewer, https://arista.my.site.com/AristaCommunity/s/article/Security-Analysis-TeamViewer#, https://www.teamviewer.com/en/global/support/knowledge-base/teamviewer-classic/troubleshooting/log-file-reading-incoming-connection/, https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html, https://github.com/Purp1eW0lf/Blue-Team-Notes","[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}]" Access Remote PC,,Access Remote PC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"rpcgrab.exe, rpcsetup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/access_remote_pc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Access Remote PC RMM tool""}]",,[] -DW Service,,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"dwagent.exe, dwagsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.dwservice.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml"", ""Description"": ""Detects potential network activity of DW Service RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DW Service RMM tool""}]",https://news.dwservice.net/dwservice-security-infrastructure/,[] SecureCRT,,SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\SecureCRT.EXE, *\SecureCRT.EXE, *\VanDyke Software\ClientPack\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/securecrt_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SecureCRT RMM tool""}]",,[] Acronic Cyber Protect (Remotix),,Acronic Cyber Protect (Remotix) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,"AcronisCyberProtectConnectQuickAssist*.exe, AcronisCyberProtectConnectAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""cloud.acronis.com"", ""agents*-cloud.acronis.com"", ""gw.remotix.com"", ""connect.acronis.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__network_sigma.yml"", ""Description"": ""Detects potential network activity of Acronic Cyber Protect (Remotix) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Acronic Cyber Protect (Remotix) RMM tool""}]",https://kb.acronis.com/content/47189,[] Sorillus,,Sorillus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Sorillus-Launcher*.exe, Sorillus Launcher.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.sorillus.com"", ""sorillus.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_network_sigma.yml"", ""Description"": ""Detects potential network activity of Sorillus RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/sorillus_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Sorillus RMM tool""}]",https://sorillus.com/,[] @@ -120,63 +100,48 @@ RemoteCall,,RemoteCall is a remote monitoring and management (RMM) tool. More in Splashtop,,Splashtop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,Nasreddine Bencherchali,,,,,,,,,,,,,,"C:\Program Files (x86)\Splashtop\*, *\Splashtop\Splashtop Remote\Client for RMM\*, strwinclt.exe","{""Disk"": [{""File"": ""C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Status%4Operational.evtx"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\windows\\System32\\winevt\\Logs\\Splashtop-Splashtop Streamer-Remote Session%4Operational.evtx"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""%PROGRAMDATA%\\Splashtop\\Temp\\log\\FTCLog.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\agent_log.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\SPLog.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\svcinfo.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\log\\sysinfo.txt"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRService.exe"", ""Description"": ""Splashtop Remote Service"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRAgent.exe"", ""Description"": ""SplashTop Remote Agent"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Software Updater\\SSUAgent.exe"", ""Description"": ""Splashtop Updater"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRUtility.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe"", ""Description"": ""N/A"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files (x86)\\Splashtop\\Splashtop Remote\\Server\\db\\SRAgent.sqlite3"", ""Description"": ""N/A"", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""Splashtop Software Updater Service"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Software Updater\\\\SSUService.exe\"""", ""Description"": ""Service installation event as result of Splashtop Software Updater Service installation.""}, {""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""Splashtop\u00ae Remote Service"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"""", ""Description"": ""Service installation event as result of Splashtop Remote Service installation.""}, {""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""SplashtopRemoteService"", ""ImagePath"": ""\""C:\\\\Program Files (x86)\\\\Splashtop\\\\Splashtop Remote\\\\Server\\\\SRService.exe\"""", ""Description"": ""Service installation event as result of Splashtop Remote Service installation.""}], ""Registry"": [{""Path"": ""KLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\*"", ""Description"": ""Splashtop Inc. registry key""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater"", ""Description"": ""Splashtop Software Updater uninstall key""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Services\\SplashtopRemoteService"", ""Description"": ""Splashtop Remote Service registry key""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Remote Session/Operational"", ""Description"": ""Splashtop Streamer Remote Session event log channel""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels\\Splashtop-Splashtop Streamer-Status/Operational"", ""Description"": ""Splashtop Streamer Status event log channel""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Splashtop Software Updater\\InstallRefCount"", ""Description"": ""Splashtop Software Updater install reference count""}, {""Path"": ""HKLM\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Network\\SplashtopRemoteService"", ""Description"": ""Splashtop Remote Service safe boot configuration""}, {""Path"": ""HKU\\.DEFAULT\\Software\\Splashtop Inc.\\*"", ""Description"": ""Default user Splashtop Inc. registry key""}, {""Path"": ""HKU\\SID\\Software\\Splashtop Inc.\\*"", ""Description"": ""User-specific Splashtop Inc. registry key""}, {""Path"": ""HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\Splashtop PDF Remote Printer"", ""Description"": ""Splashtop PDF Remote Printer configuration""}, {""Path"": ""HKLM\\SOFTWARE\\WOW6432Node\\Splashtop Inc.\\Splashtop Remote Server\\ClientInfo\\*"", ""Description"": ""Splashtop Remote Server client information""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""*.splashtop.com""], ""Ports"": [""N/A""]}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of Splashtop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Splashtop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_files_sigma.yml"", ""Description"": ""Detects potential files activity of Splashtop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Splashtop RMM tool""}]",https://www.synacktiv.com/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects.html,"[{""Person"": ""Th\u00e9o Letailleur"", ""Handle"": ""in/theosyn""}]" ManageEngine RMM Central,,ManageEngine RMM Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""manageengine.com/remote-monitoring-management/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manageengine_rmm_central_network_sigma.yml"", ""Description"": ""Detects potential network activity of ManageEngine RMM Central RMM tool""}]",,[] AeroAdmin,,AeroAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"aeroadmin.exe, AeroAdmin.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""auth*.aeroadmin.com"", ""aeroadmin.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_network_sigma.yml"", ""Description"": ""Detects potential network activity of AeroAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aeroadmin_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AeroAdmin RMM tool""}]",https://support.aeroadmin.com/kb/faq.php?id=58,[] -Microsoft TSC,,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"termsrv.exe, mstsc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft TSC RMM tool""}]",https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application,[] -AweRay (AweSun),,AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"aweray_remote*.exe, AweSun.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""asapi-us.aweray.net"", ""asapi.aweray.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__network_sigma.yml"", ""Description"": ""Detects potential network activity of AweRay (AweSun) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of AweRay (AweSun) RMM tool""}]",,[] NoMachine,,NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nomachine*.exe, nxservice*.ese, nxd.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""nomachine.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_network_sigma.yml"", ""Description"": ""Detects potential network activity of NoMachine RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nomachine_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NoMachine RMM tool""}]",https://kb.nomachine.com/AR04S01122,[] UltraVNC,,UltraVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,UltraVNC*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""ultravnc.com"", ""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of UltraVNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultravnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of UltraVNC RMM tool""}]",https://uvnc.com/docs/uvnc-server/49-UltraVNC-server-configuration.html,[] -TeraCLOUD,,TeraCLOUD is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"c:\*\TeraCloud.Client*, *\TeraCloud.Client*, *\Livedrive-Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teracloud_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TeraCLOUD RMM tool""}]",,[] Instant Housecall,,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"hsloader.exe, ihcserver.exe, instanthousecall.exe, instanthousecall.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.instanthousecall.com"", ""*.instanthousecall.net"", ""instanthousecall.com"", ""secure.instanthousecall.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_network_sigma.yml"", ""Description"": ""Detects potential network activity of Instant Housecall RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/instant_housecall_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Instant Housecall RMM tool""}]",https://instanthousecall.com/features/,[] NinjaRMM,,NinjaRMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"ninjarmmagent.exe, NinjaRMMAgent.exe, NinjaRMMAgenPatcher.exe, ninjarmm-cli.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ninjarmm.com"", ""*.ninjaone.com"", ""resources.ninjarmm.com"", ""ninjaone.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_network_sigma.yml"", ""Description"": ""Detects potential network activity of NinjaRMM RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ninjarmm_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NinjaRMM RMM tool""}]",https://www.ninjaone.com/faq/,[] ngrok,,ngrok is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"ngrok.exe, C:\*\ngrok.zip, *\ngrok*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ngrok.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_network_sigma.yml"", ""Description"": ""Detects potential network activity of ngrok RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ngrok_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ngrok RMM tool""}]",https://ngrok.com/docs/guides/running-behind-firewalls/,[] -Air Explorer,,Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\airexplorer\*, *\airexplorer\*, *\airexplorer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_explorer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Air Explorer RMM tool""}]",,[] Bitvise SSH Client,,Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Bitvise SSH Client\*, *\Bitvise SSH Client\*, *\BvSshClient-Inst.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_client_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Bitvise SSH Client RMM tool""}]",,[] -Chicken (of the VNC),,Chicken (of the VNC) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] +Chicken (of the VNC),,Chicken (of the VNC) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://github.com/flit/cotvnc,[] SkyFex,,SkyFex is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Deskroll.exe, DeskRollUA.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""skyfex.com"", ""deskroll.com"", ""*.deskroll.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_network_sigma.yml"", ""Description"": ""Detects potential network activity of SkyFex RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/skyfex_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SkyFex RMM tool""}]",https://skyfex.com/,[] Ericom AccessNow,,Ericom AccessNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"accessserver*.exe, accessserver.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""ericom.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_network_sigma.yml"", ""Description"": ""Detects potential network activity of Ericom AccessNow RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ericom_accessnow_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ericom AccessNow RMM tool""}]",https://www.ericom.com/connect-accessnow/,[] -Microsoft RDP,,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,mstsc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft RDP RMM tool""}]",https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows,[] -Royal Server,,Royal Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""royalapps.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_server_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal Server RMM tool""}]",,[] +Microsoft RDP,,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"termsrv.exe, mstsc.exe, Microsoft Remote Desktop","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft RDP RMM tool""}]",https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows,[] +Royal Server,,Royal Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""royalapps.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_server_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal Server RMM tool""}]",https://royalapps.com/server/main/features,[] Solar-PuTTY,,Solar-PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Solar-Putty-v4\*, *\Solar-Putty-v4\*, *\Solar-PuTTY.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/solar-putty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Solar-PuTTY RMM tool""}]",,[] Duplicati,,Duplicati is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"c:\Program Files\*\Duplicati.Server.exe, *\*\Duplicati.Server.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/duplicati_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Duplicati RMM tool""}]",,[] Remote Desktop Plus,,Remote Desktop Plus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,rdp.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""donkz.nl""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote Desktop Plus RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_desktop_plus_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote Desktop Plus RMM tool""}]",https://www.donkz.nl/,[] ITSupport247 (ConnectWise),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,saazapsc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.itsupport247.net"", ""itsupport247.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__network_sigma.yml"", ""Description"": ""Detects potential network activity of ITSupport247 (ConnectWise) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool""}]",https://control.itsupport247.net/,[] -GoodSync,,GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"installation requires paid version of GoodSync Server, installation requires paid version of GoodSync Server, GoodSync-vsub-Setup.exe, A40B81B36CDC2D24910FC58816E50DCDE21BD1A9","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goodsync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GoodSync RMM tool""}]",,[] DesktopNow,,DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,desktopnow.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.nchuser.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_network_sigma.yml"", ""Description"": ""Detects potential network activity of DesktopNow RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktopnow_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DesktopNow RMM tool""}]",https://forums.ivanti.com/s/article/Network-Ports-used-by-Environment-Manager?language=en_US,[] Remmina,,Remmina is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -CloudMounter,,CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\CloudMounter\*, *\CloudMounter\*, *\CloudMounter\*, *\cloudmounter.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudmounter_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudMounter RMM tool""}]",,[] -Distant Desktop,,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"distant-desktop.exe, dd.exe, ddsystem.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.distantdesktop.com"", ""*signalserver.xyz""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Distant Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Distant Desktop RMM tool""}]",https://www.distantdesktop.com/manual/first-start.htm,[] +Distant Desktop,,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"ddsystem.exe, dd.exe, distant-desktop.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.distantdesktop.com"", ""*signalserver.xyz""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Distant Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Distant Desktop RMM tool""}]",https://www.distantdesktop.com/manual/first-start.htm,[] DameWare,,DameWare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"SolarWinds-Dameware-DRS*.exe, DameWare Mini Remote Control*.exe, C:\Windows\dwrcs\* - c:\Program File\SolarWinds\Dameware Mini Remote Control\*, dwrcs.exe, *\dwrcs\*, *\dwrcst.exe, DameWare Remote Support.exe, SolarWinds-Dameware-MRC*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DameWare RMM tool""}]",https://documentation.solarwinds.com/en/success_center/dameware/content/install-standalone-port-requirements.htm,[] + c:\Program File\SolarWinds\Dameware Mini Remote Control\*, dntus*.exe, dwrcs.exe, *\dwrcs\*, *\dwrcst.exe, DameWare Remote Support.exe, SolarWinds-Dameware-MRC*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""dameware.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml"", ""Description"": ""Detects potential network activity of Dameware-mini remote control Protocol RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DameWare RMM tool""}]",https://documentation.solarwinds.com/en/success_center/dameware/content/install-standalone-port-requirements.htm,[] Level,,Level is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""level.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level_network_sigma.yml"", ""Description"": ""Detects potential network activity of Level RMM tool""}]",,[] Insync,,Insync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\USERNAME\AppData\Roaming\Insync\App\Insync.exe, *Users\*\AppData\Roaming\Insync\App\Insync.exe, *\Insync.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/insync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Insync RMM tool""}]",,[] -Bomgar - Now BeyondTrust,,Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] ISL Online,,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"*\ISLLight.exe, isllight.exe, ISLLightClient.exe, C:\Program Files (x86)\ISL Online\ISL Light*, *\ISL Online\ISL Light*, ISLLight.exe, isllightservice.exe, islalwaysonmonitor.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.islonline.com"", ""*.islonline.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml"", ""Description"": ""Detects potential network activity of ISL Online RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ISL Online RMM tool""}]",https://help.islonline.com/19818/165940,[] Remote.it,,Remote.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"remote-it-installer.exe, remote.it.exe, remoteit.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""auth.api.remote.it"", ""api.remote.it"", ""remote.it""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote.it RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote.it_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote.it RMM tool""}]",https://docs.remote.it/introduction/get-started,[] -Core FTP,,Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\coreftplite.exe, *\coreftplite.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/core_ftp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Core FTP RMM tool""}]",,[] Netreo,,Netreo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""charon.netreo.net"", ""activation.netreo.net"", ""*.api.netreo.com"", ""netreo.