Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix some issues #33

Merged
merged 2 commits into from
Oct 7, 2024
Merged

fix some issues #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
56e7038
fix some issues
nasbench Oct 6, 2024
9f4bd74
fix date
nasbench Oct 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions yaml/action1.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Description: "Action1 is a powerful Remote Monitoring and Management(RMM) tool t
\ remote execution and then points that the agent is installed.\n"
Author: '@kostastsale'
Created: '2024-08-03'
LastModified: '2024-08-03'
LastModified: '2024-10-06'
Details:
Website: https://www.action1.com/
PEMetadata:
Expand Down Expand Up @@ -55,12 +55,13 @@ Artifacts:
- EventID: 7045
ProviderName: Service Control Manager
LogFile: System.evtx
ServiceName: Action1 Agent
ServiceName: A1Agent
ImagePath: '"C:\\Windows\\Action1\\action1_agent.exe"'
Description: Service installation event as result of Action1 installation.
- EventID: 4688
- EventID: 4697
ProviderName: Microsoft-Security-Auditing
LogFile: Security.evtx
ServiceName: A1Agent
CommandLine: C:\Windows\Action1\action1_agent.exe service
Description: Service installation event as result of Action1 installation.
- EventID: 4688
Expand Down
8 changes: 7 additions & 1 deletion yaml/anydesk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Description: 'AnyDesk is a popular remote desktop software that enables users to
'
Author: Ali Alwashali, Nasreddine Bencherchali
Created: '2023-09-29'
LastModified: '2024-08-02'
LastModified: '2024-10-06'
Details:
Website: https://anydesk.com/en
PEMetadata:
Expand Down Expand Up @@ -121,6 +121,12 @@ Artifacts:
ServiceName: AnyDesk Service
ImagePath: '"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe" --service'
Description: Service installation event as result of AnyDesk installation.
- EventID: 4697
ProviderName: Microsoft-Security-Auditing
LogFile: Security.evtx
ServiceName: AnyDesk Service
ImagePath: '"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe" --service'
Description: Service installation event as result of AnyDesk installation.
Registry:
- Path: HKLM\SOFTWARE\Clients\Media\AnyDesk
Description: N/A
Expand Down
12 changes: 5 additions & 7 deletions yaml/atera.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
Name: Atera
Description: 'Atera is a remote monitoring and management (RMM) tool. It is used by
threat actors to deploy ransomware or facilitate command execution and lateral movement.

'
Created: 2024/08/03
LastModified: ''
Description: |
Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransomware or facilitate command execution and lateral movement.
Created: '2024-08-03'
LastModified: '2024-10-06'
Details:
Website: https://www.atera.com/
PEMetadata:
Expand Down Expand Up @@ -91,7 +89,7 @@ Artifacts:
LogFile: Application.evtx
Data: 'Product: AteraAgent -- Installation completed successfully.'
Description: Service installation event as result of AteraAgent installation.
- EventID: 4688
- EventID: 4697
ProviderName: Microsoft-Security-Auditing
LogFile: Security.evtx
CommandLine: C:\\Program Files\\ATERA Networks\\AteraAgent\\Packages\\AgentPackageFileExplorer\\AgentPackageFileExplorer.exe
Expand Down