Date fix + Fix Acronis Cyber Protect Connect + Upgrade PDQ Connect Network Sigma + GitHub Actions on README.md

README.md

@@ -118,3 +118,47 @@ pnpm dev
 8. Visit `http://localhost:3000` in your browser to view the site.
 
 Join us in our quest to create a safer and more secure digital environment for organizations everywhere. With LOLRMM by your side, you'll be well-equipped to understand and address the potential risks associated with RMM tools in the ever-evolving cyber landscape.
+
+## 🤖 GitHub Actions
+
+### Purpose
+
+The GitHub workflow files in the `.github/workflows` directory automate various tasks and processes for continuous integration, continuous delivery, and other project maintenance activities.
+These workflow files leverage GitHub Actions to execute predefined steps based on specific triggers such as code pushes, pull requests, or scheduled intervals.
+
+### Key Goals
+- **Automate Testing**: Ensure that all code changes pass necessary tests before merging into the main branch.
+- **Continuous Integration**: Automatically build and validate the project in different environments and configurations.
+- **Code Quality Checks**: Run static analysis tools to maintain code quality and adherence to coding standards.
+- **Deployment**: Manage the deployment process to various environments, ensuring seamless and reliable releases.
+- **Badge Updates**: Automatically update project badges to reflect the current status, such as the number of Remote Monitoring and Management (RMM)
+
+### Prerequisites
+To create a `PUSH_TOKEN` for use in your GitHub Actions workflow, you'll need to generate a personal access token (PAT) on GitHub and then add it to your repository's secrets. Here's how to do it:
+
+#### Steps to Create a Personal Access Token:
+1. **Log in to GitHub**: Open your web browser and log in to your GitHub account.
+2. **Generate a Token**:
+   - Click on your profile picture in the top right corner and select "Settings".
+   - In the left sidebar, click on "Developer settings".
+   - Click on "Personal access tokens" and then "Tokens (classic)".
+   - Click the "Generate new token" button.
+   - Set a descriptive name for the token, like `PUSH_TOKEN`.
+   - Select the appropriate scopes. At a minimum, you need `repo` scope for repository access.
+   - Click "Generate token".
+   - **Important**: Copy the token now and save it somewhere secure. You won't be able to see it again.
+
+#### Steps to Add the Token to Your Repository's Secrets:
+1. **Navigate to Your Repository**: Go to the main page of your repository on GitHub.
+2. **Open Settings**:
+   - Click on the "Settings" tab.
+   - In the left sidebar, click on "Secrets and variables" and then "Actions".
+3. **Add a New Secret**:
+   - Click the "New repository secret" button.
+   - Set the name of the secret to `PUSH_TOKEN`.
+   - Paste the personal access token you generated earlier into the "Value" field.
+   - Click "Add secret".
+
+Now, your workflow file will use the `PUSH_TOKEN` from your repository secrets when it runs.
+
+If you follow these steps, your `PUSH_TOKEN` should be correctly created and accessible for your GitHub Actions workflow.

detections/sigma/acronic_cyber_protect__remotix__network_sigma.yml → detections/sigma/acronis_cyber_protect__remotix__network_sigma.yml

@@ -1,4 +1,4 @@
-title: Potential Acronic Cyber Protect (Remotix) RMM Tool Network Activity
+title: Potential Acronis Cyber Protect (Remotix) RMM Tool Network Activity
 logsource:
   product: windows
   category: network_connection
@@ -12,13 +12,13 @@ detection:
   condition: selection
 id: a7ed0eb9-3d99-47ee-a335-3162430f519c
 status: experimental
-description: Detects potential network activity of Acronic Cyber Protect (Remotix)
+description: Detects potential network activity of Acronis Cyber Protect (Remotix)
   RMM tool
 author: LOLRMM Project
 date: 2024/08/07
 tags:
 - attack.execution
 - attack.t1219
 falsepositives:
-- Legitimate use of Acronic Cyber Protect (Remotix)
+- Legitimate use of Acronis Cyber Protect (Remotix)
 level: medium

detections/sigma/acronic_cyber_protect__remotix__processes_sigma.yml → detections/sigma/acronis_cyber_protect__remotix__processes_sigma.yml

