From 84b2f50494ac60438889a77e749e3c548e25cda3 Mon Sep 17 00:00:00 2001 From: Hare Sudhan Date: Mon, 30 Sep 2024 11:19:36 -0400 Subject: [PATCH] remove more non rmms --- yaml/air_explorer.yaml | 32 -------------------------------- yaml/air_live_drive.yaml | 32 -------------------------------- yaml/amazon_(cloud)_drive.yaml | 32 -------------------------------- yaml/basecamp.yaml | 34 ---------------------------------- yaml/cloudberry_explorer.yaml | 29 ----------------------------- yaml/drivemaker.yaml | 31 ------------------------------- yaml/expandrive.yaml | 31 ------------------------------- yaml/filezilla.yaml | 32 -------------------------------- yaml/goodsync.yaml | 33 --------------------------------- yaml/google_drive.yaml | 34 ---------------------------------- yaml/microsoft_onedrive.yaml | 27 --------------------------- yaml/odrive.yaml | 32 -------------------------------- yaml/pcloud.yaml | 32 -------------------------------- yaml/proton_drive.yaml | 27 --------------------------- yaml/raidrive.yaml | 31 ------------------------------- yaml/teracloud.yaml | 32 -------------------------------- 16 files changed, 501 deletions(-) delete mode 100644 yaml/air_explorer.yaml delete mode 100644 yaml/air_live_drive.yaml delete mode 100644 yaml/amazon_(cloud)_drive.yaml delete mode 100644 yaml/basecamp.yaml delete mode 100644 yaml/cloudberry_explorer.yaml delete mode 100644 yaml/drivemaker.yaml delete mode 100644 yaml/expandrive.yaml delete mode 100644 yaml/filezilla.yaml delete mode 100644 yaml/goodsync.yaml delete mode 100644 yaml/google_drive.yaml delete mode 100644 yaml/microsoft_onedrive.yaml delete mode 100644 yaml/odrive.yaml delete mode 100644 yaml/pcloud.yaml delete mode 100644 yaml/proton_drive.yaml delete mode 100644 yaml/raidrive.yaml delete mode 100644 yaml/teracloud.yaml diff --git a/yaml/air_explorer.yaml b/yaml/air_explorer.yaml deleted file mode 100644 index badda032..00000000 --- a/yaml/air_explorer.yaml +++ /dev/null @@ -1,32 +0,0 @@ -Name: Air Explorer -Description: Air Explorer is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Program Files\airexplorer\* - - '*\airexplorer\*' - - '*\airexplorer.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_explorer_processes_sigma.yml - Description: Detects potential processes activity of Air Explorer RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/air_live_drive.yaml b/yaml/air_live_drive.yaml deleted file mode 100644 index f87bc6e4..00000000 --- a/yaml/air_live_drive.yaml +++ /dev/null @@ -1,32 +0,0 @@ -Name: Air Live Drive -Description: Air Live Drive is a remote monitoring and management (RMM) tool. More - information will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Program Files\AirLiveDrive\* - - '*\AirLiveDrive\*' - - '*\AirLiveDrive.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/air_live_drive_processes_sigma.yml - Description: Detects potential processes activity of Air Live Drive RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/amazon_(cloud)_drive.yaml b/yaml/amazon_(cloud)_drive.yaml deleted file mode 100644 index 14af7a9d..00000000 --- a/yaml/amazon_(cloud)_drive.yaml +++ /dev/null @@ -1,32 +0,0 @@ -Name: Amazon (Cloud) Drive -Description: Amazon (Cloud) Drive is a remote monitoring and management (RMM) tool. - More information will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Users\*\AppData\Local\Amazon\Cloud Drive\* - - '*\AppData\Local\Amazon\Cloud Drive\*' - - '*\AmazonCloudDrive.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/amazon__cloud__drive_processes_sigma.yml - Description: Detects potential processes activity of Amazon (Cloud) Drive RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/basecamp.yaml b/yaml/basecamp.yaml deleted file mode 100644 index d178ba70..00000000 --- a/yaml/basecamp.yaml +++ /dev/null @@ -1,34 +0,0 @@ -Name: Basecamp -Description: Basecamp is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: 2/7/2024 -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: [] -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: - - Description: Known remote domains - Domains: - - basecamp.com - Ports: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/basecamp_network_sigma.yml - Description: Detects potential network activity of Basecamp RMM tool -References: -- basecamp.com - No specific RMM tool listed -Acknowledgement: [] diff --git a/yaml/cloudberry_explorer.yaml b/yaml/cloudberry_explorer.yaml deleted file mode 100644 index c51f4cae..00000000 --- a/yaml/cloudberry_explorer.yaml +++ /dev/null @@ -1,29 +0,0 @@ -Name: CloudBerry Explorer -Description: CloudBerry Explorer is a remote monitoring and management (RMM) tool. - More information will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Program Files\CloudBerryLab\CloudBerry Drive\* - - '*\CloudBerryLab\CloudBerry Drive\*' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: [] -References: [] -Acknowledgement: [] diff --git a/yaml/drivemaker.yaml b/yaml/drivemaker.yaml deleted file mode 100644 index c336b310..00000000 --- a/yaml/drivemaker.yaml +++ /dev/null @@ -1,31 +0,0 @@ -Name: DriveMaker -Description: DriveMaker is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\*\DriveMaker.exe - - '*\DriveMaker.