| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Tool/Product | Threat Intelligence | Forensic Reserach | Detection Rules | ||||||||||||||||||||
2 | Action1 | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://cyware.com/news/action1-rmm-abused-by-threat-actors-for-ransomware-attacks-0b7a0bec https://www.bleepingcomputer.com/news/security/hackers-start-abusing-action1-rmm-in-ransomware-attacks/ | https://dfirtnt.wordpress.com/2023/08/23/rmm-action1-client-side-evidence/ https://twitter.com/Kostastsale/status/1646256901506605063?s=20 | ------- | ||||||||||||||||||||
3 | AeroAdmin | https://medium.com/walmartglobaltech/state-of-the-remote-access-tools-part-2-6e290ca7261b | ------- | |||||||||||||||||||||
4 | AirDroid | |||||||||||||||||||||||
5 | Alpemix | |||||||||||||||||||||||
6 | AmmyyAdmin | https://success.trendmicro.com/dcx/s/solution/1123301-flawedammyy-malware-information?language=en_US https://asec.ahnlab.com/en/40263/ | https://vikas-singh.notion.site/Remote-Access-Software-Forensics-3e38d9a66ca0414ca9c882ad67f4f71b#ce90796755454ae9aca0a75b17438614 | ----------- | ||||||||||||||||||||
7 | AnyDesk | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://www.synacktiv.com/en/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/ https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/ https://unit42.paloaltonetworks.com/muddled-libra/ https://thedfirreport.com/2023/03/06/2022-year-in-review https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-public-to-beware-of-tech-support-scammers-targeting-financial-accounts-using-remote-desktop-software https://www.darkreading.com/threat-intelligence/royal-ransom-demands-exceed-275m-rebrand https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/ https://medium.com/@wintersoldiers/behind-the-curtain-how-threat-actors-leverage-various-rmm-tools-for-malicious-intentions-ff9778e19e74 | https://redcanary.com/blog/misbehaving-rats/ https://medium.com/walmartglobaltech/state-of-the-remote-access-tools-part-2-6e290ca7261b https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf | https://github.com/SigmaHQ/sigma/tree/master/rules/windows/file/file_event/file_event_win_anydesk_artefact.yml | ||||||||||||||||||||
8 | Anyplace | |||||||||||||||||||||||
9 | AnyViewer | https://github.com/redcanaryco/surveyor/blob/c025755d1083deb1a1629e6560e1e0022cec10c0/definitions/remote-admin.json#L174 | ||||||||||||||||||||||
10 | ASG Remote Desktop | https://unit42.paloaltonetworks.com/muddled-libra/ | ---------- | ------- | ||||||||||||||||||||
11 | Atera | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy https://www.synacktiv.com/en/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/ https://www.darkreading.com/threat-intelligence/royal-ransom-demands-exceed-275m-rebrand https://medium.com/@wintersoldiers/behind-the-curtain-how-threat-actors-leverage-various-rmm-tools-for-malicious-intentions-ff9778e19e74 https://www.reliaquest.com/blog/rmm-tool-abuse/ https://redcanary.com/threat-detection-report/trends/rmm-tools/ https://redcanary.com/blog/threat-intelligence/cve-2023-48788/ | https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf | https://github.com/SigmaHQ/sigma/tree/master/rules/windows/builtin/application/msiinstaller/win_software_atera_rmm_agent_install.yml https://github.com/EricZimmerman/KapeFiles/blob/master/Targets/Apps/AteraAgent.tkape https://github.com/The-DFIR-Report/Sigma-Rules/blob/main/rules/windows/process_creation/proc_creation_win_ateraagent_malicious_installations.yml | ||||||||||||||||||||
12 | Awsun | https://asec.ahnlab.com/en/47590/ | ----------- | ------- | ||||||||||||||||||||
13 | Barracuda | ----------- | ----------- | ------- | ||||||||||||||||||||
14 | BeAnywhere | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://redcanary.com/threat-detection-report/trends/rmm-tools/ | ----------- | ------- | ||||||||||||||||||||
15 | ChromeRDP | ----------- | ----------- | ------- | ||||||||||||||||||||
