From 87db3dd5e27ec28820121e17e9e2ce6924115ea1 Mon Sep 17 00:00:00 2001
From: Jose Hernandez <jhernandez@magicsword.io>
Date: Tue, 1 Oct 2024 11:51:54 -0400
Subject: [PATCH] cleanup more rmms

---
 yaml/awerayawesun.yaml | 38 --------------------------------------
 yaml/ocamlfuse.yaml    | 27 ---------------------------
 yaml/royal_server.yaml |  3 ++-
 yaml/x2go.yaml         |  3 ++-
 4 files changed, 4 insertions(+), 67 deletions(-)
 delete mode 100644 yaml/awerayawesun.yaml
 delete mode 100644 yaml/ocamlfuse.yaml

diff --git a/yaml/awerayawesun.yaml b/yaml/awerayawesun.yaml
deleted file mode 100644
index b9c1d6d6..00000000
--- a/yaml/awerayawesun.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-Name: AweRay (AweSun)
-Description: AweRay (AweSun) is a remote monitoring and management (RMM) tool. More
-  information will be added as it becomes available.
-Author: ''
-Created: ''
-LastModified: ''
-Details:
-  Website: ''
-  PEMetadata:
-    Filename: ''
-    OriginalFileName: ''
-    Description: ''
-  Privileges: ''
-  Free: ''
-  Verification: ''
-  SupportedOS: []
-  Capabilities: []
-  Vulnerabilities: []
-  InstallationPaths:
-  - aweray_remote*.exe
-  - AweSun.exe
-Artifacts:
-  Disk: []
-  EventLog: []
-  Registry: []
-  Network:
-  - Description: Known remote domains
-    Domains:
-    - asapi-us.aweray.net
-    - asapi.aweray.net
-    Ports: []
-Detections:
-- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__network_sigma.yml
-  Description: Detects potential network activity of AweRay (AweSun) RMM tool
-- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aweray__awesun__processes_sigma.yml
-  Description: Detects potential processes activity of AweRay (AweSun) RMM tool
-References: []
-Acknowledgement: []
diff --git a/yaml/ocamlfuse.yaml b/yaml/ocamlfuse.yaml
deleted file mode 100644
index 8f34f50b..00000000
--- a/yaml/ocamlfuse.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-Name: Ocamlfuse
-Description: Ocamlfuse is a remote monitoring and management (RMM) tool. More information
-  will be added as it becomes available.
-Author: ''
-Created: ''
-LastModified: ''
-Details:
-  Website: ''
-  PEMetadata:
-    Filename: ''
-    OriginalFileName: ''
-    Description: ''
-  Privileges: ''
-  Free: ''
-  Verification: ''
-  SupportedOS: []
-  Capabilities: []
-  Vulnerabilities: []
-  InstallationPaths: []
-Artifacts:
-  Disk: []
-  EventLog: []
-  Registry: []
-  Network: []
-Detections: []
-References: []
-Acknowledgement: []
diff --git a/yaml/royal_server.yaml b/yaml/royal_server.yaml
index 79995608..5904c986 100644
--- a/yaml/royal_server.yaml
+++ b/yaml/royal_server.yaml
@@ -29,5 +29,6 @@ Artifacts:
 Detections:
 - Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/royal_server_network_sigma.yml
   Description: Detects potential network activity of Royal Server RMM tool
-References: []
+References: 
+- https://royalapps.com/server/main/features
 Acknowledgement: []
diff --git a/yaml/x2go.yaml b/yaml/x2go.yaml
index 79c86e79..d551a6a7 100644
--- a/yaml/x2go.yaml
+++ b/yaml/x2go.yaml
@@ -23,5 +23,6 @@ Artifacts:
   Registry: []
   Network: []
 Detections: []
-References: []
+References: 
+- https://wiki.x2go.org/doku.php
 Acknowledgement: []