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/drivemaker_processes_sigma.yml - Description: Detects potential processes activity of DriveMaker RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/expandrive.yaml b/yaml/expandrive.yaml deleted file mode 100644 index b2c9fd39..00000000 --- a/yaml/expandrive.yaml +++ /dev/null @@ -1,31 +0,0 @@ -Name: ExpanDrive -Description: ExpanDrive is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Users\*\ExpanDrive.exe - - '*\ExpanDrive.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/expandrive_processes_sigma.yml - Description: Detects potential processes activity of ExpanDrive RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/filezilla.yaml b/yaml/filezilla.yaml deleted file mode 100644 index e8af76e1..00000000 --- a/yaml/filezilla.yaml +++ /dev/null @@ -1,32 +0,0 @@ -Name: FileZilla -Description: FileZilla is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Program Files\FileZilla FTP Client\* - - '*\FileZilla FTP Client\*' - - '*\FileZilla.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/filezilla_processes_sigma.yml - Description: Detects potential processes activity of FileZilla RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/goodsync.yaml b/yaml/goodsync.yaml deleted file mode 100644 index 9a557ab9..00000000 --- a/yaml/goodsync.yaml +++ /dev/null @@ -1,33 +0,0 @@ -Name: GoodSync -Description: GoodSync is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - installation requires paid version of GoodSync Server - - installation requires paid version of GoodSync Server - - GoodSync-vsub-Setup.exe - - A40B81B36CDC2D24910FC58816E50DCDE21BD1A9 -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/goodsync_processes_sigma.yml - Description: Detects potential processes activity of GoodSync RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/google_drive.yaml b/yaml/google_drive.yaml deleted file mode 100644 index 72af7807..00000000 --- a/yaml/google_drive.yaml +++ /dev/null @@ -1,34 +0,0 @@ -Name: Google Drive -Description: Google Drive is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Program Files\Google\Drive File Stream\* - - '*\Google\Drive File Stream\*' - - '*Users\*\AppData\*\Google\DriveFS*' - - G:\My Drive* - - '*\GoogleDriveFS.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/google_drive_processes_sigma.yml - Description: Detects potential processes activity of Google Drive RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/microsoft_onedrive.yaml b/yaml/microsoft_onedrive.yaml deleted file mode 100644 index 9283d060..00000000 --- a/yaml/microsoft_onedrive.yaml +++ /dev/null @@ -1,27 +0,0 @@ -Name: Microsoft OneDrive -Description: Microsoft OneDrive is a remote monitoring and management (RMM) tool. - More information will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: [] -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: [] -References: [] -Acknowledgement: [] diff --git a/yaml/odrive.yaml b/yaml/odrive.yaml deleted file mode 100644 index 62fa4b3c..00000000 --- a/yaml/odrive.yaml +++ /dev/null @@ -1,32 +0,0 @@ -Name: ODrive -Description: ODrive is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Users\*\current\ - - '*Users\*\.odrive' - - '*\Odriveapp.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/odrive_processes_sigma.yml - Description: Detects potential processes activity of ODrive RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/pcloud.yaml b/yaml/pcloud.yaml deleted file mode 100644 index 1c885f9d..00000000 --- a/yaml/pcloud.yaml +++ /dev/null @@ -1,32 +0,0 @@ -Name: pCloud -Description: pCloud is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Program Files (x86)\pCloud Drive\ - - '*\pCloud Drive\' - - '*\pCloud.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/pcloud_processes_sigma.yml - Description: Detects potential processes activity of pCloud RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/proton_drive.yaml b/yaml/proton_drive.yaml deleted file mode 100644 index a35ee38b..00000000 --- a/yaml/proton_drive.yaml +++ /dev/null @@ -1,27 +0,0 @@ -Name: Proton Drive -Description: Proton Drive is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: [] -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: [] -References: [] -Acknowledgement: [] diff --git a/yaml/raidrive.yaml b/yaml/raidrive.yaml deleted file mode 100644 index 7c7e0b19..00000000 --- a/yaml/raidrive.yaml +++ /dev/null @@ -1,31 +0,0 @@ -Name: Raidrive -Description: Raidrive is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\*\OpenBoxLab\RaiDrive\* - - '*\OpenBoxLab\RaiDrive\*' - - service = raidrive_* - - Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenBoxLab\RaiDrive\Drives -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: [] -References: [] -Acknowledgement: [] diff --git a/yaml/teracloud.yaml b/yaml/teracloud.yaml deleted file mode 100644 index 16563aa0..00000000 --- a/yaml/teracloud.yaml +++ /dev/null @@ -1,32 +0,0 @@ -Name: TeraCLOUD -Description: TeraCLOUD is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - c:\*\TeraCloud.Client* - - '*\TeraCloud.Client*' - - '*\Livedrive-Setup.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/teracloud_processes_sigma.yml - Description: Detects potential processes activity of TeraCLOUD RMM tool -References: [] -Acknowledgement: []