16 | ConnectWise | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy | https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf | ------- | ||||||||||||||||||||
17 | Continuum | |||||||||||||||||||||||
18 | CrazyRemote | |||||||||||||||||||||||
19 | DameWare | ----------- | ----------- | ------- | ||||||||||||||||||||
20 | Datto RMM (Formerly CentralStage) | ----------- | ----------- | ------- | ||||||||||||||||||||
21 | DeskShare | |||||||||||||||||||||||
22 | Domotz | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://redcanary.com/threat-detection-report/trends/rmm-tools/ | ----------- | ------- | ||||||||||||||||||||
23 | DWservice DWAAgent? | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://medium.com/walmartglobaltech/state-of-the-remote-access-tools-part-2-6e290ca7261b https://www.kroll.com/en/insights/publications/cyber/kape-quarterly-update-q2-2023 | ----------- | ------- | ||||||||||||||||||||
24 | Electric | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy | ----------- | ------- | ||||||||||||||||||||
25 | Ericom AccessNow | |||||||||||||||||||||||
26 | FastViewer | |||||||||||||||||||||||
27 | Fixme.it | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://redcanary.com/threat-detection-report/trends/rmm-tools/#:~:text=remcos%E2%80%99%20%7C%7C%20%E2%80%98%5Cscreenshots%E2%80%99%20%7C%7C%20%E2%80%98%5Cmicrecords%E2%80%99)-,Atera,-Look%20for%20process | ----------- | ------- | ||||||||||||||||||||
28 | FleetDeck.io | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies https://unit42.paloaltonetworks.com/muddled-libra/ | ----------- | ------- | ||||||||||||||||||||
29 | GetScreen | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy | ----------- | ------- | ||||||||||||||||||||
30 | GoToMyPC GoToAssist | https://www.theverge.com/2023/1/24/23569109/goto-hack-lastpass-breach-encrypted-backups-key | https://dfirtnt.wordpress.com/2023/03/27/gotoforensics/ | https://github.com/SigmaHQ/sigma/tree/master/rules/windows/file/file_event/file_event_win_gotoopener_artefact.yml | ||||||||||||||||||||
31 | Goverlan | |||||||||||||||||||||||
32 | Guacamole | |||||||||||||||||||||||
33 | Honeywell TotalConnect | |||||||||||||||||||||||
34 | HopToDesk | |||||||||||||||||||||||
35 | hVNC | https://cyware.com/news/new-hvnc-malware-targets-macos-devices-80d1fe74 https://www.securityweek.com/new-hvnc-macos-malware-advertised-on-hacker-forum/ https://www.intego.com/mac-security-blog/did-chatgpt-find-mac-malware-on-the-dark-web-report-of-hvnc-macos-variant/ https://www.bleepingcomputer.com/news/security/new-lobshot-malware-gives-hackers-hidden-vnc-access-to-windows-devices/ | ----------- | ------- | ||||||||||||||||||||
36 | Imperius | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy | ----------- | ------- | ||||||||||||||||||||
37 | Impero | |||||||||||||||||||||||
38 | Intel EMA | ----------- | ----------- | ------- | ||||||||||||||||||||
39 | IntelliAdmin | https://www.securityweek.com/russia-linked-hackers-hijack-infrastructure-iranian-threat-group/ | ----------- | ------- | ||||||||||||||||||||
40 | ISL Light | |||||||||||||||||||||||
41 | Itarian | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://unit42.paloaltonetworks.com/muddled-libra/ | ----------- | ------- | ||||||||||||||||||||
42 | Kaseya | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://www.sentinelone.com/blog/revils-grand-coup-abusing-kaseya-managed-services-software-for-massive-profits/ https://www.acronis.com/en-us/blog/posts/ragnar-locker/ | ----------- | https://github.com/EricZimmerman/KapeFiles/tree/master/Targets/Apps#:~:text=2%20years%20ago-,Kaseya.tkape,-(File) | ||||||||||||||||||||
43 | Landesk | https://unit42.paloaltonetworks.com/muddled-libra/ | -------- | -------- | ||||||||||||||||||||
44 | Level.io | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ | https://dfirtnt.wordpress.com/2023/09/05/rmm-level-io-forensic-artifacts-and-evidence/ | ------- | ||||||||||||||||||||