@@ -1,4 +1,4 @@
-title: Potential Acronic Cyber Protect (Remotix) RMM Tool Process Activity
+title: Potential Acronis Cyber Protect (Remotix) RMM Tool Process Activity
 logsource:
   product: windows
   category: process_creation
@@ -10,13 +10,13 @@ detection:
   condition: selection
 id: 9b9647ab-97cc-4c7c-8540-5c1c1c8000c4
 status: experimental
-description: Detects potential processes activity of Acronic Cyber Protect (Remotix)
+description: Detects potential processes activity of Acronis Cyber Protect (Remotix)
   RMM tool
 author: LOLRMM Project
 date: 2024/08/07
 tags:
 - attack.execution
 - attack.t1219
 falsepositives:
-- Legitimate use of Acronic Cyber Protect (Remotix)
+- Legitimate use of Acronis Cyber Protect (Remotix)
 level: medium

detections/sigma/pdq_connect_network_sigma.yml

@@ -7,6 +7,7 @@ detection:
     DestinationHostname|endswith:
     - app.pdq.com
     - cfcdn.pdq.com
+    - pdqinstallers.*.r2.cloudflarestorage.com
   condition: selection
 id: e27c6d0b-9d16-4eb3-9abd-8ba0a2cc0f6e
 status: experimental

yaml/247ithelp.com_(connectwise).yaml

@@ -3,7 +3,7 @@ Description: 247ithelp.com (ConnectWise) is a remote monitoring and management (
   tool. More information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/8/2024
+LastModified: 2-8-2024
 Details:
   Website: ''
   PEMetadata:

yaml/absolute_(computrace).yaml

@@ -3,7 +3,7 @@ Description: Absolute (Computrace) is a remote monitoring and management (RMM) t
   More information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 6/18/2024
+LastModified: 6-18-2024
 Details:
   Website: ''
   PEMetadata:

yaml/access_remote_pc.yaml

@@ -3,7 +3,7 @@ Description: Access Remote PC is a remote monitoring and management (RMM) tool.
   information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/acronic_cyber_protect_(remotix).yaml → yaml/acronis_cyber_protect_(remotix).yaml

@@ -3,7 +3,7 @@ Description: Acronis Cyber Protect (Remotix) is a remote monitoring and manageme
   (RMM) tool. More information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/26/2024
+LastModified: 2-26-2024
 Details:
   Website: ''
   PEMetadata:
@@ -32,11 +32,11 @@ Artifacts:
     - connect.acronis.com
     Ports: []
 Detections:
-- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__network_sigma.yml
-  Description: Detects potential network activity of Acronic Cyber Protect (Remotix)
+- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronis_cyber_protect__remotix__network_sigma.yml
+  Description: Detects potential network activity of Acronis Cyber Protect (Remotix)
     RMM tool
-- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronic_cyber_protect__remotix__processes_sigma.yml
-  Description: Detects potential processes activity of Acronic Cyber Protect (Remotix)
+- Sigma: https://github.com/magicsword-io/LOLRMM/blob/main/detections/sigma/acronis_cyber_protect__remotix__processes_sigma.yml
+  Description: Detects potential processes activity of Acronis Cyber Protect (Remotix)
     RMM tool
 References:
 - https://kb.acronis.com/content/47189

yaml/addigy.yaml

@@ -3,7 +3,7 @@ Description: Addigy is a remote monitoring and management (RMM) tool. More infor
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/27/2024
+LastModified: 2-27-2024
 Details:
   Website: ''
   PEMetadata:

yaml/adobe_connect.yaml

@@ -3,7 +3,7 @@ Description: Adobe Connect is a remote monitoring and management (RMM) tool. Mor
   information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/27/2024
+LastModified: 2-27-2024
 Details:
   Website: ''
   PEMetadata:

yaml/aeroadmin.yaml

@@ -3,7 +3,7 @@ Description: AeroAdmin is a remote monitoring and management (RMM) tool. More in
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/aliwangwang-remote-control.yaml

@@ -3,7 +3,7 @@ Description: AliWangWang-remote-control is a remote monitoring and management (R
   tool. More information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/any_support.yaml

@@ -3,7 +3,7 @@ Description: Any Support is a remote monitoring and management (RMM) tool. More
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/27/2024
+LastModified: 2-27-2024
 Details:
   Website: ''
   PEMetadata:

yaml/anyplace_control.yaml

@@ -3,7 +3,7 @@ Description: Anyplace Control is a remote monitoring and management (RMM) tool.
   information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/apple_remote_desktop.yaml