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netreo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Netreo RMM tool""}]",https://solutions.netreo.com/docs/firewall-requirements,[] -CuteFTP,,CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Globalscape\CuteFTP\*, *\Globalscape\CuteFTP\*, *\cuteftppro.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cuteftp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CuteFTP RMM tool""}]",,[] -CloudBuckIt,,CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\CloudBuckIt\*, *\CloudBuckIt\*, *\CloudBuckIt*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudbuckit_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudBuckIt RMM tool""}]",,[] NoteOn-desktop sharing,,NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"nateon*.exe, nateon.exe, nateonmain.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/noteon-desktop_sharing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NoteOn-desktop sharing RMM tool""}]",,[] Royal TS,,Royal TS is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,royalts.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""royalapps.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_network_sigma.yml"", ""Description"": ""Detects potential network activity of Royal TS RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_ts_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Royal TS RMM tool""}]",,[] DeskNets,,DeskNets is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://www.desknets.com/en/download.html,[] QQ IM-remote assistance,,QQ IM-remote assistance is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"qq.exe, QQProtect.exe, qqpcmgr.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.mdt.qq.com"", ""*.desktop.qq.com"", ""upload_data.qq.com"", ""qq-messenger.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_network_sigma.yml"", ""Description"": ""Detects potential network activity of QQ IM-remote assistance RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/qq_im-remote_assistance_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of QQ IM-remote assistance RMM tool""}]",https://en.wikipedia.org/wiki/Tencent_QQ,[] PuTTY Tray,,PuTTY Tray is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\puttytray.exe, *\puttytray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/putty_tray_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of PuTTY Tray RMM tool""}]",,[] -FileZilla,,FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\FileZilla FTP Client\*, *\FileZilla FTP Client\*, *\FileZilla.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/filezilla_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FileZilla RMM tool""}]",,[] XRDP,,XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] FastViewer,,FastViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"fastclient.exe, fastmaster.exe, FastViewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fastviewer.com"", ""fastviewer.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of FastViewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fastviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FastViewer RMM tool""}]",https://fastviewer.com/demo/EN_FastViewer_Server%20Installation%20Configuration.pdf,[] Jump Desktop,,Jump Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"jumpclient.exe, jumpdesktop.exe, jumpservice.exe, jumpconnect.exe, jumpupdater.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.jumpdesktop.com"", ""jumpdesktop.com"", ""jumpto.me"", ""*.jumpto.me""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Jump Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/jump_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Jump Desktop RMM tool""}]",https://support.jumpdesktop.com/hc/en-us/articles/360042490351-Administrators-Guide-For-Jump-Desktop-Connect,[] -pCloud,,pCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\pCloud Drive\, *\pCloud Drive\, *\pCloud.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcloud_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of pCloud RMM tool""}]",,[] Ivanti Remote Control,,Ivanti Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"IvantiRemoteControl.exe, ArcUI.exe, AgentlessRC.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ivanticloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ivanti_remote_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of Ivanti Remote Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ivanti_remote_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ivanti Remote Control RMM tool""}]",https://rc1.ivanticloud.com/,[] BeInSync,,BeInSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,Beinsync*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.beinsync.net"", ""*.beinsync.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_network_sigma.yml"", ""Description"": ""Detects potential network activity of BeInSync RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beinsync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeInSync RMM tool""}]",https://en.wikipedia.org/wiki/Phoenix_Technologies,[] NateOn-desktop sharing,,NateOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nateon*.exe, nateon.exe, nateonmain.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.nate.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_network_sigma.yml"", ""Description"": ""Detects potential network activity of NateOn-desktop sharing RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/nateon-desktop_sharing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NateOn-desktop sharing RMM tool""}]",http://rsupport.nate.com/rview/r8/main/index.aspx,[] Xeox,,Xeox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"xeox-agent_x64.exe, xeox_service_windows.exe, xeox-agent_*.exe, xeox-agent_x86.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.xeox.com"", ""xeox.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_network_sigma.yml"", ""Description"": ""Detects potential network activity of Xeox RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xeox_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Xeox RMM tool""}]",https://help.xeox.com/knowledge-base/gSuyNfDH6u79M82utnswf2/firewall-settings-xeox-agent-and-integrations/47T7S9tZJ2L1Z2W5gwuXoW,[] WinSCP,,WinSCP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\IEUser\Downloads\WinSCP-5.21.6-Portable\*, *\WinSCP*Portable\*, *\WinSCP.exe, *\WinSCP\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/winscp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of WinSCP RMM tool""}]",,[] -Desktop Central,,Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,dcagentservice.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""desktopcentral.manageengine.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml"", ""Description"": ""Detects potential network activity of Desktop Central RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Desktop Central RMM tool""}]",,[] DW Service,,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"dwagsvc.exe, dwagent.exe, dwagsvc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.dwservice.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml"", ""Description"": ""Detects potential network activity of DW Service RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DW Service RMM tool""}]",https://news.dwservice.net/dwservice-security-infrastructure/,[] NTR Remote,,NTR Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,NTRsupportPro_EN.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.ntrsupport.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_network_sigma.yml"", ""Description"": ""Detects potential network activity of NTR Remote RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NTR Remote RMM tool""}]",DOA as of 2024,[] -aws-cli,,aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Amazon\AWSCLI\*, *\Amazon\AWSCLI\*, *\AWSCLIV*.msi, *\AWSCLISetup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aws-cli_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of aws-cli RMM tool""}]",,[] TurboMeeting,,TurboMeeting is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"pcstarter.exe, turbomeeting.exe, turbomeetingstarter.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""acceo.com/turbomeeting/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_network_sigma.yml"", ""Description"": ""Detects potential network activity of TurboMeeting RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/turbomeeting_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TurboMeeting RMM tool""}]",http://sourcing.rhubcom.com/v5/faqs.html#collapsetwentysix2-topdiv,[] RemoteUtilities,,RemoteUtilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"rutview.exe, *\Remote Manipulator System - Server\*, C:\Program Files\Remote Utilities\*, *\Remote Utilities\*, rutserv.exe, *\rutserv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""remoteutilities.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemoteUtilities RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteutilities_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemoteUtilities RMM tool""}]",,[] -BeyondTrust (Bomgar),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"bomgar-scc.exe, bomgar-rdp.exe, bomgar-scc-*.exe, bomgar-pac-*.exe, bomgar-pac.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""bomgarcloud.com"", ""*.bomgarcloud.com"", ""*.beyondtrustcloud.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml"", ""Description"": ""Detects potential network activity of BeyondTrust (Bomgar) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeyondTrust (Bomgar) RMM tool""}]",https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm,[] Pulseway,,Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"PCMonitorManager.exe, pcmonitorsrv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""pulseway.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pulseway RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pulseway_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pulseway RMM tool""}]",https://intercom.help/pulseway/en/,[] Panorama9,,Panorama9 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,p9agent*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""trusted.panorama9.com"", ""changes.panorama9.com"", ""panorama9.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_network_sigma.yml"", ""Description"": ""Detects potential network activity of Panorama9 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/panorama9_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Panorama9 RMM tool""}]",https://support.panorama9.com/en/articles/1859605-what-ports-and-hosts-does-the-p9-agent-communicate-with,[] Atera,,"Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransomware or facilitate command execution and lateral movement. @@ -186,13 +151,11 @@ RunSmart,,RunSmart is a remote monitoring and management (RMM) tool. More inform Chrome Remote Desktop,,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"remote_host.exe, remoting_host.exe, C:\Program Files (x86)\Google\Chrome Remote Desktop\*, *\Google\Chrome Remote Desktop\*, *\remoting_host.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*remotedesktop.google.com"", ""*remotedesktop-pa.googleapis.com"", ""remotedesktop.google.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Chrome Remote Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Chrome Remote Desktop RMM tool""}]",https://support.google.com/chrome/a/answer/2799701?hl=en,[] Netviewer (GoToMeet),,Netviewer (GoToMeet) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nvClient.exe, netviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer__gotomeet__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Netviewer (GoToMeet) RMM tool""}]",Obsolute - found copy here: https://www.enviolet.com/en/service/online-consultant.html,[] Netviewer,,Netviewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"netviewer*.exe, netviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""download.cnet.com/Net-Viewer/3000-2370_4-10034828.html""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer_network_sigma.yml"", ""Description"": ""Detects potential network activity of Netviewer RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netviewer_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Netviewer RMM tool""}]",,[] -ConnectWise Control,,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"connectwisechat-customer.exe, connectwisecontrol.client.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""control.connectwise.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of ConnectWise Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ConnectWise Control RMM tool""}]",,[] +ConnectWise Control,,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"connectwisechat-customer.exe, connectwisecontrol.client.exe, screenconnect.windowsclient.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""live.screenconnect.com"", ""control.connectwise.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of ConnectWise Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ConnectWise Control RMM tool""}]",,[] ExtraPuTTY,,ExtraPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\ExtraPuTTY-0.30-2016-01-28-installer.exe, *Users\*\ExtraPuTTY-0.30-2016-01-28-installer.exe, *\ExtraPuTTY-0.30-2016-01-28-installer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/extraputty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ExtraPuTTY RMM tool""}]",,[] -FleetDeck,,FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,fleetdeck_agent_svc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDeck RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDeck RMM tool""}]",,[] +FleetDeck.io,,FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"fleetdeck_agent_svc.exe, fleetdeck_commander_svc.exe, fleetdeck_installer.exe, fleetdeck_commander_launcher.exe, fleetdeck_agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fleetdeck.io"", ""cognito-idp.us-west-2.amazonaws.com"", ""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDesk.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDesk.io RMM tool""}]",https://fleetdeck.io/faq/,[] HelpU,,HelpU is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"helpu_install.exe, HelpuUpdater.exe, HelpuManager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""helpu.co.kr"", ""*.helpu.co.kr""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_network_sigma.yml"", ""Description"": ""Detects potential network activity of HelpU RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/helpu_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of HelpU RMM tool""}]",https://helpu.co.kr/,[] -ESET Remote Administrator,,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"einstaller.exe, era.exe, ERAAgent.exe, ezhelp*.exe, eratool.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""eset.com/me/business/remote-management/remote-administrator/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_network_sigma.yml"", ""Description"": ""Detects potential network activity of ESET Remote Administrator RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ESET Remote Administrator RMM tool""}]",eset.com/me/business/remote-management/remote-administrator/,[] ToDesk,,ToDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"todesk.exe, ToDesk_Service.exe, ToDesk_Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""todesk.com"", ""*.todesk.com"", ""*.todesk.com"", ""todesktop.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/todesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of ToDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/todesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ToDesk RMM tool""}]",https://www.todesk.com/,[] -Distant Desktop,,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"ddsystem.exe, dd.exe, distant-desktop.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.distantdesktop.com"", ""*signalserver.xyz""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Distant Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Distant Desktop RMM tool""}]",https://www.distantdesktop.com/manual/first-start.htm,[] RAdmin,,"RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. ",Nasreddine Bencherchali,2024-08-05,2024-08-05,https://www.radmin.com/,RServer3.exe,RServer3.exe,Radmin Server,Radmin Server,,,,Windows,,,"C:\Program Files (x86)\Radmin Viewer 3\Radmin.exe, C:\Windows\SysWOW64\rserver30\rserver3.exe, C:\Windows\SysWOW64\rserver30\FamItrfc, C:\Windows\SysWOW64\rserver30\FamItrf2","{""Disk"": [{""File"": ""C:\\Windows\\SysWOW64\\rserver30\\Radm_log.htm"", ""Description"": ""RAdmin log file (32-bit)"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\System32\\rserver30\\Radm_log.htm"", ""Description"": ""RAdmin log file (64-bit)"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\System32\\rserver30\\CHATLOGS\\*\\*.htm"", ""Description"": ""RAdmin chat logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Users\\*\\Documents\\ChatLogs\\*\\*.htm"", ""Description"": ""RAdmin user chat logs"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [{""Path"": ""HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Radmin\\v3.0\\Server\\Parameters\\Radmin Security"", ""Description"": ""N/A""}], ""Network"": [{""Description"": ""N/A"", ""Domains"": [""radmin.com""], ""Ports"": [443]}]}","[{""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_pua_radmin.yml"", ""Description"": ""PUA - Radmin Viewer Utility Execution""}, {""Sigma"": ""https://github.com/SigmaHQ/sigma/blob/782f0f524e6f797ea114fe0d87b22cb4abaa6b7c/rules/windows/process_creation/proc_creation_win_registry_enumeration_for_credentials_cli.yml"", ""Description"": ""Enumeration for 3rd Party Creds From CLI""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_registry_sigma.yml"", ""Description"": ""Detects potential registry activity of RAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_network_sigma.yml"", ""Description"": ""Detects potential network activity of RAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_files_sigma.yml"", ""Description"": ""Detects potential files activity of RAdmin RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/radmin_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RAdmin RMM tool""}]","https://radmin-club.com/radmin/how-to-establish-a-connection-outside-of-lan/, https://helpdesk.radmin.com/radmin3help/, https://helpdesk.radmin.com/radmin3help/files/viewercmd.htm, https://helpdesk.radmin.com/radmin3help/files/cmd.htm","[{""Person"": ""Nasreddine Bencherchali"", ""Handle"": ""@nas_bench""}]" CrossLoop,,CrossLoop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"crossloopservice.exe, CrossLoopConnect.exe, WinVNCStub.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.crossloop.com"", ""crossloop.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crossloop_network_sigma.yml"", ""Description"": ""Detects potential network activity of CrossLoop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crossloop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CrossLoop RMM tool""}]",www.CrossLoop.com -> redirects to avast.com,[] @@ -208,31 +171,26 @@ SmarTTY,,SmarTTY is a remote monitoring and management (RMM) tool. More informat Impero Connect,,Impero Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,ImperoClientSVC.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""imperosoftware.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_network_sigma.yml"", ""Description"": ""Detects potential network activity of Impero Connect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/impero_connect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Impero Connect RMM tool""}]",,[] 247ithelp.com (ConnectWise),,247ithelp.com (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,Remote Workforce Client.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.247ithelp.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/247ithelp.com__connectwise__network_sigma.yml"", ""Description"": ""Detects potential network activity of 247ithelp.com (ConnectWise) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/247ithelp.com__connectwise__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of 247ithelp.com (ConnectWise) RMM tool""}]",Similar / replaced by ScreenConnect,[] Remobo,,Remobo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"remobo.exe, remobo_client.exe, remobo_tracker.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""remobo.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remobo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remobo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remobo RMM tool""}]",https://www.remobo.com - DOA as of 2024,[] -CloudFuze,,CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Free Tools Launcher,,Free Tools Launcher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\ManageEngine\ManageEngine Free Tools\Launcher\*, *\ManageEngine\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Echoware,,Echoware is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"echoserver*.exe, echoware.dll","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/echoware_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Echoware RMM tool""}]",,[] Zoho Assist,,Zoho Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"zaservice.exe, ZMAgent.exe, C:\*\ZA_Access.exe, ZohoMeeting.exe, Zohours.exe, zohotray.exe, ZohoURSService.exe, *\ZA_Access.exe, Zaservice.exe, za_connect.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.zoho.com.au"", ""*.zohoassist.jp"", ""assist.zoho.com"", ""zoho.com/assist/"", ""*.zoho.in"", ""downloads.zohodl.com.cn"", ""*.zohoassist.com"", ""downloads.zohocdn.com"", ""gateway.zohoassist.com"", ""*.zohoassist.com.cn"", ""*.zoho.com.cn"", ""*.zoho.com"", ""*.zoho.eu""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Zoho Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/zoho_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Zoho Assist RMM tool""}]",https://www.zoho.com/assist/kb/firewall-configuration.html,[] KiTTY,,KiTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\kitty.exe, *\kitty.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kitty_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of KiTTY RMM tool""}]",,[] -Proton Drive,,Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] SimpleHelp,,SimpleHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"simplehelpcustomer.exe, simpleservice.exe, simplegatewayservice.exe, remote access.exe, windowslauncher.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""simple-help.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_network_sigma.yml"", ""Description"": ""Detects potential network activity of SimpleHelp RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/simplehelp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of SimpleHelp RMM tool""}]",https://simple-help.com/remote-support,[] CloudFlare Tunnel,,CloudFlare Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,cloudflared.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""cloudflare.com/products/tunnel/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_network_sigma.yml"", ""Description"": ""Detects potential network activity of CloudFlare Tunnel RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudflare_tunnel_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CloudFlare Tunnel RMM tool""}]",cloudflare.com/products/tunnel/,[] GoTo Opener,,GoTo Opener is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\GoTo Opener, *\GoTo Opener","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Pcvisit,,Pcvisit is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pcvisit.exe, pcvisit_client.exe, pcvisit-easysupport.exe, pcvisit_service_client.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.pcvisit.de"", ""pcvisit.de""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_network_sigma.yml"", ""Description"": ""Detects potential network activity of Pcvisit RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcvisit_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pcvisit RMM tool""}]",https://www.pcvisit.de/,[] Mocha VNC Lite,,Mocha VNC Lite is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"This installs a modified VNC and cannot be blocked by path separate from VNC, This installs a modified VNC and cannot be blocked by path separate from VNC, *\RealVNC\VNC4\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Laplink Gold,,Laplink Gold is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"tsircusr.exe, laplink.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""wen.laplink.com/product/laplink-gold""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_network_sigma.yml"", ""Description"": ""Detects potential network activity of Laplink Gold RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/laplink_gold_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Laplink Gold RMM tool""}]",wen.laplink.com/product/laplink-gold,[] -Cyberduck,,Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Cyberduck\*, *\Cyberduck\*, *\Cyberduck.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cyberduck_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Cyberduck RMM tool""}]",,[] Iperius Remote,,Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"iperius.exe, iperiusremote.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.iperiusremote.com"", ""*.iperius.com"", ""*.iperius-rs.com"", ""iperiusremote.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_network_sigma.yml"", ""Description"": ""Detects potential network activity of Iperius Remote RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/iperius_remote_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Iperius Remote RMM tool""}]",https://www.iperiusremote.com/download-iperius-remote-desktop-windows.aspx,[] BeamYourScreen,,BeamYourScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"beamyourscreen.exe, beamyourscreen-host.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""beamyourscreen.com"", ""*.beamyourscreen.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_network_sigma.yml"", ""Description"": ""Detects potential network activity of BeamYourScreen RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beamyourscreen_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of BeamYourScreen RMM tool""}]",beamyourscreen redirects to https://www.mikogo.com/,[] TeleDesktop,,TeleDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"pstlaunch.exe, ptdskclient.exe, ptdskhost.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""tele-desk.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of TeleDesktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teledesktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of TeleDesktop RMM tool""}]",http://potomacsoft.com/ - DOA as of 2024,[] Parallels Access,,Parallels Access is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"parallelsaccess-*.exe, TSClient.exe, prl_deskctl_agent.exe, prl_deskctl_wizard.exe, prl_pm_service.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.parallels.com"", ""parallels.com/products/ras/try""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_network_sigma.yml"", ""Description"": ""Detects potential network activity of Parallels Access RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/parallels_access_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Parallels Access RMM tool""}]",https://kb.parallels.com/en/129097,[] Basecamp,,Basecamp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""basecamp.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/basecamp_network_sigma.yml"", ""Description"": ""Detects potential network activity of Basecamp RMM tool""}]",basecamp.com - No specific RMM tool listed,[] Weezo,,Weezo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"weezohttpd.exe, weezo.exe, weezo setup*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.weezo.me"", ""weezo.net"", ""*.weezo.net"", ""weezo.en.softonic.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Weezo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/weezo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Weezo RMM tool""}]",weezo.en.softonic.com,[] -X2Go,,X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -DriveMaker,,DriveMaker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\DriveMaker.exe, *\DriveMaker.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/drivemaker_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DriveMaker RMM tool""}]",,[] +X2Go,,X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],https://wiki.x2go.org/doku.php,[] Dev Tunnels (aka Visual Studio Dev Tunnel),,Dev Tunnels (aka Visual Studio Dev Tunnel) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dev_tunnels__aka_visual_studio_dev_tunnel__network_sigma.yml"", ""Description"": ""Detects potential network activity of Dev Tunnels (aka Visual Studio Dev Tunnel) RMM tool""}]",,[] Connectwise Automate (LabTech),,Connectwise Automate (LabTech) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"ltsvc.exe, ltsvcmon.exe, lttray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.hostedrmm.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__network_sigma.yml"", ""Description"": ""Detects potential network activity of Connectwise Automate (LabTech) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_automate__labtech__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Connectwise Automate (LabTech) RMM tool""}]",https://www.connectwise.com/company/announcements/labtech-now-connectwise-automate,[] Splashtop (Beta),,Splashtop (Beta) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"SRServer.exe, SplashtopSOS.exe, Splashtop_Streamer_Windows*.exe, SRManager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""splashtop.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__network_sigma.yml"", ""Description"": ""Detects potential network activity of Splashtop (Beta) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/splashtop__beta__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Splashtop (Beta) RMM tool""}]",,[] -Google Drive,,Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Google\Drive File Stream\*, *\Google\Drive File Stream\*, *Users\*\AppData\*\Google\DriveFS*, G:\My Drive*, *\GoogleDriveFS.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/google_drive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Google Drive RMM tool""}]",,[] Netop,,Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Danware Data\NetOp Packn Deploy\*, *\Danware Data\NetOp Packn Deploy\*, *\Netop Remote Control\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Kaseya (VSA),,"Kaseya (VSA) aka Unigma is a remote monitoring and management (RMM) tool. More information will be added as it becomes available. ",Nasreddine Bencherchali,2024-08-05,2024-08-05,,agentmon.exe,,,,,,,,,,"C:\Program Files (x86)\Kaseya\, C:\ProgramData\Kaseya\","{""Disk"": [{""File"": ""%localappdata%\\Kaseya\\Log\\KaseyaLiveConnect\\*"", ""Description"": ""Kaseya Live Connect logs"", ""OS"": ""Windows""}, {""File"": ""~/Library/Logs/com.kaseya/KaseyaLiveConnect/*"", ""Description"": ""Kaseya Live Connect logs"", ""OS"": ""MacOS""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\Endpoint\\*"", ""Description"": ""Kaseya Endpoint logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files*\\Kaseya\\*\\agentmon.log"", ""Description"": ""Kaseya Agent Monitor log""}, {""File"": ""/var/log/system.log"", ""Description"": ""Kaseya Agent Monitor log"", ""OS"": ""MacOS 32bit""}, {""File"": "" ~/opt/kaseya/*/logs*"", ""Description"": ""Kaseya Agent Monitor log"", ""OS"": ""MacOS 64bit""}, {""File"": ""C:\\Users\\*\\AppData\\Local\\Temp\\KASetup.log"", ""Description"": ""Kaseya Setup log in user temp directory"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\Temp\\KASetup.log"", ""Description"": ""Kaseya Setup log in Windows temp directory"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\KaseyaEdgeServices\\*"", ""Description"": ""Kaseya Edge Services logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\api\\v1.0\\logs\\"", ""Description"": ""Kaseya API logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\api\\v1.5\\endpoint\\logs"", ""Description"": ""Kaseya API logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\api\\v1.5\\endpoints\\logs"", ""Description"": ""Kaseya API logs"", ""OS"": ""Windows""}, {""File"": ""C:\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Kaseya\\Log\\MakeSelfSignedCert.exe\\"", ""Description"": ""Certificate creation"", ""OS"": ""Windows""}, {""File"": ""C:\\Kaseya\\WebPages\\install\\makecert.txt"", ""Description"": ""Certificate creation"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\KaseyaEndpoint*"", ""Description"": ""Endpoint service logs"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\Kaseya\\Log\\Endpoint\\Instance_*\\Session_*"", ""Description"": ""Session logs"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""deploy01.kaseya.com"", ""*managedsupport.kaseya.net"", ""*.kaseya.net"", ""kaseya.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__network_sigma.yml"", ""Description"": ""Detects potential network activity of Kaseya (VSA) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kaseya__vsa__files_sigma.yml"", ""Description"": ""Detects potential files activity of Kaseya (VSA) RMM tool""}]","https://helpdesk.kaseya.com/hc/en-gb/articles/229012608-Software-Deployment-URL-Port-Requirements, https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations, https://ruler-project.github.io/ruler-project/RULER/remote/Kaseya/, https://helpdesk.kaseya.com/hc/en-gb/articles/229009708-Live-Connect-Log-File-Locations",[] @@ -242,25 +200,22 @@ DeskShare,,DeskShare is a remote monitoring and management (RMM) tool. More info rdpwrap,,rdpwrap is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"RDPWInst.exe, RDPCheck.exe, RDPConf.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""github.com/stascorp/rdpwrap""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_network_sigma.yml"", ""Description"": ""Detects potential network activity of rdpwrap RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpwrap_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of rdpwrap RMM tool""}]",github.com/stascorp/rdpwrap,[] Total Software Deployment,,Total Software Deployment is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\ProgramData\Total Software Deployment\*, *\Total Software Deployment\*, *\tniwinagent.exe, *\Tsdservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/total_software_deployment_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Total Software Deployment RMM tool""}]",,[] PuTTY,,PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -FixMe.it,,FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"FixMeit Unattended Access Setup.exe, TiExpertStandalone.exe, FixMeitClient*.exe, FixMeit Client.exe, FixMeit Expert Setup.exe, TiExpertCore.exe, fixmeitclient.exe, TiClientCore.exe, TiClientHelper*.exe, no installation required | recommend blocking fixme[.]it SaaS portal, no installation required | recommend blocking fixme[.]it SaaS portal, 9380CC75B872221A7425D7503565B67580407F60","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fixme.it"", ""*.techinline.net"", ""fixme.it"", ""*set.me"", ""*setme.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_network_sigma.yml"", ""Description"": ""Detects potential network activity of FixMe.it RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FixMe.it RMM tool""}]",https://docs.fixme.it/general-questions/which-ports-and-servers-does-fixme-it-use,[] RDPView,,RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,dwrcs.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""systemmanager.ru/dntu.en/rdp_view.htm""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_network_sigma.yml"", ""Description"": ""Detects potential network activity of RDPView RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rdpview_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RDPView RMM tool""}]",systemmanager.ru/dntu.en/rdp_view.htm - Same as Damware,[] Fortra,,Fortra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fortra.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fortra_network_sigma.yml"", ""Description"": ""Detects potential network activity of Fortra RMM tool""}]",https://www.fortra.com - No free/cloud RMM softwars listed,[] ISL Light,,ISL Light is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"islalwaysonmonitor.exe, isllight.exe, isllightservice.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""islonline.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_network_sigma.yml"", ""Description"": ""Detects potential network activity of ISL Light RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_light_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ISL Light RMM tool""}]",,[] Pocket Controller (Soti Xsight),,Pocket Controller (Soti Xsight) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pocketcontroller.exe, wysebrowser.exe, XSightService.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*soti.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__network_sigma.yml"", ""Description"": ""Detects potential network activity of Pocket Controller (Soti Xsight) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pocket_controller__soti_xsight__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Pocket Controller (Soti Xsight) RMM tool""}]",https://pulse.soti.net/support/soti-xsight/help/,[] GatherPlace-desktop sharing,,GatherPlace-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"gp3.exe, gp4.exe, gp5.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.gatherplace.com"", ""*.gatherplace.net"", ""gatherplace.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_network_sigma.yml"", ""Description"": ""Detects potential network activity of GatherPlace-desktop sharing RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/gatherplace-desktop_sharing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GatherPlace-desktop sharing RMM tool""}]",https://www.gatherplace.com/kb?id=136377,[] -Electric,,Electric is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""electric.ai""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml"", ""Description"": ""Detects potential network activity of Electric RMM tool""}]",,[] Site24x7,,Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/13/2024,,,,,,,,,,,,"MEAgentHelper.exe, MonitoringAgent.exe, Site24x7WindowsAgentTrayIcon.exe, Site24x7PluginAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""plus*.site24x7.com"", ""plus*.site24x7.eu"", ""plus*.site24x7.in"", ""plus*.site24x7.cn"", ""plus*.site24x7.net.au"", ""site24x7.com/msp""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_network_sigma.yml"", ""Description"": ""Detects potential network activity of Site24x7 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/site24x7_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Site24x7 RMM tool""}]",https://support.site24x7.com/portal/en/kb/articles/which-ports-do-i-need-to-allow-access-in-my-firewall-to-use-site24x7-agent,[] MeshCentral,,"MeshCentral is a remote monitoring and management (RMM) tool. MeshAgent used along with MeshCentral to remotely manage computers. MeshAgent can execute commands on the target host by leveraging win-console to obscure their activities and win-dispatcher to run malicious code through IPC with child processes. ",@kostastsale,2024-09-20,2024-09-20,https://meshcentral.com/,MeshAgent.exe,,MeshCentral Background Service Agent,,SYSTEM,Yes,N/A,"Windows, Linux, MacOS, FreeBSD","Remote Desktop & Terminal, Remote File Access, Text and Voice Chat, Server File Storage, Real-time User interface, Port Forwarding",CVE-2024-26135,"meshcentral*.exe, meshagent*.exe","{""Disk"": [{""File"": ""C:\\Program Files\\Mesh Agent\\MeshAgent.exe"", ""Description"": ""Local MeshAgent service binary after installation"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files\\Mesh Agent\\MeshAgent.msh"", ""Description"": ""Local MeshAgent service configuration file. Contains configuration settings including the MeshCentral server address, port, and other settings. If the MeshAgent is run without being installed, the configuration file is created in the same directory as the MeshAgent binary."", ""OS"": ""Windows""}], ""EventLog"": [{""EventID"": 7045, ""ProviderName"": ""Service Control Manager"", ""LogFile"": ""System.evtx"", ""ServiceName"": ""Mesh Agent background service"", ""ImagePath"": ""\""C:\\\\Program Files\\\\Mesh Agent\\\\MeshAgent.exe\"""", ""Description"": ""Service installation event as result of MeshAgent installation.""}], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""meshcentral.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_network_sigma.yml"", ""Description"": ""Detects potential network activity of MeshCentral RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/meshcentral_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MeshCentral RMM tool""}, {""Sigma"": ""https://github.com/tsale/Sigma_rules/blob/main/Threat%20Hunting%20Queries/proc_creation_windows_meshagent.yml"", ""Description"": ""Detects MeshAgent Command Execution via MeshCentral""}]","https://ylianst.github.io/MeshCentral/meshcentral/, https://github.com/Ylianst/MeshAgent","[{""Person"": ""Kostas"", ""Handle"": ""@kostastsale""}]" MSP360,,MSP360 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"Online Backup.exe, CBBackupPlan.exe, Cloud.Backup.Scheduler.exe, Cloud.Backup.RM.Service.exe, cbb.exe, CloudRaService.exe, CloudRaSd.exe, CloudRaCmd.exe, CloudRaUtilities.exe, Remote Desktop.exe, Connect.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.cloudberrylab.com"", ""*.msp360.com"", ""*.mspbackups.com"", ""msp360.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_network_sigma.yml"", ""Description"": ""Detects potential network activity of MSP360 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/msp360_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MSP360 RMM tool""}]",https://kb.msp360.com/managed-backup-service/mbs-tcp-ports-configuration#,[] ScreenConnect,,ScreenConnect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,"Ali Alwashali, Nasreddine Bencherchali",2023-10-01,2024-08-03,https://www.connectwise.com,,,,,,14-Days Free Trial,,"Android, IOS, Linux, Mac, Windows","Command Line Support, File Transfer, Install Windows updates, Receive notification when user performs a predefined event, Remote Command Line, Remote Control, Sound Capture, Start / Stop services, View event logs",,"C:\Program Files (x86)\ScreenConnect Client (Random)\ScreenConnect.ClientService.exe, Remote Workforce Client.exe, *\*\ScreenConnect.ClientService.exe, C:\Program Files (x86)\ScreenConnect Client ()\*, *\ScreenConnect Client*\*, *\*\ScreenConnect.WindowsClient.exe, screenconnect*.exe, screenconnect.windowsclient.exe, Remote Workforce Client.exe, screenconnect*.exe, ConnectWiseControl*.exe, connectwise*.exe, screenconnect.windowsclient.exe, screenconnect.clientservice.exe","{""Disk"": [{""File"": ""C:\\Program Files*\\ScreenConnect\\App_Data\\Session.db"", ""Description"": ""ScreenConnect session database"", ""OS"": ""Windows""}, {""File"": ""C:\\Program Files*\\ScreenConnect\\App_Data\\User.xml"", ""Description"": ""ScreenConnect user configuration"", ""OS"": ""Windows""}, {""File"": ""C:\\ProgramData\\ScreenConnect Client*\\user.config"", ""Description"": ""ScreenConnect client user configuration"", ""OS"": ""Windows""}], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""control.connectwise.com"", ""*.connectwise.com"", ""*.screenconnect.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_network_sigma.yml"", ""Description"": ""Detects potential network activity of ScreenConnect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_files_sigma.yml"", ""Description"": ""Detects potential files activity of ScreenConnect RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/screenconnect_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ScreenConnect RMM tool""}]",https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/,[] -Microsoft TSC,,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,termsrv.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft TSC RMM tool""}]",https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application,[] +Microsoft TSC,,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"termsrv.exe, mstsc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft TSC RMM tool""}]",https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application,[] Tanium,,Tanium is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"TaniumClient.exe, TaniumCX.exe, TaniumExecWrapper.exe, TaniumFileInfo.exe, TPowerShell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""cloud.tanium.com"", ""*.cloud.tanium.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tanium RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Tanium RMM tool""}]",https://help.tanium.com/bundle/ug_client_cloud/page/client/platform_connections.html,[] Ultra VNC,,Ultra VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\uvnc bvba\UltraVNC\*, *\uvnc bvba\UltraVNC\*, *\UVNC_Launch.exe, *\winvnc.exe, *\vncviewer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ultra_vnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Ultra VNC RMM tool""}]",,[] Remote Manipulator System,,Remote Manipulator System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"rfusclient.exe, rutserv.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.internetid.ru"", ""rmansys.ru""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_network_sigma.yml"", ""Description"": ""Detects potential network activity of Remote Manipulator System RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remote_manipulator_system_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remote Manipulator System RMM tool""}]",https://rmansys.ru/files/,[] Domotz,,Domotz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"domotz.exe, Domotz Pro Desktop App.exe, domotz_bash.exe, domotz*.exe, Domotz Pro Desktop App Setup*.exe, domotz-windows*.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.domotz.co"", ""domotz.com"", ""*cell-1.domotz.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_network_sigma.yml"", ""Description"": ""Detects potential network activity of Domotz RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/domotz_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Domotz RMM tool""}]",https://help.domotz.com/tips-tricks/unblock-outgoing-connections-on-firewall/,[] -FixMe,,FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"FixMeit Client.exe, TiExpertStandalone.exe, FixMeitClient*.exe, TiExpertCore.exe, FixMeit Unattended Access Setup.exe, FixMeit Expert Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fixme.it""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_network_sigma.yml"", ""Description"": ""Detects potential network activity of FixMe RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FixMe RMM tool""}]",,[] -rclone,,rclone is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"portable tool. No install path, portable tool. No install path, rclone*.zip, *\rclone.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rclone_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of rclone RMM tool""}]",,[] +FixMe.it,,FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"FixMeit Client.exe, TiExpertStandalone.exe, FixMeitClient*.exe, TiExpertCore.exe, FixMeit Unattended Access Setup.exe, FixMeit Expert Setup.exe, TiExpertCore.exe, fixmeitclient.exe, TiClientCore.exe, TiClientHelper*.exe, 9380CC75B872221A7425D7503565B67580407F60","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.fixme.it"", ""*.techinline.net"", ""fixme.it"", ""*set.me"", ""*setme.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_network_sigma.yml"", ""Description"": ""Detects potential network activity of FixMe RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FixMe RMM tool""}]",,[] Tanium Deploy,,Tanium Deploy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""tanium.com/products/tanium-deploy""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/tanium_deploy_network_sigma.yml"", ""Description"": ""Detects potential network activity of Tanium Deploy RMM tool""}]",,[] N-ABLE Remote Access Software,,N-ABLE Remote Access Software is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""n-able.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_remote_access_software_network_sigma.yml"", ""Description"": ""Detects potential network activity of N-ABLE Remote Access Software RMM tool""}]",,[] Quick Assist,,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.support.services.microsoft.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Quick Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Quick Assist RMM tool""}]",,[] @@ -276,7 +231,6 @@ FreeRDP,,FreeRDP is a remote monitoring and management (RMM) tool. More informat MioNet (Also known as WD Anywhere Access),,MioNet (Also known as WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"mionet.exe, mionetmanager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mionet__also_known_as_wd_anywhere_access__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MioNet (Also known as WD Anywhere Access) RMM tool""}]",,[] SmartCode Web VNC,,SmartCode Web VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\TightVNC\*, *\TightVNC\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Onionshare,,Onionshare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\OnionShare\*, *\OnionShare\*, *\onionshare*.exe, OnionShare-win*.msi","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/onionshare_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Onionshare RMM tool""}]",,[] -Air Live Drive,,Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\AirLiveDrive\*, *\AirLiveDrive\*, *\AirLiveDrive.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_live_drive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Air Live Drive RMM tool""}]",,[] Rocket Remote Desktop,,Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"RDConsole.exe, RocketRemoteDesktop_Setup.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rocket_remote_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Rocket Remote Desktop RMM tool""}]",,[] WebRDP,,WebRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,webrdp.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""github.com/Mikej81/WebRDP""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_network_sigma.yml"", ""Description"": ""Detects potential network activity of WebRDP RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/webrdp_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of WebRDP RMM tool""}]",github.com/Mikej81/WebRDP,[] BeyondTrust,,BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] @@ -298,44 +252,33 @@ Remote Utilities,,Remote Utilities is a remote monitoring and management (RMM) t Remcos,,Remcos is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,remcos*.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remcos_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Remcos RMM tool""}]",,[] ISL Online,,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"islalwaysonmonitor.exe, isllight.exe, isllightservice.exe, ISLLightClient.exe, C:\Program Files (x86)\ISL Online\ISL Light*, *\ISL Online\ISL Light*, *\ISLLight.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.islonline.com"", ""*.islonline.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml"", ""Description"": ""Detects potential network activity of ISL Online RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ISL Online RMM tool""}]",https://help.islonline.com/19818/165940,[] DragonDisk,,DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Almageste\DragonDisk\*, *\Almageste\DragonDisk\*, *\DragonDisk.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dragondisk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of DragonDisk RMM tool""}]",,[] -FleetDeck.io,,FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"fleetdeck_agent_svc.exe, fleetdeck_commander_svc.exe, fleetdeck_installer.exe, fleetdeck_commander_launcher.exe, fleetdeck_agent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""fleetdeck.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of FleetDeck.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FleetDeck.io RMM tool""}]",,[] -Chrome Remote Desktop,,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"remote_host.exe, remoting_host.exe, C:\Program Files (x86)\Google\Chrome Remote Desktop\*, *\Google\Chrome Remote Desktop\*, *\remoting_host.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*remotedesktop-pa.googleapis.com"", ""*remotedesktop.google.com"", ""remotedesktop.google.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Chrome Remote Desktop RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Chrome Remote Desktop RMM tool""}]",https://support.google.com/chrome/a/answer/2799701?hl=en,[] RealVNC,,RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -rsync,,rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -Datto,,Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""datto.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/datto_network_sigma.yml"", ""Description"": ""Detects potential network activity of Datto RMM tool""}]",,[] -CloudExplorer,,CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Supremo,,Supremo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/13/2024,,,,,,,,,,,,"supremo.exe, supremoservice.exe, supremosystem.exe, supremohelper.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""supremocontrol.com"", ""*.supremocontrol.com"", ""* .nanosystems.it""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_network_sigma.yml"", ""Description"": ""Detects potential network activity of Supremo RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/supremo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Supremo RMM tool""}]",https://www.supremocontrol.com/frequently-asked-questions/,[] GoToAssist Agent Desktop Console,,GoToAssist Agent Desktop Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\G2RDesktopConsole-x64.msi, *\G2RDesktopConsole-x64.msi","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -ConnectWise Control,,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"screenconnect.clientservice.exe, connectwisecontrol.client.exe, screenconnect.windowsclient.exe, connectwisechat-customer.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""live.screenconnect.com"", ""control.connectwise.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of ConnectWise Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ConnectWise Control RMM tool""}]",,[] RemoteView,,RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"remoteview.exe, rv.exe, rvagent.exe, rvagtray.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*content.rview.com"", ""*.rview.com"", ""content.rview.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_network_sigma.yml"", ""Description"": ""Detects potential network activity of RemoteView RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/remoteview_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of RemoteView RMM tool""}]",https://help.rview.com/hc/en-us/articles/360005175994--RemoteView-Server-list-for-firewall,[] VNC Connect,,VNC Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\RealVNC\VNC Server\*, *\RealVNC\VNC Server\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Syncthing,,Syncthing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Roaming\SyncTrayzor\*, *Users\*\AppData\Roaming\SyncTrayzor\*, *\Syncthing.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/syncthing_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Syncthing RMM tool""}]",,[] KHelpDesk,,KHelpDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,KHelpDesk.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.khelpdesk.com.br""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_network_sigma.yml"", ""Description"": ""Detects potential network activity of KHelpDesk RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/khelpdesk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of KHelpDesk RMM tool""}]",https://www.khelpdesk.com.br/en-us,[] Netop Remote Control (Impero Connect),,Netop Remote Control (Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"nhostsvc.exe, nhstw32.exe, ngstw32.exe, Netop Ondemand.exe, nldrw32.exe, rmserverconsolemediator.exe, ImperoInit.exe, Connect.Backdrop.cloud*.exe, ImperoClientSVC.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.connect.backdrop.cloud"", ""*.netop.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__network_sigma.yml"", ""Description"": ""Detects potential network activity of Netop Remote Control (Impero Connect) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netop_remote_control__impero_connect__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Netop Remote Control (Impero Connect) RMM tool""}]",https://kb.netop.com/article/firewall-and-proxy-server-considerations-when-using-netop-portal-communication-373.html,[] Bitvise SSH Server,,Bitvise SSH Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\Bitvise SSH Server\*, *\Bitvise SSH Server\*, *\BvSshServer-Inst.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bitvise_ssh_server_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Bitvise SSH Server RMM tool""}]",,[] -Cloud Turtle,,Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Genie9\*, *\Genie9\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] Apple Remote Desktop,,Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/24/2024,,,,,,,,,,,,ARDAgent.app,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/apple_remote_desktop_network_sigma.yml"", ""Description"": ""Detects potential network activity of Apple Remote Desktop RMM tool""}]",https://support.apple.com/guide/remote-desktop/install-and-set-up-remote-desktop-apdf49e03a4/mac,[] Chrome SSH Extension,,Chrome SSH Extension is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodihamcpbpeioajjeobimgagajmlibd*, *Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodihamcpbpeioajjeobimgagajmlibd*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -CloudGopher,,CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] NetSupport Manager,,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"pcictlui.exe, client32.exe, pcicfgui.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""geo.netsupportsoftware.com"", ""netsupportmanager.com"", ""*.netsupportmanager.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_network_sigma.yml"", ""Description"": ""Detects potential network activity of NetSupport Manager RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/netsupport_manager_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of NetSupport Manager RMM tool""}]",https://www.netsupportmanager.com/resources/,[] ESET Remote Administrator,,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"era.exe, einstaller.exe, ezhelp*.exe, eratool.exe, ERAAgent.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""eset.com/me/business/remote-management/remote-administrator/""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_network_sigma.yml"", ""Description"": ""Detects potential network activity of ESET Remote Administrator RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ESET Remote Administrator RMM tool""}]",eset.com/me/business/remote-management/remote-administrator/,[] Yandex.Disk,,Yandex.Disk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\Yandex\*, *\Yandex\*, *\YandexDisk2.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/yandex.disk_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Yandex.Disk RMM tool""}]",,[] N-Able Advanced Monitoring Agent,,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"BASupSrvc.exe, winagent.exe, BASupApp.exe, BASupTSHelper.exe, Agent_*_RW.exe, BASEClient.exe, BASupSrvcCnfg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.beanywhere.com "", ""systemmonitor.co.uk"", ""*system-monitor.com"", ""cloudbackup.management"", ""*systemmonitor.co.uk"", ""n-able.com"", ""systemmonitor.us"", ""*systemmonitor.eu.com"", ""*.logicnow.com"", ""*.swi-tc.com"", ""*remote.management"", ""systemmonitor.us.cdn.cloudflare.net"", ""*cloudbackup.management"", ""remote.management"", ""logicnow.com"", ""system-monitor.com"", ""*systemmonitor.us"", ""systemmonitor.eu.com"", ""*.n-able.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_network_sigma.yml"", ""Description"": ""Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/n-able_advanced_monitoring_agent_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool""}]",https://documentation.n-able.com/takecontrol/troubleshooting/Content/kb/Take-Control-Standalone-Ports-and-Domains-Firewall-and-AV-Exclusions.htm,[] MyIVO,,MyIVO is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"myivomgr.exe, myivomanager.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""myivo-server.software.informer.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_network_sigma.yml"", ""Description"": ""Detects potential network activity of MyIVO RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/myivo_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MyIVO RMM tool""}]",myivo.com - DOA as of 2024,[] -FreeFileSync,,FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files\FreeFileSync\*, *\FreeFileSync\*, *\FreeFileSync.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freefilesync_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of FreeFileSync RMM tool""}]",,[] ITSupport247 (ConnectWise),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,saazapsc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.itsupport247.net""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__network_sigma.yml"", ""Description"": ""Detects potential network activity of ITSupport247 (ConnectWise) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/itsupport247__connectwise__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool""}]",https://control.itsupport247.net/,[] VNC,,VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"winvnc*.exe, vncserver.exe, winwvc.exe, winvncsc.exe, vncserverui.exe, vncviewer.exe, winvnc.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""realvnc.com/en/connect/download/vnc""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_network_sigma.yml"", ""Description"": ""Detects potential network activity of VNC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/vnc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of VNC RMM tool""}]",https://realvnc.com/en/connect/download/vnc,[] ServerEye,,ServerEye is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,"servereye*.exe, ServiceProxyLocalSys.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.server-eye.de""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_network_sigma.yml"", ""Description"": ""Detects potential network activity of ServerEye RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/servereye_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of ServerEye RMM tool""}]",https://www.servereye.de/wp-content/uploads/Anleitung-zur-Erstinstallation_aktuell.pdf,[] Rapid7,,Rapid7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/14/2024,,,,,,,,,,,,"ir_agent.exe, rapid7_agent_core.exe, rapid7_endpoint_broker.