From a9edae861b8023d53d6b928f35555da494ee279e Mon Sep 17 00:00:00 2001 From: The Haag <5632822+MHaggis@users.noreply.github.com> Date: Mon, 30 Sep 2024 09:00:29 -0600 Subject: [PATCH] Removing non-RMM and dupes --- yaml/aws-cli.yaml | 33 -------------------------------- yaml/azure_storage_explorer.yaml | 33 -------------------------------- yaml/cloudexplorer.yaml | 27 -------------------------- yaml/quick_assist.yaml | 30 ----------------------------- yaml/rclone.yaml | 33 -------------------------------- yaml/rsync.yaml | 27 -------------------------- 6 files changed, 183 deletions(-) delete mode 100644 yaml/aws-cli.yaml delete mode 100644 yaml/azure_storage_explorer.yaml delete mode 100644 yaml/cloudexplorer.yaml delete mode 100644 yaml/quick_assist.yaml delete mode 100644 yaml/rclone.yaml delete mode 100644 yaml/rsync.yaml diff --git a/yaml/aws-cli.yaml b/yaml/aws-cli.yaml deleted file mode 100644 index 102c9087..00000000 --- a/yaml/aws-cli.yaml +++ /dev/null @@ -1,33 +0,0 @@ -Name: aws-cli -Description: aws-cli is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Program Files\Amazon\AWSCLI\* - - '*\Amazon\AWSCLI\*' - - '*\AWSCLIV*.msi' - - '*\AWSCLISetup.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/aws-cli_processes_sigma.yml - Description: Detects potential processes activity of aws-cli RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/azure_storage_explorer.yaml b/yaml/azure_storage_explorer.yaml deleted file mode 100644 index 5878e240..00000000 --- a/yaml/azure_storage_explorer.yaml +++ /dev/null @@ -1,33 +0,0 @@ -Name: Azure Storage Explorer -Description: Azure Storage Explorer is a remote monitoring and management (RMM) tool. - More information will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - C:\Program Files (x86)\Microsoft Azure Storage Explorer\* - - '*\Microsoft Azure Storage Explorer\*' - - '*\StorageExplorer.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/azure_storage_explorer_processes_sigma.yml - Description: Detects potential processes activity of Azure Storage Explorer RMM - tool -References: [] -Acknowledgement: [] diff --git a/yaml/cloudexplorer.yaml b/yaml/cloudexplorer.yaml deleted file mode 100644 index 6e89251b..00000000 --- a/yaml/cloudexplorer.yaml +++ /dev/null @@ -1,27 +0,0 @@ -Name: CloudExplorer -Description: CloudExplorer is a remote monitoring and management (RMM) tool. More - information will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: [] -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: [] -References: [] -Acknowledgement: [] diff --git a/yaml/quick_assist.yaml b/yaml/quick_assist.yaml deleted file mode 100644 index eac7728d..00000000 --- a/yaml/quick_assist.yaml +++ /dev/null @@ -1,30 +0,0 @@ -Name: Quick Assist -Description: Quick Assist is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - quickassist.exe -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/quick_assist_processes_sigma.yml - Description: Detects potential processes activity of Quick Assist RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/rclone.yaml b/yaml/rclone.yaml deleted file mode 100644 index dd18a136..00000000 --- a/yaml/rclone.yaml +++ /dev/null @@ -1,33 +0,0 @@ -Name: rclone -Description: rclone is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: - - portable tool. No install path - - portable tool. No install path - - rclone*.zip - - '*\rclone.exe' -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: -- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/rclone_processes_sigma.yml - Description: Detects potential processes activity of rclone RMM tool -References: [] -Acknowledgement: [] diff --git a/yaml/rsync.yaml b/yaml/rsync.yaml deleted file mode 100644 index 3cfb7523..00000000 --- a/yaml/rsync.yaml +++ /dev/null @@ -1,27 +0,0 @@ -Name: rsync -Description: rsync is a remote monitoring and management (RMM) tool. More information - will be added as it becomes available. -Author: '' -Created: '' -LastModified: '' -Details: - Website: '' - PEMetadata: - Filename: '' - OriginalFileName: '' - Description: '' - Privileges: '' - Free: '' - Verification: '' - SupportedOS: [] - Capabilities: [] - Vulnerabilities: [] - InstallationPaths: [] -Artifacts: - Disk: [] - EventLog: [] - Registry: [] - Network: [] -Detections: [] -References: [] -Acknowledgement: []