Merge pull request #160 from w0rk3r/master

Add some more information to RMM definition
redcanaryco · Apr 1, 2024 · 4f96fbd · 4f96fbd
2 parents f2d94e8 + 1e97d26
commit 4f96fbd
Showing 1 changed file with 36 additions and 15 deletions.
diff --git a/definitions/remote-admin.json b/definitions/remote-admin.json
@@ -1,13 +1,15 @@
 {
     "AweRay (AweSun)": {
-        "process_name": ["aweray_remote*.exe"],
+        "process_name": ["aweray_remote*.exe",
+                         "AweSun.exe"],
         "domain": ["asapi.aweray.net", 
                    "asapi-us.aweray.net"],
         "digsig_publisher": ["AWERAY PTE. LTD."]
     },
     "Ammyy Admin": { 
         "process_name": ["aa_v*.exe"],
-        "domain": ["ammyy.com"]
+        "domain": ["ammyy.com"],
+        "digsig_publisher": ["Ammyy LLC"]
     },
     "AeroAdmin" : {
         "process_name": ["AeroAdmin.exe"],
@@ -27,7 +29,8 @@
         "digsig_publisher": ["AOMEI International Network Limited"]
     },
     "Atera": {
-        "process_name": ["atera_agent.exe"]
+        "process_name": ["atera_agent.exe"],
+        "digsig_publisher": ["Atera Networks Ltd"]
     },
     "BeyondTrust (Bomgar)": {
         "process_name": ["bomgar-scc.exe",
@@ -60,7 +63,8 @@
                          "g2printh.exe",
                          "g2svc.exe",
                          "g2tray.exe",
-                         "gopcsrv.exe"]
+                         "gopcsrv.exe"],
+        "digsig_publisher": ["LogMeIn, Inc."]
     },
     "LiteManager": {
         "process_name": ["ROMServer.exe", 
@@ -93,10 +97,13 @@
     },
     "RAdmin": { 
         "process_name": ["radmin3.exe",
-                         "famitrfc.exe"]
+                         "famitrfc.exe",
+                         "rserver3.exe"],
+        "digsig_publisher": ["Famatech Corp."]
     },
     "RemoteUtilities": {
-        "process_name": ["rutserv.exe"],
+        "process_name": ["rutserv.exe",
+                         "rutview.exe"],
         "domain": ["remoteutilities.com"],
         "digsig_publisher": ["Remote Utilities LLC"]
     },
@@ -116,12 +123,18 @@
     },
     "TeamViewer Desktop": { 
         "process_name": ["teamviewer_desktop.exe",
-                         "teamviewer"]
+                         "teamviewer.exe"],
+        "digsig_publisher": ["TeamViewer Germany GmbH",
+                             "TeamViewer GmbH",
+                             "TeamViewer"]
     },
     "TeamViewer Service": { 
         "process_name": ["teamviewer.exe",
                          "teamviewer_service.exe",
-                         "teamviewerhost"]
+                         "teamviewerhost"],
+        "digsig_publisher": ["TeamViewer Germany GmbH",
+                             "TeamViewer GmbH",
+                             "TeamViewer"]
     },
     "VNC": {
         "process_name": ["winvnc.exe", 
@@ -156,7 +169,8 @@
     },
     "Desktop Central": {
 		"process_name": ["dcagentservice.exe"],
-        "domain": ["desktopcentral.manageengine.com"]
+        "domain": ["desktopcentral.manageengine.com"],
+        "digsig_publisher": ["ZOHO Corporation Private Limited"] 
 	},
     "UltraView": {
         "process_name": ["UltraViewer_Desktop.exe",
@@ -167,11 +181,12 @@
     },
     "NinjaRMM": {
         "process_name": ["NinjaRMMAgent.exe",
-                        "NinjaRMMAgenPatcher.exe"],
+                        "NinjaRMMAgenPatcher.exe",
+                        "ninjarmm-cli.exe"],
         "digsig_publisher": ["NinjaRMM, LLC"],
         "domain": ["resources.ninjarmm.com"]
     },
-    "FleetDesk.io": {
+    "FleetDeck.io": {
         "process_name": ["fleetdeck_agent.exe",
                         "fleetdeck_agent_svc.exe",
                         "fleetdeck_installer.exe",
@@ -265,7 +280,9 @@
                         "SolarWinds-Dameware-DRS*.exe",
                         "DameWare Mini Remote Control*.exe",
                         "SolarWinds-Dameware-MRC*.exe"],
-        "internal_name": ["DWRCST"]
+        "internal_name": ["DWRCST"],
+        "digsig_publisher": ["SolarWinds, Inc.",
+                             "Solarwinds Worldwide, LLC"]
     },
     "N-Able Advanced Monitoring Agent": {
         "process_name": ["Agent_*_RW.exe",
@@ -327,7 +344,8 @@
         "process_name": ["TightVNCViewerPortable*.exe",
                         "tvnviewer.exe",
                         "tvnserver.exe"],
-        "digsig_publisher": ["GlavSoft LLC."]
+        "digsig_publisher": ["GlavSoft LLC.",
+                             "GlavSoft LLC"]
     },
     "ShowMyPC": {
         "domain": ["showmypc.com"],
@@ -362,9 +380,10 @@
         "digsig_publisher":["ISL Online Ltd"],
         "process_name": ["ISLLight.exe", "ISLLightClient.exe"],
         "internal_name": ["ISL Light"],
-        "domain": ["*islonline.net"]
+        "domain": ["*.islonline.net"]
     },
     "Parallels Access": {
+        "process_name": ["TSClient.exe"],
         "digsig_publisher": ["Parallels International GmbH"]
     },
     "Pilixo": {
@@ -381,7 +400,9 @@
         "domain": ["remotepc.com", 
                 "www.remotepc.com"],
         "process_name": ["idrive.RemotePCAgent", 
-                        "Idrive.File-Transfer"]
+                        "Idrive.File-Transfer",
+                        "RemotePC.exe",
+                        "RemotePCService.exe"]
     },
     "SuperOps": {
         "digsig_publisher": ["Superops Inc"],