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*.analytics.insight.rapid7.com"", ""*.endpoint.ingress.rapid7.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_network_sigma.yml"", ""Description"": ""Detects potential network activity of Rapid7 RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rapid7_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Rapid7 RMM tool""}]",https://docs.rapid7.com/insightvm/configure-communications-with-the-insight-platform/,[] GoToAssist (GoTo Resolve),,GoToAssist (GoTo Resolve) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\ProgramFiles*\GoTo Machine Installer\*, *\GoTo Machine Installer\*, *\GoTo\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] -Ocamlfuse,,Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] GetScreen,,GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"GetScreen.exe, getscreen.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""getscreen.me"", ""GetScreen.me"", ""*.getscreen.me""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_network_sigma.yml"", ""Description"": ""Detects potential network activity of GetScreen RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/getscreen_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of GetScreen RMM tool""}]",https://docs.getscreen.me/self-hosted/system-requirements/,[] MobaXterm,,MobaXterm is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\*\MobaXterm_installer_12.1.msi, *\MobaXterm_installer_*.msi, *\Mobatek\MobaXterm\*","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}",[],,[] CrossTec Remote Control,,CrossTec Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/7/2024,,,,,,,,,,,,"PCIVIDEO.EXE, supporttool.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""crosstecsoftware.com/remotecontrol""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crosstec_remote_control_network_sigma.yml"", ""Description"": ""Detects potential network activity of CrossTec Remote Control RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/crosstec_remote_control_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of CrossTec Remote Control RMM tool""}]",www.crosstecsoftware.com/supporthome.html - domain DOA 2/1/2024,[] Absolute (Computrace),,Absolute (Computrace) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,6/18/2024,,,,,,,,,,,,"rpcnet.exe, ctes.exe, ctespersitence.exe, cteshostsvc.exe, rpcld.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*search.namequery.com"", ""*server.absolute.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/absolute__computrace__network_sigma.yml"", ""Description"": ""Detects potential network activity of Absolute (Computrace) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/absolute__computrace__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Absolute (Computrace) RMM tool""}]",https://community.absolute.com/s/article/Understanding-Absolutes-Endpoint-Agents-Rpcnet-CTES-and-search-namequery-com,[] Xshell,,Xshell is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Program Files (x86)\NetSarang\xShell\*, *\NetSarang\xShell\*, *\xShell.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/xshell_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Xshell RMM tool""}]",,[] -Amazon (Cloud) Drive,,Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,"C:\Users\*\AppData\Local\Amazon\Cloud Drive\*, *\AppData\Local\Amazon\Cloud Drive\*, *\AmazonCloudDrive.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": []}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/amazon__cloud__drive_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Amazon (Cloud) Drive RMM tool""}]",,[] MyGreenPC,,MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/26/2024,,,,,,,,,,,,mygreenpc.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""*mygreenpc.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_network_sigma.yml"", ""Description"": ""Detects potential network activity of MyGreenPC RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/mygreenpc_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of MyGreenPC RMM tool""}]",http://www.mygreenpc.com/,[] Level.io,,Level.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"level-windows-amd64.exe, level.exe, level-remote-control-ffmpeg.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""level.io"", ""*.level.io""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_network_sigma.yml"", ""Description"": ""Detects potential network activity of Level.io RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/level.io_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Level.io RMM tool""}]",https://docs.level.io/1.0/admin-guides/troubleshooting-agent-issues,[] -Microsoft Quick Assist,,Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/9/2024,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Microsoft Quick Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft Quick Assist RMM tool""}]",https://support.microsoft.com/en-us/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca,[] -Manage Engine (Desktop Central),,Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"dcagentservice.exe, dcagentregister.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""desktopcentral.manageengine.com"", ""desktopcentral.manageengine.com.eu"", ""desktopcentral.manageengine.cn"", ""*.dms.zoho.com"", ""*.dms.zoho.com.eu"", ""*.-dms.zoho.com.cn""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__network_sigma.yml"", ""Description"": ""Detects potential network activity of Manage Engine (Desktop Central) RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Manage Engine (Desktop Central) RMM tool""}]",https://www.manageengine.com/products/desktop-central/help/domains-required-for-agent-communication.html,[] +Microsoft Quick Assist,,Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,,,,,,,,,,,,,quickassist.exe,"{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""user_managed"", ""*.support.services.microsoft.com""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_network_sigma.yml"", ""Description"": ""Detects potential network activity of Microsoft Quick Assist RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_quick_assist_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Microsoft Quick Assist RMM tool""}]",https://support.microsoft.com/en-us/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca,[] +Manage Engine (Desktop Central),,Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.,,,2/8/2024,,,,,,,,,,,,"dcagentservice.exe, dcagentregister.exe","{""Disk"": [], ""EventLog"": [], ""Registry"": [], ""Network"": [{""Description"": ""Known remote domains"", ""Domains"": [""desktopcentral.manageengine.com"", ""desktopcentral.manageengine.com.eu"", ""desktopcentral.manageengine.cn"", ""*.dms.zoho.com"", ""*.dms.zoho.com.eu"", ""*.-dms.zoho.com.cn""], ""Ports"": []}]}","[{""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml"", ""Description"": ""Detects potential network activity of Desktop Central RMM tool""}, {""Sigma"": ""https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml"", ""Description"": ""Detects potential processes activity of Desktop Central RMM tool""}]",,[] diff --git a/website/public/api/rmm_tools.json b/website/public/api/rmm_tools.json index 3c67c53..b8d2e84 100644 --- a/website/public/api/rmm_tools.json +++ b/website/public/api/rmm_tools.json @@ -280,9 +280,22 @@ "Disk": [], "EventLog": [], "Registry": [], - "Network": [] + "Network": [ + { + "Description": "Known remote domains", + "Domains": [ + "electric.ai" + ], + "Ports": [] + } + ] }, - "Detections": [], + "Detections": [ + { + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml", + "Description": "Detects potential network activity of Electric RMM tool" + } + ], "References": [ "https://www.electric.ai/product/device-management-solutions - Usess Kaseya/jamf" ], @@ -487,44 +500,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Quick Assist", - "Description": "Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "quickassist.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml", - "Description": "Detects potential processes activity of Quick Assist RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Seetrol", "Description": "Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -1189,40 +1164,6 @@ } ] }, - { - "Name": "CloudBerry Explorer", - "Description": "CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\CloudBerryLab\\CloudBerry Drive\\*", - "*\\CloudBerryLab\\CloudBerry Drive\\*" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, { "Name": "Auvik", "Description": "Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -1278,79 +1219,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Microsoft RDP", - "Description": "Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/8/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "termsrv.exe", - "mstsc.exe", - "Microsoft Remote Desktop" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_rdp_processes_sigma.yml", - "Description": "Detects potential processes activity of Microsoft RDP RMM tool" - } - ], - "References": [ - "https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windows" - ], - "Acknowledgement": [] - }, - { - "Name": "Microsoft OneDrive", - "Description": "Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, { "Name": "Tactical RMM", "Description": "Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -1585,45 +1453,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "ExpanDrive", - "Description": "ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Users\\*\\ExpanDrive.exe", - "*\\ExpanDrive.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/expandrive_processes_sigma.yml", - "Description": "Detects potential processes activity of ExpanDrive RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "OCS inventory", "Description": "OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -1733,46 +1562,6 @@ ], "Acknowledgement": [] }, - { - "Name": "CloudXplorer", - "Description": "CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\ClumsyLeaf Software\\CloudXplorer\\*", - "*\\ClumsyLeaf Software\\CloudXplorer\\*", - "*\\clumsyleaf.cloudxplorer*.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudxplorer_processes_sigma.yml", - "Description": "Detects potential processes activity of CloudXplorer RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Terminals", "Description": "Terminals is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -2359,47 +2148,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Dropbox", - "Description": "Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files (x86)\\Dropbox\\Client\\*", - "*\\Dropbox\\Client\\*", - "*\\Dropbox.exe", - "*Users\\*\\Dropbox\\bin\\" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dropbox_processes_sigma.yml", - "Description": "Detects potential processes activity of Dropbox RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "TightVNC", "Description": "TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -2514,46 +2262,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Box", - "Description": "Box is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\Box\\Box\\*", - "*\\Box\\Box\\*", - "*\\Box.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/box_processes_sigma.yml", - "Description": "Detects potential processes activity of Box RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Sophos-Remote Management System", "Description": "Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -2653,37 +2361,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "Cloud Explorer", - "Description": "Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, { "Name": "Splashtop Remote", "Description": "Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -2745,57 +2422,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Dameware-mini remote control Protocol", - "Description": "Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "dntus*.exe", - "dwrcs.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "dameware.com" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml", - "Description": "Detects potential network activity of Dameware-mini remote control Protocol RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_processes_sigma.yml", - "Description": "Detects potential processes activity of Dameware-mini remote control Protocol RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "rdp2tcp", "Description": "rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -2850,64 +2476,6 @@ ], "Acknowledgement": [] }, - { - "Name": "FleetDesk.io", - "Description": "FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/7/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "fleetdeck_agent_svc.exe", - "fleetdeck_commander_svc.exe", - "fleetdeck_installer.exe", - "fleetdeck_agent.exe", - "fleetdeck_commander_launcher.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "*.fleetdeck.io", - "cognito-idp.us-west-2.amazonaws.com", - "fleetdeck.io" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml", - "Description": "Detects potential network activity of FleetDesk.io RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml", - "Description": "Detects potential processes activity of FleetDesk.io RMM tool" - } - ], - "References": [ - "https://fleetdeck.io/faq/" - ], - "Acknowledgement": [] - }, { "Name": "Jump Cloud", "Description": "Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -3305,37 +2873,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Cloudsfer", - "Description": "Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, { "Name": "LANDesk", "Description": "LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -3399,50 +2936,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Cruz", - "Description": "Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "resources.doradosoftware.com/cruz-rmm" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cruz_network_sigma.yml", - "Description": "Detects potential network activity of Cruz RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "pcAnywhere", "Description": "pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -3688,8 +3181,8 @@ "Acknowledgement": [] }, { - "Name": "ODrive", - "Description": "ODrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", + "Name": "MultCloud", + "Description": "MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", "Author": "", "Created": "", "LastModified": "", @@ -3707,9 +3200,8 @@ "Capabilities": [], "Vulnerabilities": [], "InstallationPaths": [ - "C:\\Users\\*\\current\\", - "*Users\\*\\.odrive", - "*\\Odriveapp.exe" + "requires sign up", + "requires sign up" ] }, "Artifacts": { @@ -3718,21 +3210,16 @@ "Registry": [], "Network": [] }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/odrive_processes_sigma.yml", - "Description": "Detects potential processes activity of ODrive RMM tool" - } - ], + "Detections": [], "References": [], "Acknowledgement": [] }, { - "Name": "MultCloud", - "Description": "MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", + "Name": "Visual Studio Dev Tunnel", + "Description": "Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", "Author": "", "Created": "", - "LastModified": "", + "LastModified": "2/7/2024", "Details": { "Website": "", "PEMetadata": { @@ -3746,41 +3233,7 @@ "SupportedOS": [], "Capabilities": [], "Vulnerabilities": [], - "InstallationPaths": [ - "requires sign up", - "requires sign up" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "Visual Studio Dev Tunnel", - "Description": "Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/7/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] + "InstallationPaths": [] }, "Artifacts": { "Disk": [], @@ -3953,56 +3406,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "Bomgar", - "Description": "Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "bomgar-scc.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "beyondtrust.com/brand/bomgar" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_network_sigma.yml", - "Description": "Detects potential network activity of Bomgar RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/bomgar_processes_sigma.yml", - "Description": "Detects potential processes activity of Bomgar RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "SuperPuTTY", "Description": "SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -4573,46 +3976,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "Azure Storage Explorer", - "Description": "Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files (x86)\\Microsoft Azure Storage Explorer\\*", - "*\\Microsoft Azure Storage Explorer\\*", - "*\\StorageExplorer.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/azure_storage_explorer_processes_sigma.yml", - "Description": "Detects potential processes activity of Azure Storage Explorer RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "NinjaOne (formerly NinjaRMM)", "Description": "NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -4701,73 +4064,6 @@ ], "Acknowledgement": [] }, - { - "Name": "CloudHQ", - "Description": "CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "Raidrive", - "Description": "Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\*\\OpenBoxLab\\RaiDrive\\*", - "*\\OpenBoxLab\\RaiDrive\\*", - "service = raidrive_*", - "Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\OpenBoxLab\\RaiDrive\\Drives" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, { "Name": "RemotePC", "Description": "RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -4952,47 +4248,6 @@ ], "Acknowledgement": [] }, - { - "Name": "aria2", - "Description": "aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\ProgramData\\CentraStage\\AEMAgent\\*", - "*ProgramData\\CentraStage\\AEMAgent\\*", - "*\\Steinberg\\Download Assistant\\3rd Party\\optional\\aria2\\*", - "*\\aria2c.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aria2_processes_sigma.yml", - "Description": "Detects potential processes activity of aria2 RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Pandora RC (eHorus)", "Description": "Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -5778,59 +5033,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "DW Service", - "Description": "DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/7/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "dwagent.exe", - "dwagsvc.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "*.dwservice.net" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_network_sigma.yml", - "Description": "Detects potential network activity of DW Service RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dw_service_processes_sigma.yml", - "Description": "Detects potential processes activity of DW Service RMM tool" - } - ], - "References": [ - "https://news.dwservice.net/dwservice-security-infrastructure/" - ], - "Acknowledgement": [] - }, { "Name": "SecureCRT", "Description": "SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -6446,11 +5648,11 @@ "Acknowledgement": [] }, { - "Name": "Microsoft TSC", - "Description": "Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", + "Name": "NoMachine", + "Description": "NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", "Author": "", "Created": "", - "LastModified": "2/8/2024", + "LastModified": "2/9/2024", "Details": { "Website": "", "PEMetadata": { @@ -6465,102 +5667,9 @@ "Capabilities": [], "Vulnerabilities": [], "InstallationPaths": [ - "termsrv.exe", - "mstsc.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/microsoft_tsc_processes_sigma.yml", - "Description": "Detects potential processes activity of Microsoft TSC RMM tool" - } - ], - "References": [ - "https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-startup-connection-application" - ], - "Acknowledgement": [] - }, - { - "Name": "AweRay (AweSun)", - "Description": "AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "aweray_remote*.exe", - "AweSun.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "asapi-us.aweray.net", - "asapi.aweray.net" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__network_sigma.yml", - "Description": "Detects potential network activity of AweRay (AweSun) RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__processes_sigma.yml", - "Description": "Detects potential processes activity of AweRay (AweSun) RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "NoMachine", - "Description": "NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/9/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "nomachine*.exe", - "nxservice*.ese", - "nxd.exe" + "nomachine*.exe", + "nxservice*.ese", + "nxd.exe" ] }, "Artifacts": { @@ -6646,46 +5755,6 @@ ], "Acknowledgement": [] }, - { - "Name": "TeraCLOUD", - "Description": "TeraCLOUD is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "c:\\*\\TeraCloud.Client*", - "*\\TeraCloud.Client*", - "*\\Livedrive-Setup.