@@ -3,7 +3,7 @@ Description: Apple Remote Desktop is a remote monitoring and management (RMM) to
   More information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/24/2024
+LastModified: 2-24-2024
 Details:
   Website: ''
   PEMetadata:

yaml/auvik.yaml

@@ -3,7 +3,7 @@ Description: Auvik is a remote monitoring and management (RMM) tool. More inform
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/aweray.yaml

@@ -3,7 +3,7 @@ Description: AweRay is a remote monitoring and management (RMM) tool. More infor
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/barracuda.yaml

@@ -3,7 +3,7 @@ Description: Barracuda is a remote monitoring and management (RMM) tool. More in
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/basecamp.yaml

@@ -3,7 +3,7 @@ Description: Basecamp is a remote monitoring and management (RMM) tool. More inf
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/beamyourscreen.yaml

@@ -3,7 +3,7 @@ Description: BeamYourScreen is a remote monitoring and management (RMM) tool. Mo
   information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/beanywhere.yaml

@@ -3,7 +3,7 @@ Description: BeAnyWhere is a remote monitoring and management (RMM) tool. More i
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/beinsync.yaml

@@ -3,7 +3,7 @@ Description: BeInSync is a remote monitoring and management (RMM) tool. More inf
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/26/2024
+LastModified: 2-26-2024
 Details:
   Website: ''
   PEMetadata:

yaml/beyondtrust_(bomgar).yaml

@@ -3,7 +3,7 @@ Description: BeyondTrust (Bomgar) is a remote monitoring and management (RMM) to
   More information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/centrastage_(now_datto).yaml

@@ -3,7 +3,7 @@ Description: CentraStage (Now Datto) is a remote monitoring and management (RMM)
   More information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/centurion.yaml

@@ -3,7 +3,7 @@ Description: Centurion is a remote monitoring and management (RMM) tool. More in
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/chrome_remote_desktop.yaml

@@ -3,7 +3,7 @@ Description: Chrome Remote Desktop is a remote monitoring and management (RMM) t
   More information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/cloudflare_tunnel.yaml

@@ -3,7 +3,7 @@ Description: CloudFlare Tunnel is a remote monitoring and management (RMM) tool.
   information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/comodo_rmm.yaml

@@ -3,7 +3,7 @@ Description: Comodo RMM is a remote monitoring and management (RMM) tool. More i
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata:

yaml/connectwise_automate_(labtech).yaml

@@ -3,7 +3,7 @@ Description: Connectwise Automate (LabTech) is a remote monitoring and managemen
   (RMM) tool. More information will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/8/2024
+LastModified: 2-8-2024
 Details:
   Website: ''
   PEMetadata:

yaml/correct_dates.py

@@ -0,0 +1,49 @@
+import os
+import re
+
+# Directory containing the .yaml files
+directory = '.'
+
+# Regex pattern to match the date format with slashes
+date_pattern = re.compile(r'(\d{1,2})/(\d{1,2})/(\d{2})')
+
+def correct_date_format(file_path):
+    # Read the original content of the file
+    with open(file_path, 'r') as file:
+        lines = file.readlines()
+
+    # Initialize a flag to check if any changes are made
+    changes_made = False
+
+    with open(file_path, 'w') as file:
+        for line in lines:
+            if 'LastModified:' in line:
+                # Find the date in the line
+                match = date_pattern.search(line)
+                if match:
+                    old_date = match.group(0)
+                    # Replace slashes with dashes in the date format
+                    new_date = old_date.replace('/', '-')
+                    # Print the previous and new value
+                    print(f"File: {file_path}")
+                    print(f"Previous: {line.strip()}")
+                    corrected_line = line.replace(old_date, new_date)
+                    print(f"New: {corrected_line.strip()}")
+                    file.write(corrected_line)
+                    changes_made = True
+                else:
+                    file.write(line)
+            else:
+                file.write(line)
+
+    # Log if no changes were made
+    if not changes_made:
+        print(f"No changes made to {file_path}")
+
+# Iterate over each file in the directory
+for filename in os.listdir(directory):
+    if filename.endswith('.yaml'):
+        file_path = os.path.join(directory, filename)
+        correct_date_format(file_path)
+
+print("Date formats corrected successfully in all .yaml files.")

yaml/crossloop.yaml

@@ -3,7 +3,7 @@ Description: CrossLoop is a remote monitoring and management (RMM) tool. More in
   will be added as it becomes available.
 Author: ''
 Created: ''
-LastModified: 2/7/2024
+LastModified: 2-7-2024
 Details:
   Website: ''
   PEMetadata: