From 1e97d2601e4779c9bc0c32681241b4a831254d69 Mon Sep 17 00:00:00 2001 From: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> Date: Thu, 28 Mar 2024 11:34:21 -0300 Subject: [PATCH] Add some more information to RMM definition --- definitions/remote-admin.json | 51 ++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 15 deletions(-) diff --git a/definitions/remote-admin.json b/definitions/remote-admin.json index 64313da..b70e34e 100644 --- a/definitions/remote-admin.json +++ b/definitions/remote-admin.json @@ -1,13 +1,15 @@ { "AweRay (AweSun)": { - "process_name": ["aweray_remote*.exe"], + "process_name": ["aweray_remote*.exe", + "AweSun.exe"], "domain": ["asapi.aweray.net", "asapi-us.aweray.net"], "digsig_publisher": ["AWERAY PTE. LTD."] }, "Ammyy Admin": { "process_name": ["aa_v*.exe"], - "domain": ["ammyy.com"] + "domain": ["ammyy.com"], + "digsig_publisher": ["Ammyy LLC"] }, "AeroAdmin" : { "process_name": ["AeroAdmin.exe"], @@ -27,7 +29,8 @@ "digsig_publisher": ["AOMEI International Network Limited"] }, "Atera": { - "process_name": ["atera_agent.exe"] + "process_name": ["atera_agent.exe"], + "digsig_publisher": ["Atera Networks Ltd"] }, "BeyondTrust (Bomgar)": { "process_name": ["bomgar-scc.exe", @@ -60,7 +63,8 @@ "g2printh.exe", "g2svc.exe", "g2tray.exe", - "gopcsrv.exe"] + "gopcsrv.exe"], + "digsig_publisher": ["LogMeIn, Inc."] }, "LiteManager": { "process_name": ["ROMServer.exe", @@ -93,10 +97,13 @@ }, "RAdmin": { "process_name": ["radmin3.exe", - "famitrfc.exe"] + "famitrfc.exe", + "rserver3.exe"], + "digsig_publisher": ["Famatech Corp."] }, "RemoteUtilities": { - "process_name": ["rutserv.exe"], + "process_name": ["rutserv.exe", + "rutview.exe"], "domain": ["remoteutilities.com"], "digsig_publisher": ["Remote Utilities LLC"] }, @@ -116,12 +123,18 @@ }, "TeamViewer Desktop": { "process_name": ["teamviewer_desktop.exe", - "teamviewer"] + "teamviewer.exe"], + "digsig_publisher": ["TeamViewer Germany GmbH", + "TeamViewer GmbH", + "TeamViewer"] }, "TeamViewer Service": { "process_name": ["teamviewer.exe", "teamviewer_service.exe", - "teamviewerhost"] + "teamviewerhost"], + "digsig_publisher": ["TeamViewer Germany GmbH", + "TeamViewer GmbH", + "TeamViewer"] }, "VNC": { "process_name": ["winvnc.exe", @@ -156,7 +169,8 @@ }, "Desktop Central": { "process_name": ["dcagentservice.exe"], - "domain": ["desktopcentral.manageengine.com"] + "domain": ["desktopcentral.manageengine.com"], + "digsig_publisher": ["ZOHO Corporation Private Limited"] }, "UltraView": { "process_name": ["UltraViewer_Desktop.exe", @@ -167,11 +181,12 @@ }, "NinjaRMM": { "process_name": ["NinjaRMMAgent.exe", - "NinjaRMMAgenPatcher.exe"], + "NinjaRMMAgenPatcher.exe", + "ninjarmm-cli.exe"], "digsig_publisher": ["NinjaRMM, LLC"], "domain": ["resources.ninjarmm.com"] }, - "FleetDesk.io": { + "FleetDeck.io": { "process_name": ["fleetdeck_agent.exe", "fleetdeck_agent_svc.exe", "fleetdeck_installer.exe", @@ -265,7 +280,9 @@ "SolarWinds-Dameware-DRS*.exe", "DameWare Mini Remote Control*.exe", "SolarWinds-Dameware-MRC*.exe"], - "internal_name": ["DWRCST"] + "internal_name": ["DWRCST"], + "digsig_publisher": ["SolarWinds, Inc.", + "Solarwinds Worldwide, LLC"] }, "N-Able Advanced Monitoring Agent": { "process_name": ["Agent_*_RW.exe", @@ -327,7 +344,8 @@ "process_name": ["TightVNCViewerPortable*.exe", "tvnviewer.exe", "tvnserver.exe"], - "digsig_publisher": ["GlavSoft LLC."] + "digsig_publisher": ["GlavSoft LLC.", + "GlavSoft LLC"] }, "ShowMyPC": { "domain": ["showmypc.com"], @@ -362,9 +380,10 @@ "digsig_publisher":["ISL Online Ltd"], "process_name": ["ISLLight.exe", "ISLLightClient.exe"], "internal_name": ["ISL Light"], - "domain": ["*islonline.net"] + "domain": ["*.islonline.net"] }, "Parallels Access": { + "process_name": ["TSClient.exe"], "digsig_publisher": ["Parallels International GmbH"] }, "Pilixo": { @@ -381,7 +400,9 @@ "domain": ["remotepc.com", "www.remotepc.com"], "process_name": ["idrive.RemotePCAgent", - "Idrive.File-Transfer"] + "Idrive.File-Transfer", + "RemotePC.exe", + "RemotePCService.exe"] }, "SuperOps": { "digsig_publisher": ["Superops Inc"],