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teracloud_processes_sigma.yml", - "Description": "Detects potential processes activity of TeraCLOUD RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Instant Housecall", "Description": "Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -6857,46 +5926,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Air Explorer", - "Description": "Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\airexplorer\\*", - "*\\airexplorer\\*", - "*\\airexplorer.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_explorer_processes_sigma.yml", - "Description": "Detects potential processes activity of Air Explorer RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Bitvise SSH Client", "Description": "Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -6965,7 +5994,9 @@ "Network": [] }, "Detections": [], - "References": [], + "References": [ + "https://github.com/flit/cotvnc" + ], "Acknowledgement": [] }, { @@ -7097,7 +6128,9 @@ "Capabilities": [], "Vulnerabilities": [], "InstallationPaths": [ - "mstsc.exe" + "termsrv.exe", + "mstsc.exe", + "Microsoft Remote Desktop" ] }, "Artifacts": { @@ -7158,7 +6191,9 @@ "Description": "Detects potential network activity of Royal Server RMM tool" } ], - "References": [], + "References": [ + "https://royalapps.com/server/main/features" + ], "Acknowledgement": [] }, { @@ -7345,47 +6380,6 @@ ], "Acknowledgement": [] }, - { - "Name": "GoodSync", - "Description": "GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "installation requires paid version of GoodSync Server", - "installation requires paid version of GoodSync Server", - "GoodSync-vsub-Setup.exe", - "A40B81B36CDC2D24910FC58816E50DCDE21BD1A9" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goodsync_processes_sigma.yml", - "Description": "Detects potential processes activity of GoodSync RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "DesktopNow", "Description": "DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -7469,47 +6463,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "CloudMounter", - "Description": "CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\CloudMounter\\*", - "*\\CloudMounter\\*", - "*\\CloudMounter\\*", - "*\\cloudmounter.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudmounter_processes_sigma.yml", - "Description": "Detects potential processes activity of CloudMounter RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Distant Desktop", "Description": "Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -7530,9 +6483,9 @@ "Capabilities": [], "Vulnerabilities": [], "InstallationPaths": [ - "distant-desktop.exe", + "ddsystem.exe", "dd.exe", - "ddsystem.exe" + "distant-desktop.exe" ] }, "Artifacts": { @@ -7588,6 +6541,7 @@ "SolarWinds-Dameware-DRS*.exe", "DameWare Mini Remote Control*.exe", "C:\\Windows\\dwrcs\\*\n c:\\Program File\\SolarWinds\\Dameware Mini Remote Control\\*", + "dntus*.exe", "dwrcs.exe", "*\\dwrcs\\*", "*\\dwrcst.exe", @@ -7599,9 +6553,21 @@ "Disk": [], "EventLog": [], "Registry": [], - "Network": [] + "Network": [ + { + "Description": "Known remote domains", + "Domains": [ + "dameware.com" + ], + "Ports": [] + } + ] }, "Detections": [ + { + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware-mini_remote_control_protocol_network_sigma.yml", + "Description": "Detects potential network activity of Dameware-mini remote control Protocol RMM tool" + }, { "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dameware_processes_sigma.yml", "Description": "Detects potential processes activity of DameWare RMM tool" @@ -7697,42 +6663,11 @@ "Acknowledgement": [] }, { - "Name": "Bomgar - Now BeyondTrust", - "Description": "Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", + "Name": "ISL Online", + "Description": "ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", "Author": "", "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "ISL Online", - "Description": "ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/8/2024", + "LastModified": "2/8/2024", "Details": { "Website": "", "PEMetadata": { @@ -7843,45 +6778,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Core FTP", - "Description": "Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\*\\coreftplite.exe", - "*\\coreftplite.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/core_ftp_processes_sigma.yml", - "Description": "Detects potential processes activity of Core FTP RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Netreo", "Description": "Netreo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -7931,86 +6827,6 @@ ], "Acknowledgement": [] }, - { - "Name": "CuteFTP", - "Description": "CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files (x86)\\Globalscape\\CuteFTP\\*", - "*\\Globalscape\\CuteFTP\\*", - "*\\cuteftppro.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cuteftp_processes_sigma.yml", - "Description": "Detects potential processes activity of CuteFTP RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "CloudBuckIt", - "Description": "CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files (x86)\\CloudBuckIt\\*", - "*\\CloudBuckIt\\*", - "*\\CloudBuckIt*.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cloudbuckit_processes_sigma.yml", - "Description": "Detects potential processes activity of CloudBuckIt RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "NoteOn-desktop sharing", "Description": "NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -8230,46 +7046,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "FileZilla", - "Description": "FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\FileZilla FTP Client\\*", - "*\\FileZilla FTP Client\\*", - "*\\FileZilla.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/filezilla_processes_sigma.yml", - "Description": "Detects potential processes activity of FileZilla RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "XRDP", "Description": "XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -8415,46 +7191,6 @@ ], "Acknowledgement": [] }, - { - "Name": "pCloud", - "Description": "pCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files (x86)\\pCloud Drive\\", - "*\\pCloud Drive\\", - "*\\pCloud.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcloud_processes_sigma.yml", - "Description": "Detects potential processes activity of pCloud RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Ivanti Remote Control", "Description": "Ivanti Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -8713,56 +7449,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "Desktop Central", - "Description": "Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "dcagentservice.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "desktopcentral.manageengine.com" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml", - "Description": "Detects potential network activity of Desktop Central RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml", - "Description": "Detects potential processes activity of Desktop Central RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "DW Service", "Description": "DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -8850,64 +7536,23 @@ "Domains": [ "*.ntrsupport.com" ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_network_sigma.yml", - "Description": "Detects potential network activity of NTR Remote RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_processes_sigma.yml", - "Description": "Detects potential processes activity of NTR Remote RMM tool" - } - ], - "References": [ - "DOA as of 2024" - ], - "Acknowledgement": [] - }, - { - "Name": "aws-cli", - "Description": "aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\Amazon\\AWSCLI\\*", - "*\\Amazon\\AWSCLI\\*", - "*\\AWSCLIV*.msi", - "*\\AWSCLISetup.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] + "Ports": [] + } + ] }, "Detections": [ { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aws-cli_processes_sigma.yml", - "Description": "Detects potential processes activity of aws-cli RMM tool" + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_network_sigma.yml", + "Description": "Detects potential network activity of NTR Remote RMM tool" + }, + { + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/ntr_remote_processes_sigma.yml", + "Description": "Detects potential processes activity of NTR Remote RMM tool" } ], - "References": [], + "References": [ + "DOA as of 2024" + ], "Acknowledgement": [] }, { @@ -9020,64 +7665,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "BeyondTrust (Bomgar)", - "Description": "BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/7/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "bomgar-scc.exe", - "bomgar-rdp.exe", - "bomgar-scc-*.exe", - "bomgar-pac-*.exe", - "bomgar-pac.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "bomgarcloud.com", - "*.bomgarcloud.com", - "*.beyondtrustcloud.com" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__network_sigma.yml", - "Description": "Detects potential network activity of BeyondTrust (Bomgar) RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/beyondtrust__bomgar__processes_sigma.yml", - "Description": "Detects potential processes activity of BeyondTrust (Bomgar) RMM tool" - } - ], - "References": [ - "https://www.beyondtrust.com/docs/remote-support/getting-started/deployment/cloud/network.htm" - ], - "Acknowledgement": [] - }, { "Name": "Pulseway", "Description": "Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -9788,7 +8375,8 @@ "Vulnerabilities": [], "InstallationPaths": [ "connectwisechat-customer.exe", - "connectwisecontrol.client.exe" + "connectwisecontrol.client.exe", + "screenconnect.windowsclient.exe" ] }, "Artifacts": { @@ -9799,6 +8387,7 @@ { "Description": "Known remote domains", "Domains": [ + "live.screenconnect.com", "control.connectwise.com" ], "Ports": [] @@ -9859,8 +8448,8 @@ "Acknowledgement": [] }, { - "Name": "FleetDeck", - "Description": "FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", + "Name": "FleetDeck.io", + "Description": "FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", "Author": "", "Created": "", "LastModified": "", @@ -9878,7 +8467,11 @@ "Capabilities": [], "Vulnerabilities": [], "InstallationPaths": [ - "fleetdeck_agent_svc.exe" + "fleetdeck_agent_svc.exe", + "fleetdeck_commander_svc.exe", + "fleetdeck_installer.exe", + "fleetdeck_commander_launcher.exe", + "fleetdeck_agent.exe" ] }, "Artifacts": { @@ -9889,6 +8482,8 @@ { "Description": "Known remote domains", "Domains": [ + "*.fleetdeck.io", + "cognito-idp.us-west-2.amazonaws.com", "fleetdeck.io" ], "Ports": [] @@ -9897,15 +8492,17 @@ }, "Detections": [ { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_network_sigma.yml", - "Description": "Detects potential network activity of FleetDeck RMM tool" + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_network_sigma.yml", + "Description": "Detects potential network activity of FleetDesk.io RMM tool" }, { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck_processes_sigma.yml", - "Description": "Detects potential processes activity of FleetDeck RMM tool" + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdesk.io_processes_sigma.yml", + "Description": "Detects potential processes activity of FleetDesk.io RMM tool" } ], - "References": [], + "References": [ + "https://fleetdeck.io/faq/" + ], "Acknowledgement": [] }, { @@ -9963,63 +8560,6 @@ ], "Acknowledgement": [] }, - { - "Name": "ESET Remote Administrator", - "Description": "ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/7/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "einstaller.exe", - "era.exe", - "ERAAgent.exe", - "ezhelp*.exe", - "eratool.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "user_managed", - "eset.com/me/business/remote-management/remote-administrator/" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_network_sigma.yml", - "Description": "Detects potential network activity of ESET Remote Administrator RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/eset_remote_administrator_processes_sigma.yml", - "Description": "Detects potential processes activity of ESET Remote Administrator RMM tool" - } - ], - "References": [ - "eset.com/me/business/remote-management/remote-administrator/" - ], - "Acknowledgement": [] - }, { "Name": "ToDesk", "Description": "ToDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -10077,61 +8617,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Distant Desktop", - "Description": "Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/8/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "ddsystem.exe", - "dd.exe", - "distant-desktop.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "*.distantdesktop.com", - "*signalserver.xyz" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_network_sigma.yml", - "Description": "Detects potential network activity of Distant Desktop RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/distant_desktop_processes_sigma.yml", - "Description": "Detects potential processes activity of Distant Desktop RMM tool" - } - ], - "References": [ - "https://www.distantdesktop.com/manual/first-start.htm" - ], - "Acknowledgement": [] - }, { "Name": "RAdmin", "Description": "RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.\n", @@ -10914,37 +9399,6 @@ ], "Acknowledgement": [] }, - { - "Name": "CloudFuze", - "Description": "CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, { "Name": "Free Tools Launcher", "Description": "Free Tools Launcher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -11125,39 +9579,8 @@ { "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/kitty_processes_sigma.yml", "Description": "Detects potential processes activity of KiTTY RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "Proton Drive", - "Description": "Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], + } + ], "References": [], "Acknowledgement": [] }, @@ -11449,46 +9872,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Cyberduck", - "Description": "Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\Cyberduck\\*", - "*\\Cyberduck\\*", - "*\\Cyberduck.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/cyberduck_processes_sigma.yml", - "Description": "Detects potential processes activity of Cyberduck RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Iperius Remote", "Description": "Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -11842,46 +10225,9 @@ "Network": [] }, "Detections": [], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "DriveMaker", - "Description": "DriveMaker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\*\\DriveMaker.exe", - "*\\DriveMaker.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/drivemaker_processes_sigma.yml", - "Description": "Detects potential processes activity of DriveMaker RMM tool" - } + "References": [ + "https://wiki.x2go.org/doku.php" ], - "References": [], "Acknowledgement": [] }, { @@ -12035,48 +10381,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "Google Drive", - "Description": "Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\Google\\Drive File Stream\\*", - "*\\Google\\Drive File Stream\\*", - "*Users\\*\\AppData\\*\\Google\\DriveFS*", - "G:\\My Drive*", - "*\\GoogleDriveFS.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/google_drive_processes_sigma.yml", - "Description": "Detects potential processes activity of Google Drive RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Netop", "Description": "Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -12544,73 +10848,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "FixMe.it", - "Description": "FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/7/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "FixMeit Unattended Access Setup.exe", - "TiExpertStandalone.exe", - "FixMeitClient*.exe", - "FixMeit Client.exe", - "FixMeit Expert Setup.exe", - "TiExpertCore.exe", - "fixmeitclient.exe", - "TiClientCore.exe", - "TiClientHelper*.exe", - "no installation required | recommend blocking fixme[.]it SaaS portal", - "no installation required | recommend blocking fixme[.]it SaaS portal", - "9380CC75B872221A7425D7503565B67580407F60" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "*.fixme.it", - "*.techinline.net", - "fixme.it", - "*set.me", - "*setme.net" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_network_sigma.yml", - "Description": "Detects potential network activity of FixMe.it RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme.it_processes_sigma.yml", - "Description": "Detects potential processes activity of FixMe.it RMM tool" - } - ], - "References": [ - "https://docs.fixme.it/general-questions/which-ports-and-servers-does-fixme-it-use" - ], - "Acknowledgement": [] - }, { "Name": "RDPView", "Description": "RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -12872,50 +11109,6 @@ ], "Acknowledgement": [] }, - { - "Name": "Electric", - "Description": "Electric is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "electric.ai" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/electric_network_sigma.yml", - "Description": "Detects potential network activity of Electric RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Site24x7", "Description": "Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -13263,7 +11456,8 @@ "Capabilities": [], "Vulnerabilities": [], "InstallationPaths": [ - "termsrv.exe" + "termsrv.exe", + "mstsc.exe" ] }, "Artifacts": { @@ -13496,11 +11690,11 @@ "Acknowledgement": [] }, { - "Name": "FixMe", - "Description": "FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", + "Name": "FixMe.it", + "Description": "FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", "Author": "", "Created": "", - "LastModified": "", + "LastModified": "2/7/2024", "Details": { "Website": "", "PEMetadata": { @@ -13520,7 +11714,12 @@ "FixMeitClient*.exe", "TiExpertCore.exe", "FixMeit Unattended Access Setup.exe", - "FixMeit Expert Setup.exe" + "FixMeit Expert Setup.exe", + "TiExpertCore.exe", + "fixmeitclient.exe", + "TiClientCore.exe", + "TiClientHelper*.exe", + "9380CC75B872221A7425D7503565B67580407F60" ] }, "Artifacts": { @@ -13531,7 +11730,11 @@ { "Description": "Known remote domains", "Domains": [ - "fixme.it" + "*.fixme.it", + "*.techinline.net", + "fixme.it", + "*set.me", + "*setme.net" ], "Ports": [] } @@ -13543,49 +11746,8 @@ "Description": "Detects potential network activity of FixMe RMM tool" }, { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml", - "Description": "Detects potential processes activity of FixMe RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "rclone", - "Description": "rclone is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "portable tool. No install path", - "portable tool. No install path", - "rclone*.zip", - "*\\rclone.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rclone_processes_sigma.yml", - "Description": "Detects potential processes activity of rclone RMM tool" + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fixme_processes_sigma.yml", + "Description": "Detects potential processes activity of FixMe RMM tool" } ], "References": [], @@ -14306,46 +12468,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "Air Live Drive", - "Description": "Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\AirLiveDrive\\*", - "*\\AirLiveDrive\\*", - "*\\AirLiveDrive.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_live_drive_processes_sigma.yml", - "Description": "Detects potential processes activity of Air Live Drive RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "Rocket Remote Desktop", "Description": "Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -15446,241 +13568,27 @@ "*.islonline.net" ], "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml", - "Description": "Detects potential network activity of ISL Online RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml", - "Description": "Detects potential processes activity of ISL Online RMM tool" - } - ], - "References": [ - "https://help.islonline.com/19818/165940" - ], - "Acknowledgement": [] - }, - { - "Name": "DragonDisk", - "Description": "DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files (x86)\\Almageste\\DragonDisk\\*", - "*\\Almageste\\DragonDisk\\*", - "*\\DragonDisk.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dragondisk_processes_sigma.yml", - "Description": "Detects potential processes activity of DragonDisk RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "FleetDeck.io", - "Description": "FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "fleetdeck_agent_svc.exe", - "fleetdeck_commander_svc.exe", - "fleetdeck_installer.exe", - "fleetdeck_commander_launcher.exe", - "fleetdeck_agent.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "fleetdeck.io" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_network_sigma.yml", - "Description": "Detects potential network activity of FleetDeck.io RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/fleetdeck.io_processes_sigma.yml", - "Description": "Detects potential processes activity of FleetDeck.io RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "Chrome Remote Desktop", - "Description": "Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "2/7/2024", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "remote_host.exe", - "remoting_host.exe", - "C:\\Program Files (x86)\\Google\\Chrome Remote Desktop\\*", - "*\\Google\\Chrome Remote Desktop\\*", - "*\\remoting_host.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "*remotedesktop-pa.googleapis.com", - "*remotedesktop.google.com", - "remotedesktop.google.com" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_network_sigma.yml", - "Description": "Detects potential network activity of Chrome Remote Desktop RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/chrome_remote_desktop_processes_sigma.yml", - "Description": "Detects potential processes activity of Chrome Remote Desktop RMM tool" - } - ], - "References": [ - "https://support.google.com/chrome/a/answer/2799701?hl=en" - ], - "Acknowledgement": [] - }, - { - "Name": "RealVNC", - "Description": "RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, - { - "Name": "rsync", - "Description": "rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] + } + ] }, - "Detections": [], - "References": [], + "Detections": [ + { + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_network_sigma.yml", + "Description": "Detects potential network activity of ISL Online RMM tool" + }, + { + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/isl_online_processes_sigma.yml", + "Description": "Detects potential processes activity of ISL Online RMM tool" + } + ], + "References": [ + "https://help.islonline.com/19818/165940" + ], "Acknowledgement": [] }, { - "Name": "Datto", - "Description": "Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", + "Name": "DragonDisk", + "Description": "DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", "Author": "", "Created": "", "LastModified": "", @@ -15697,34 +13605,30 @@ "SupportedOS": [], "Capabilities": [], "Vulnerabilities": [], - "InstallationPaths": [] + "InstallationPaths": [ + "C:\\Program Files (x86)\\Almageste\\DragonDisk\\*", + "*\\Almageste\\DragonDisk\\*", + "*\\DragonDisk.exe" + ] }, "Artifacts": { "Disk": [], "EventLog": [], "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "datto.com" - ], - "Ports": [] - } - ] + "Network": [] }, "Detections": [ { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/datto_network_sigma.yml", - "Description": "Detects potential network activity of Datto RMM tool" + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/dragondisk_processes_sigma.yml", + "Description": "Detects potential processes activity of DragonDisk RMM tool" } ], "References": [], "Acknowledgement": [] }, { - "Name": "CloudExplorer", - "Description": "CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", + "Name": "RealVNC", + "Description": "RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", "Author": "", "Created": "", "LastModified": "", @@ -15844,60 +13748,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "ConnectWise Control", - "Description": "ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "screenconnect.clientservice.exe", - "connectwisecontrol.client.exe", - "screenconnect.windowsclient.exe", - "connectwisechat-customer.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [ - { - "Description": "Known remote domains", - "Domains": [ - "live.screenconnect.com", - "control.connectwise.com" - ], - "Ports": [] - } - ] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_network_sigma.yml", - "Description": "Detects potential network activity of ConnectWise Control RMM tool" - }, - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/connectwise_control_processes_sigma.yml", - "Description": "Detects potential processes activity of ConnectWise Control RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "RemoteView", "Description": "RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -16182,40 +14032,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "Cloud Turtle", - "Description": "Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files (x86)\\Genie9\\*", - "*\\Genie9\\*" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, { "Name": "Apple Remote Desktop", "Description": "Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -16298,37 +14114,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "CloudGopher", - "Description": "CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, { "Name": "NetSupport Manager", "Description": "NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -16611,46 +14396,6 @@ ], "Acknowledgement": [] }, - { - "Name": "FreeFileSync", - "Description": "FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Program Files\\FreeFileSync\\*", - "*\\FreeFileSync\\*", - "*\\FreeFileSync.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/freefilesync_processes_sigma.yml", - "Description": "Detects potential processes activity of FreeFileSync RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "ITSupport247 (ConnectWise)", "Description": "ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -16905,37 +14650,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "Ocamlfuse", - "Description": "Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [], - "References": [], - "Acknowledgement": [] - }, { "Name": "GetScreen", "Description": "GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -17177,46 +14891,6 @@ "References": [], "Acknowledgement": [] }, - { - "Name": "Amazon (Cloud) Drive", - "Description": "Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", - "Author": "", - "Created": "", - "LastModified": "", - "Details": { - "Website": "", - "PEMetadata": { - "Filename": "", - "OriginalFileName": "", - "Description": "" - }, - "Privileges": "", - "Free": "", - "Verification": "", - "SupportedOS": [], - "Capabilities": [], - "Vulnerabilities": [], - "InstallationPaths": [ - "C:\\Users\\*\\AppData\\Local\\Amazon\\Cloud Drive\\*", - "*\\AppData\\Local\\Amazon\\Cloud Drive\\*", - "*\\AmazonCloudDrive.exe" - ] - }, - "Artifacts": { - "Disk": [], - "EventLog": [], - "Registry": [], - "Network": [] - }, - "Detections": [ - { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/amazon__cloud__drive_processes_sigma.yml", - "Description": "Detects potential processes activity of Amazon (Cloud) Drive RMM tool" - } - ], - "References": [], - "Acknowledgement": [] - }, { "Name": "MyGreenPC", "Description": "MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", @@ -17329,7 +15003,7 @@ "Description": "Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.", "Author": "", "Created": "", - "LastModified": "2/9/2024", + "LastModified": "", "Details": { "Website": "", "PEMetadata": { @@ -17355,7 +15029,8 @@ { "Description": "Known remote domains", "Domains": [ - "user_managed" + "user_managed", + "*.support.services.microsoft.com" ], "Ports": [] } @@ -17421,17 +15096,15 @@ }, "Detections": [ { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__network_sigma.yml", - "Description": "Detects potential network activity of Manage Engine (Desktop Central) RMM tool" + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_network_sigma.yml", + "Description": "Detects potential network activity of Desktop Central RMM tool" }, { - "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/manage_engine__desktop_central__processes_sigma.yml", - "Description": "Detects potential processes activity of Manage Engine (Desktop Central) RMM tool" + "Sigma": "https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/desktop_central_processes_sigma.yml", + "Description": "Detects potential processes activity of Desktop Central RMM tool" } ], - "References": [ - "https://www.manageengine.com/products/desktop-central/help/domains-required-for-agent-communication.html" - ], + "References": [], "Acknowledgement": [] } ] \ No newline at end of file diff --git a/website/public/rmm_tools_table.csv b/website/public/rmm_tools_table.csv index b19481b..d107196 100644 --- a/website/public/rmm_tools_table.csv +++ b/website/public/rmm_tools_table.csv @@ -9,7 +9,6 @@ Name,Category,Description,Author [Any Support](/rmm_tools/any_support),,Any Support is a remote monitoring and management (RMM) tool. More information will be added as it b..., [PDQ Connect](/rmm_tools/pdq_connect),,PDQ Connect is a remote monitoring and management (RMM) tool. More information will be added as it b..., [Pcnow](/rmm_tools/pcnow),,Pcnow is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[Quick Assist](/rmm_tools/quick_assist),,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it ..., [Seetrol](/rmm_tools/seetrol),,Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becom..., [CarotDAV](/rmm_tools/carotdav),,CarotDAV is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Goverlan](/rmm_tools/goverlan),,Goverlan is a remote monitoring and management (RMM) tool. More information will be added as it beco..., @@ -21,19 +20,14 @@ Name,Category,Description,Author [Remote Desktop Manager (Devolutions)](/rmm_tools/remote_desktop_manager__devolutions_),,Remote Desktop Manager (Devolutions) is a remote monitoring and management (RMM) tool. More informat..., [BeyondTrust (Bomgar)](/rmm_tools/beyondtrust__bomgar_),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be adde..., [Alpemix](/rmm_tools/alpemix),,Alpemix is a remote monitoring and management (RMM) tool. More information will be added as it becom...,Nasreddine Bencherchali -[CloudBerry Explorer](/rmm_tools/cloudberry_explorer),,CloudBerry Explorer is a remote monitoring and management (RMM) tool. More information will be added..., [Auvik](/rmm_tools/auvik),,Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[Microsoft RDP](/rmm_tools/microsoft_rdp),,Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it..., -[Microsoft OneDrive](/rmm_tools/microsoft_onedrive),,Microsoft OneDrive is a remote monitoring and management (RMM) tool. More information will be added ..., [Tactical RMM](/rmm_tools/tactical_rmm),,Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it ..., [MioNet (WD Anywhere Access)](/rmm_tools/mionet__wd_anywhere_access_),,MioNet (WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will ..., [Comodo RMM](/rmm_tools/comodo_rmm),,Comodo RMM is a remote monitoring and management (RMM) tool. More information will be added as it be..., [Pocket Controller](/rmm_tools/pocket_controller),,Pocket Controller is a remote monitoring and management (RMM) tool. More information will be added a..., [NordLocker](/rmm_tools/nordlocker),,NordLocker is a remote monitoring and management (RMM) tool. More information will be added as it be..., -[ExpanDrive](/rmm_tools/expandrive),,ExpanDrive is a remote monitoring and management (RMM) tool. More information will be added as it be..., [OCS inventory](/rmm_tools/ocs_inventory),,OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it..., [GotoHTTP](/rmm_tools/gotohttp),,GotoHTTP is a remote monitoring and management (RMM) tool. More information will be added as it beco..., -[CloudXplorer](/rmm_tools/cloudxplorer),,CloudXplorer is a remote monitoring and management (RMM) tool. More information will be added as it ..., [Terminals](/rmm_tools/terminals),,Terminals is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [RPort](/rmm_tools/rport),,RPort is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., [CentraStage (Now Datto)](/rmm_tools/centrastage__now_datto_),,CentraStage (Now Datto) is a remote monitoring and management (RMM) tool. More information will be a..., @@ -45,17 +39,12 @@ Name,Category,Description,Author [ScreenMeet](/rmm_tools/screenmeet),,ScreenMeet is a remote monitoring and management (RMM) tool. More information will be added as it be..., [RES Automation Manager](/rmm_tools/res_automation_manager),,RES Automation Manager is a remote monitoring and management (RMM) tool. More information will be ad..., [Anyplace Control](/rmm_tools/anyplace_control),,Anyplace Control is a remote monitoring and management (RMM) tool. More information will be added as..., -[Dropbox](/rmm_tools/dropbox),,Dropbox is a remote monitoring and management (RMM) tool. More information will be added as it becom..., [TightVNC](/rmm_tools/tightvnc),,TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [LiteManager](/rmm_tools/litemanager),,LiteManager is a remote monitoring and management (RMM) tool. More information will be added as it b..., -[Box](/rmm_tools/box),,Box is a remote monitoring and management (RMM) tool. More information will be added as it becomes a..., [Sophos-Remote Management System](/rmm_tools/sophos-remote_management_system),,Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information w..., [ManageEngine](/rmm_tools/manageengine),,ManageEngine is a remote monitoring and management (RMM) tool. More information will be added as it ..., -[Cloud Explorer](/rmm_tools/cloud_explorer),,Cloud Explorer is a remote monitoring and management (RMM) tool. More information will be added as i..., [Splashtop Remote](/rmm_tools/splashtop_remote),,Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as..., -[Dameware-mini remote control Protocol](/rmm_tools/dameware-mini_remote_control_protocol),,Dameware-mini remote control Protocol is a remote monitoring and management (RMM) tool. More informa..., [rdp2tcp](/rmm_tools/rdp2tcp),,rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becom..., -[FleetDesk.io](/rmm_tools/fleetdesk.io),,FleetDesk.io is a remote monitoring and management (RMM) tool. More information will be added as it ..., [Jump Cloud](/rmm_tools/jump_cloud),,Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it be..., [RuDesktop](/rmm_tools/rudesktop),,RuDesktop is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [LogMeIn](/rmm_tools/logmein),,LogMeIn is a remote monitoring and management (RMM) tool. More information will be added as it becom...,Nasreddine Bencherchali @@ -63,21 +52,17 @@ Name,Category,Description,Author [NetSupport Manager](/rmm_tools/netsupport_manager),,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added ..., [Pocket Cloud (Wyse)](/rmm_tools/pocket_cloud__wyse_),,Pocket Cloud (Wyse) is a remote monitoring and management (RMM) tool. More information will be added..., [Guacamole](/rmm_tools/guacamole),,Guacamole is a remote monitoring and management (RMM) tool. More information will be added as it bec..., -[Cloudsfer](/rmm_tools/cloudsfer),,Cloudsfer is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [LANDesk](/rmm_tools/landesk),,LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becom..., -[Cruz](/rmm_tools/cruz),,Cruz is a remote monitoring and management (RMM) tool. More information will be added as it becomes ..., [pcAnywhere](/rmm_tools/pcanywhere),,pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it be..., [mstsc](/rmm_tools/mstsc),,mstsc is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., [FreeNX](/rmm_tools/freenx),,FreeNX is a remote monitoring and management (RMM) tool. More information will be added as it become..., [PSEXEC (Clone)](/rmm_tools/psexec__clone_),,PSEXEC (Clone) is a remote monitoring and management (RMM) tool. More information will be added as i..., [SpyAnywhere](/rmm_tools/spyanywhere),,SpyAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it b..., -[ODrive](/rmm_tools/odrive),,ODrive is a remote monitoring and management (RMM) tool. More information will be added as it become..., [MultCloud](/rmm_tools/multcloud),,MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Visual Studio Dev Tunnel](/rmm_tools/visual_studio_dev_tunnel),,Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be ..., [Xpra](/rmm_tools/xpra),,Xpra is a remote monitoring and management (RMM) tool. More information will be added as it becomes ..., [Royal Apps](/rmm_tools/royal_apps),,Royal Apps is a remote monitoring and management (RMM) tool. More information will be added as it be..., [eHorus](/rmm_tools/ehorus),,eHorus is a remote monitoring and management (RMM) tool. More information will be added as it become..., -[Bomgar](/rmm_tools/bomgar),,Bomgar is a remote monitoring and management (RMM) tool. More information will be added as it become..., [SuperPuTTY](/rmm_tools/superputty),,SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it be..., [ZeroTier](/rmm_tools/zerotier),,ZeroTier is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Devolutions Remote Desktop Manager](/rmm_tools/devolutions_remote_desktop_manager),,Devolutions Remote Desktop Manager is a remote monitoring and management (RMM) tool. More informatio..., @@ -86,15 +71,11 @@ Name,Category,Description,Author [AnyDesk](/rmm_tools/anydesk),RMM,AnyDesk is a popular remote desktop software that enables users to access and control a computer or ...,"Ali Alwashali, Nasreddine Bencherchali" [Free Ping Tool](/rmm_tools/free_ping_tool),,Free Ping Tool is a remote monitoring and management (RMM) tool. More information will be added as i..., [S3 Browser](/rmm_tools/s3_browser),,S3 Browser is a remote monitoring and management (RMM) tool. More information will be added as it be..., -[Azure Storage Explorer](/rmm_tools/azure_storage_explorer),,Azure Storage Explorer is a remote monitoring and management (RMM) tool. More information will be ad..., [NinjaOne (formerly NinjaRMM)](/rmm_tools/ninjaone__formerly_ninjarmm_),,NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will..., [Adobe Connect](/rmm_tools/adobe_connect),,Adobe Connect is a remote monitoring and management (RMM) tool. More information will be added as it..., -[CloudHQ](/rmm_tools/cloudhq),,CloudHQ is a remote monitoring and management (RMM) tool. More information will be added as it becom..., -[Raidrive](/rmm_tools/raidrive),,Raidrive is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [RemotePC](/rmm_tools/remotepc),,RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [LogMeIn rescue](/rmm_tools/logmein_rescue),,LogMeIn rescue is a remote monitoring and management (RMM) tool. More information will be added as i..., [UltraViewer](/rmm_tools/ultraviewer),,UltraViewer is a remote monitoring and management (RMM) tool. More information will be added as it b..., -[aria2](/rmm_tools/aria2),,aria2 is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., [Pandora RC (eHorus)](/rmm_tools/pandora_rc__ehorus_),,Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added..., [IntelliAdmin Remote Control](/rmm_tools/intelliadmin_remote_control),,IntelliAdmin Remote Control is a remote monitoring and management (RMM) tool. More information will ..., [MEGAsync](/rmm_tools/megasync),,MEGAsync is a remote monitoring and management (RMM) tool. More information will be added as it beco..., @@ -107,7 +88,6 @@ Name,Category,Description,Author [TeamViewer](/rmm_tools/teamviewer),,"TeamViewer is a remote monitoring and management (RMM) tool. ...","Nasreddine Bencherchali, Michael Haag" [Access Remote PC](/rmm_tools/access_remote_pc),,Access Remote PC is a remote monitoring and management (RMM) tool. More information will be added as..., -[DW Service](/rmm_tools/dw_service),,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it be..., [SecureCRT](/rmm_tools/securecrt),,SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Acronic Cyber Protect (Remotix)](/rmm_tools/acronic_cyber_protect__remotix_),,Acronic Cyber Protect (Remotix) is a remote monitoring and management (RMM) tool. More information w..., [Sorillus](/rmm_tools/sorillus),,Sorillus is a remote monitoring and management (RMM) tool. More information will be added as it beco..., @@ -117,15 +97,11 @@ Name,Category,Description,Author [Splashtop](/rmm_tools/splashtop),,Splashtop is a remote monitoring and management (RMM) tool. More information will be added as it bec...,Nasreddine Bencherchali [ManageEngine RMM Central](/rmm_tools/manageengine_rmm_central),,ManageEngine RMM Central is a remote monitoring and management (RMM) tool. More information will be ..., [AeroAdmin](/rmm_tools/aeroadmin),,AeroAdmin is a remote monitoring and management (RMM) tool. More information will be added as it bec..., -[Microsoft TSC](/rmm_tools/microsoft_tsc),,Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it..., -[AweRay (AweSun)](/rmm_tools/aweray__awesun_),,AweRay (AweSun) is a remote monitoring and management (RMM) tool. More information will be added as ..., [NoMachine](/rmm_tools/nomachine),,NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [UltraVNC](/rmm_tools/ultravnc),,UltraVNC is a remote monitoring and management (RMM) tool. More information will be added as it beco..., -[TeraCLOUD](/rmm_tools/teracloud),,TeraCLOUD is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Instant Housecall](/rmm_tools/instant_housecall),,Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added a..., [NinjaRMM](/rmm_tools/ninjarmm),,NinjaRMM is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [ngrok](/rmm_tools/ngrok),,ngrok is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[Air Explorer](/rmm_tools/air_explorer),,Air Explorer is a remote monitoring and management (RMM) tool. More information will be added as it ..., [Bitvise SSH Client](/rmm_tools/bitvise_ssh_client),,Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added ..., [Chicken (of the VNC)](/rmm_tools/chicken__of_the_vnc_),,Chicken (of the VNC) is a remote monitoring and management (RMM) tool. More information will be adde..., [SkyFex](/rmm_tools/skyfex),,SkyFex is a remote monitoring and management (RMM) tool. More information will be added as it become..., @@ -136,43 +112,32 @@ Name,Category,Description,Author [Duplicati](/rmm_tools/duplicati),,Duplicati is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Remote Desktop Plus](/rmm_tools/remote_desktop_plus),,Remote Desktop Plus is a remote monitoring and management (RMM) tool. More information will be added..., [ITSupport247 (ConnectWise)](/rmm_tools/itsupport247__connectwise_),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will b..., -[GoodSync](/rmm_tools/goodsync),,GoodSync is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [DesktopNow](/rmm_tools/desktopnow),,DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it be..., [Remmina](/rmm_tools/remmina),,Remmina is a remote monitoring and management (RMM) tool. More information will be added as it becom..., -[CloudMounter](/rmm_tools/cloudmounter),,CloudMounter is a remote monitoring and management (RMM) tool. More information will be added as it ..., [Distant Desktop](/rmm_tools/distant_desktop),,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as ..., [DameWare](/rmm_tools/dameware),,DameWare is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Level](/rmm_tools/level),,Level is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., [Insync](/rmm_tools/insync),,Insync is a remote monitoring and management (RMM) tool. More information will be added as it become..., -[Bomgar - Now BeyondTrust](/rmm_tools/bomgar_-_now_beyondtrust),,Bomgar - Now BeyondTrust is a remote monitoring and management (RMM) tool. More information will be ..., [ISL Online](/rmm_tools/isl_online),,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it be..., [Remote.it](/rmm_tools/remote.it),,Remote.it is a remote monitoring and management (RMM) tool. More information will be added as it bec..., -[Core FTP](/rmm_tools/core_ftp),,Core FTP is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Netreo](/rmm_tools/netreo),,Netreo is a remote monitoring and management (RMM) tool. More information will be added as it become..., -[CuteFTP](/rmm_tools/cuteftp),,CuteFTP is a remote monitoring and management (RMM) tool. More information will be added as it becom..., -[CloudBuckIt](/rmm_tools/cloudbuckit),,CloudBuckIt is a remote monitoring and management (RMM) tool. More information will be added as it b..., [NoteOn-desktop sharing](/rmm_tools/noteon-desktop_sharing),,NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be ad..., [Royal TS](/rmm_tools/royal_ts),,Royal TS is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [DeskNets](/rmm_tools/desknets),,DeskNets is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [QQ IM-remote assistance](/rmm_tools/qq_im-remote_assistance),,QQ IM-remote assistance is a remote monitoring and management (RMM) tool. More information will be a..., [PuTTY Tray](/rmm_tools/putty_tray),,PuTTY Tray is a remote monitoring and management (RMM) tool. More information will be added as it be..., -[FileZilla](/rmm_tools/filezilla),,FileZilla is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [XRDP](/rmm_tools/xrdp),,XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes ..., [FastViewer](/rmm_tools/fastviewer),,FastViewer is a remote monitoring and management (RMM) tool. More information will be added as it be..., [Jump Desktop](/rmm_tools/jump_desktop),,Jump Desktop is a remote monitoring and management (RMM) tool. More information will be added as it ..., -[pCloud](/rmm_tools/pcloud),,pCloud is a remote monitoring and management (RMM) tool. More information will be added as it become..., [Ivanti Remote Control](/rmm_tools/ivanti_remote_control),,Ivanti Remote Control is a remote monitoring and management (RMM) tool. More information will be add..., [BeInSync](/rmm_tools/beinsync),,BeInSync is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [NateOn-desktop sharing](/rmm_tools/nateon-desktop_sharing),,NateOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be ad..., [Xeox](/rmm_tools/xeox),,Xeox is a remote monitoring and management (RMM) tool. More information will be added as it becomes ..., [WinSCP](/rmm_tools/winscp),,WinSCP is a remote monitoring and management (RMM) tool. More information will be added as it become..., -[Desktop Central](/rmm_tools/desktop_central),,Desktop Central is a remote monitoring and management (RMM) tool. More information will be added as ..., [DW Service](/rmm_tools/dw_service),,DW Service is a remote monitoring and management (RMM) tool. More information will be added as it be..., [NTR Remote](/rmm_tools/ntr_remote),,NTR Remote is a remote monitoring and management (RMM) tool. More information will be added as it be..., -[aws-cli](/rmm_tools/aws-cli),,aws-cli is a remote monitoring and management (RMM) tool. More information will be added as it becom..., [TurboMeeting](/rmm_tools/turbomeeting),,TurboMeeting is a remote monitoring and management (RMM) tool. More information will be added as it ..., [RemoteUtilities](/rmm_tools/remoteutilities),,RemoteUtilities is a remote monitoring and management (RMM) tool. More information will be added as ..., -[BeyondTrust (Bomgar)](/rmm_tools/beyondtrust__bomgar_),,BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be adde..., [Pulseway](/rmm_tools/pulseway),,Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Panorama9](/rmm_tools/panorama9),,Panorama9 is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Atera](/rmm_tools/atera),,Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransom..., @@ -183,11 +148,9 @@ Name,Category,Description,Author [Netviewer](/rmm_tools/netviewer),,Netviewer is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [ConnectWise Control](/rmm_tools/connectwise_control),,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added..., [ExtraPuTTY](/rmm_tools/extraputty),,ExtraPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it be..., -[FleetDeck](/rmm_tools/fleetdeck),,FleetDeck is a remote monitoring and management (RMM) tool. More information will be added as it bec..., +[FleetDeck.io](/rmm_tools/fleetdeck.io),,FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it ..., [HelpU](/rmm_tools/helpu),,HelpU is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[ESET Remote Administrator](/rmm_tools/eset_remote_administrator),,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be..., [ToDesk](/rmm_tools/todesk),,ToDesk is a remote monitoring and management (RMM) tool. More information will be added as it become..., -[Distant Desktop](/rmm_tools/distant_desktop),,Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as ..., [RAdmin](/rmm_tools/radmin),,RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it become...,Nasreddine Bencherchali [CrossLoop](/rmm_tools/crossloop),,CrossLoop is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Centurion](/rmm_tools/centurion),,Centurion is a remote monitoring and management (RMM) tool. More information will be added as it bec..., @@ -202,19 +165,16 @@ Name,Category,Description,Author [Impero Connect](/rmm_tools/impero_connect),,Impero Connect is a remote monitoring and management (RMM) tool. More information will be added as i..., [247ithelp.com (ConnectWise)](/rmm_tools/247ithelp.com__connectwise_),,247ithelp.com (ConnectWise) is a remote monitoring and management (RMM) tool. More information will ..., [Remobo](/rmm_tools/remobo),,Remobo is a remote monitoring and management (RMM) tool. More information will be added as it become..., -[CloudFuze](/rmm_tools/cloudfuze),,CloudFuze is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Free Tools Launcher](/rmm_tools/free_tools_launcher),,Free Tools Launcher is a remote monitoring and management (RMM) tool. More information will be added..., [Echoware](/rmm_tools/echoware),,Echoware is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Zoho Assist](/rmm_tools/zoho_assist),,Zoho Assist is a remote monitoring and management (RMM) tool. More information will be added as it b..., [KiTTY](/rmm_tools/kitty),,KiTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[Proton Drive](/rmm_tools/proton_drive),,Proton Drive is a remote monitoring and management (RMM) tool. More information will be added as it ..., [SimpleHelp](/rmm_tools/simplehelp),,SimpleHelp is a remote monitoring and management (RMM) tool. More information will be added as it be..., [CloudFlare Tunnel](/rmm_tools/cloudflare_tunnel),,CloudFlare Tunnel is a remote monitoring and management (RMM) tool. More information will be added a..., [GoTo Opener](/rmm_tools/goto_opener),,GoTo Opener is a remote monitoring and management (RMM) tool. More information will be added as it b..., [Pcvisit](/rmm_tools/pcvisit),,Pcvisit is a remote monitoring and management (RMM) tool. More information will be added as it becom..., [Mocha VNC Lite](/rmm_tools/mocha_vnc_lite),,Mocha VNC Lite is a remote monitoring and management (RMM) tool. More information will be added as i..., [Laplink Gold](/rmm_tools/laplink_gold),,Laplink Gold is a remote monitoring and management (RMM) tool. More information will be added as it ..., -[Cyberduck](/rmm_tools/cyberduck),,Cyberduck is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Iperius Remote](/rmm_tools/iperius_remote),,Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as i..., [BeamYourScreen](/rmm_tools/beamyourscreen),,BeamYourScreen is a remote monitoring and management (RMM) tool. More information will be added as i..., [TeleDesktop](/rmm_tools/teledesktop),,TeleDesktop is a remote monitoring and management (RMM) tool. More information will be added as it b..., @@ -222,11 +182,9 @@ Name,Category,Description,Author [Basecamp](/rmm_tools/basecamp),,Basecamp is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Weezo](/rmm_tools/weezo),,Weezo is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., [X2Go](/rmm_tools/x2go),,X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes ..., -[DriveMaker](/rmm_tools/drivemaker),,DriveMaker is a remote monitoring and management (RMM) tool. More information will be added as it be..., [Dev Tunnels (aka Visual Studio Dev Tunnel)](/rmm_tools/dev_tunnels__aka_visual_studio_dev_tunnel_),,Dev Tunnels (aka Visual Studio Dev Tunnel) is a remote monitoring and management (RMM) tool. More in..., [Connectwise Automate (LabTech)](/rmm_tools/connectwise_automate__labtech_),,Connectwise Automate (LabTech) is a remote monitoring and management (RMM) tool. More information wi..., [Splashtop (Beta)](/rmm_tools/splashtop__beta_),,Splashtop (Beta) is a remote monitoring and management (RMM) tool. More information will be added as..., -[Google Drive](/rmm_tools/google_drive),,Google Drive is a remote monitoring and management (RMM) tool. More information will be added as it ..., [Netop](/rmm_tools/netop),,Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., [Kaseya (VSA)](/rmm_tools/kaseya__vsa_),,Kaseya (VSA) aka Unigma is a remote monitoring and management (RMM) tool. More information will be a...,Nasreddine Bencherchali [HelpBeam](/rmm_tools/helpbeam),,HelpBeam is a remote monitoring and management (RMM) tool. More information will be added as it beco..., @@ -235,13 +193,11 @@ Name,Category,Description,Author [rdpwrap](/rmm_tools/rdpwrap),,rdpwrap is a remote monitoring and management (RMM) tool. More information will be added as it becom..., [Total Software Deployment](/rmm_tools/total_software_deployment),,Total Software Deployment is a remote monitoring and management (RMM) tool. More information will be..., [PuTTY](/rmm_tools/putty),,PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[FixMe.it](/rmm_tools/fixme.it),,FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [RDPView](/rmm_tools/rdpview),,RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becom..., [Fortra](/rmm_tools/fortra),,Fortra is a remote monitoring and management (RMM) tool. More information will be added as it become..., [ISL Light](/rmm_tools/isl_light),,ISL Light is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Pocket Controller (Soti Xsight)](/rmm_tools/pocket_controller__soti_xsight_),,Pocket Controller (Soti Xsight) is a remote monitoring and management (RMM) tool. More information w..., [GatherPlace-desktop sharing](/rmm_tools/gatherplace-desktop_sharing),,GatherPlace-desktop sharing is a remote monitoring and management (RMM) tool. More information will ..., -[Electric](/rmm_tools/electric),,Electric is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Site24x7](/rmm_tools/site24x7),,Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [MeshCentral](/rmm_tools/meshcentral),,MeshCentral is a remote monitoring and management (RMM) tool. MeshAgent used along with MeshCentral ...,@kostastsale [MSP360](/rmm_tools/msp360),,MSP360 is a remote monitoring and management (RMM) tool. More information will be added as it become..., @@ -251,8 +207,7 @@ Name,Category,Description,Author [Ultra VNC](/rmm_tools/ultra_vnc),,Ultra VNC is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Remote Manipulator System](/rmm_tools/remote_manipulator_system),,Remote Manipulator System is a remote monitoring and management (RMM) tool. More information will be..., [Domotz](/rmm_tools/domotz),,Domotz is a remote monitoring and management (RMM) tool. More information will be added as it become..., -[FixMe](/rmm_tools/fixme),,FixMe is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[rclone](/rmm_tools/rclone),,rclone is a remote monitoring and management (RMM) tool. More information will be added as it become..., +[FixMe.it](/rmm_tools/fixme.it),,FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Tanium Deploy](/rmm_tools/tanium_deploy),,Tanium Deploy is a remote monitoring and management (RMM) tool. More information will be added as it..., [N-ABLE Remote Access Software](/rmm_tools/n-able_remote_access_software),,N-ABLE Remote Access Software is a remote monitoring and management (RMM) tool. More information wil..., [Quick Assist](/rmm_tools/quick_assist),,Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it ..., @@ -265,7 +220,6 @@ Name,Category,Description,Author [MioNet (Also known as WD Anywhere Access)](/rmm_tools/mionet__also_known_as_wd_anywhere_access_),,MioNet (Also known as WD Anywhere Access) is a remote monitoring and management (RMM) tool. More inf..., [SmartCode Web VNC](/rmm_tools/smartcode_web_vnc),,SmartCode Web VNC is a remote monitoring and management (RMM) tool. More information will be added a..., [Onionshare](/rmm_tools/onionshare),,Onionshare is a remote monitoring and management (RMM) tool. More information will be added as it be..., -[Air Live Drive](/rmm_tools/air_live_drive),,Air Live Drive is a remote monitoring and management (RMM) tool. More information will be added as i..., [Rocket Remote Desktop](/rmm_tools/rocket_remote_desktop),,Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be add..., [WebRDP](/rmm_tools/webrdp),,WebRDP is a remote monitoring and management (RMM) tool. More information will be added as it become..., [BeyondTrust](/rmm_tools/beyondtrust),,BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it b..., @@ -286,43 +240,32 @@ Name,Category,Description,Author [Remcos](/rmm_tools/remcos),,Remcos is a remote monitoring and management (RMM) tool. More information will be added as it become..., [ISL Online](/rmm_tools/isl_online),,ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it be..., [DragonDisk](/rmm_tools/dragondisk),,DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it be..., -[FleetDeck.io](/rmm_tools/fleetdeck.io),,FleetDeck.io is a remote monitoring and management (RMM) tool. More information will be added as it ..., -[Chrome Remote Desktop](/rmm_tools/chrome_remote_desktop),,Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be add..., [RealVNC](/rmm_tools/realvnc),,RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becom..., -[rsync](/rmm_tools/rsync),,rsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[Datto](/rmm_tools/datto),,Datto is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[CloudExplorer](/rmm_tools/cloudexplorer),,CloudExplorer is a remote monitoring and management (RMM) tool. More information will be added as it..., [Supremo](/rmm_tools/supremo),,Supremo is a remote monitoring and management (RMM) tool. More information will be added as it becom..., [GoToAssist Agent Desktop Console](/rmm_tools/gotoassist_agent_desktop_console),,GoToAssist Agent Desktop Console is a remote monitoring and management (RMM) tool. More information ..., -[ConnectWise Control](/rmm_tools/connectwise_control),,ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added..., [RemoteView](/rmm_tools/remoteview),,RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it be..., [VNC Connect](/rmm_tools/vnc_connect),,VNC Connect is a remote monitoring and management (RMM) tool. More information will be added as it b..., [Syncthing](/rmm_tools/syncthing),,Syncthing is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [KHelpDesk](/rmm_tools/khelpdesk),,KHelpDesk is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Netop Remote Control (Impero Connect)](/rmm_tools/netop_remote_control__impero_connect_),,Netop Remote Control (Impero Connect) is a remote monitoring and management (RMM) tool. More informa..., [Bitvise SSH Server](/rmm_tools/bitvise_ssh_server),,Bitvise SSH Server is a remote monitoring and management (RMM) tool. More information will be added ..., -[Cloud Turtle](/rmm_tools/cloud_turtle),,Cloud Turtle is a remote monitoring and management (RMM) tool. More information will be added as it ..., [Apple Remote Desktop](/rmm_tools/apple_remote_desktop),,Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be adde..., [Chrome SSH Extension](/rmm_tools/chrome_ssh_extension),,Chrome SSH Extension is a remote monitoring and management (RMM) tool. More information will be adde..., -[CloudGopher](/rmm_tools/cloudgopher),,CloudGopher is a remote monitoring and management (RMM) tool. More information will be added as it b..., [NetSupport Manager](/rmm_tools/netsupport_manager),,NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added ..., [ESET Remote Administrator](/rmm_tools/eset_remote_administrator),,ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be..., [Yandex.Disk](/rmm_tools/yandex.disk),,Yandex.Disk is a remote monitoring and management (RMM) tool. More information will be added as it b..., [N-Able Advanced Monitoring Agent](/rmm_tools/n-able_advanced_monitoring_agent),,N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information ..., [MyIVO](/rmm_tools/myivo),,MyIVO is a remote monitoring and management (RMM) tool. More information will be added as it becomes..., -[FreeFileSync](/rmm_tools/freefilesync),,FreeFileSync is a remote monitoring and management (RMM) tool. More information will be added as it ..., [ITSupport247 (ConnectWise)](/rmm_tools/itsupport247__connectwise_),,ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will b..., [VNC](/rmm_tools/vnc),,VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes a..., [ServerEye](/rmm_tools/servereye),,ServerEye is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Rapid7](/rmm_tools/rapid7),,Rapid7 is a remote monitoring and management (RMM) tool. More information will be added as it become..., [GoToAssist (GoTo Resolve)](/rmm_tools/gotoassist__goto_resolve_),,GoToAssist (GoTo Resolve) is a remote monitoring and management (RMM) tool. More information will be..., -[Ocamlfuse](/rmm_tools/ocamlfuse),,Ocamlfuse is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [GetScreen](/rmm_tools/getscreen),,GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [MobaXterm](/rmm_tools/mobaxterm),,MobaXterm is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [CrossTec Remote Control](/rmm_tools/crosstec_remote_control),,CrossTec Remote Control is a remote monitoring and management (RMM) tool. More information will be a..., [Absolute (Computrace)](/rmm_tools/absolute__computrace_),,Absolute (Computrace) is a remote monitoring and management (RMM) tool. More information will be add..., [Xshell](/rmm_tools/xshell),,Xshell is a remote monitoring and management (RMM) tool. More information will be added as it become..., -[Amazon (Cloud) Drive](/rmm_tools/amazon__cloud__drive),,Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. More information will be adde..., [MyGreenPC](/rmm_tools/mygreenpc),,MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it bec..., [Level.io](/rmm_tools/level.io),,Level.io is a remote monitoring and management (RMM) tool. More information will be added as it beco..., [Microsoft Quick Assist](/rmm_tools/microsoft_quick_assist),,Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be ad...,