45 | LiteManager | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://www.synacktiv.com/en/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/ https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/ https://unit42.paloaltonetworks.com/muddled-libra/ https://thedfirreport.com/2023/03/06/2022-year-in-review/ | ----------- | ------- | ||||||||||||||||||||
46 | LogMeIn | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://www.darkreading.com/threat-intelligence/royal-ransom-demands-exceed-275m-rebrand | https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf | https://github.com/EricZimmerman/KapeFiles/tree/master/Targets/Apps#:~:text=6%20months%20ago-,LogMeIn.tkape,-(File) | ||||||||||||||||||||
47 | ManageEngine RMM | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://unit42.paloaltonetworks.com/muddled-libra/ | ----------- | ------- | ||||||||||||||||||||
48 | MeshCentral | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://medium.com/walmartglobaltech/state-of-the-remote-access-tools-part-2-6e290ca7261b | ----------- | https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/system/service_control_manager/win_system_service_install_mesh_agent.yml | ||||||||||||||||||||
49 | MobaXterm | https://www.pcrisk.com/removal-guides/27091-rdstealer-malware | ----------- | ------- | ||||||||||||||||||||
50 | MoboRobo | |||||||||||||||||||||||
51 | MRemoteNG | https://medium.com/walmartglobaltech/state-of-the-remote-access-tools-part-2-6e290ca7261b https://thehackernews.com/2023/06/experts-uncover-year-long-cyber-attack.html https://www.pcrisk.com/removal-guides/27091-rdstealer-malware | ----------- | https://github.com/EricZimmerman/KapeFiles/blob/master/Targets/Apps/mRemoteNG.tkape | ||||||||||||||||||||
52 | MSP360 | https://medium.com/walmartglobaltech/state-of-the-rat-part-1-cfec6c967e2f | ----------- | ------- | ||||||||||||||||||||
53 | N-Able | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ | ----------- | ------- | ||||||||||||||||||||
54 | Naverisk | ----------- | ----------- | ------- | ||||||||||||||||||||
55 | NCentral | ----------- | ----------- | ------- | ||||||||||||||||||||
56 | NetSupport | https://www.cyber.nj.gov/garden_state_cyber_threat_highlight/phishing-campaigns-deliver-netsupport-rat https://asec.ahnlab.com/en/45312/ https://redcanary.com/threat-detection-report/trends/rmm-tools/ | https://redcanary.com/blog/misbehaving-rats/ | https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/system/service_control_manager/win_system_service_install_netsupport_manager.yml | ||||||||||||||||||||
57 | Ngrok | https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/ https://www.huntress.com/blog/abusing-ngrok-hackers-at-the-end-of-the-tunnel | https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf | ------- | ||||||||||||||||||||
58 | NinjaOne | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy | ----------- | ------- | ||||||||||||||||||||
59 | NinjaRMM | https://www.ninjaone.com/blog/ransomware-attacks-abusing-rmms-why-were-enforcing-2fa/ https://www.crn.com/news/channel-programs/ninjarmm-partner-used-to-seed-ransomware | ----------- | ------- | ||||||||||||||||||||
60 | nsocks | https://www.packetlabs.net/posts/scattered-spider-is-a-young-ransomware-gang-exploiting-large-corporations/ | ||||||||||||||||||||||
61 | Optitune | ----------- | ----------- | ------- | ||||||||||||||||||||
62 | Panaorama | ----------- | ----------- | ------- | ||||||||||||||||||||
63 | Parsec | |||||||||||||||||||||||
64 | PCVISIT | ----------- | ----------- | ------- | ||||||||||||||||||||
65 | PhoneMyPc | |||||||||||||||||||||||
66 | Pocket Controller | |||||||||||||||||||||||
67 | PPDQ | https://unit42.paloaltonetworks.com/muddled-libra/ https://medium.com/walmartglobaltech/state-of-the-rat-part-1-cfec6c967e2f | ----------- | ------- | ||||||||||||||||||||
68 | Pulseway | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ | ----------- | ------- | ||||||||||||||||||||
69 | QuickAssist | ------- | ------- | ------- | ||||||||||||||||||||
70 | RAdmin | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy | ----------- | https://github.com/EricZimmerman/KapeFiles/tree/master/Targets/Apps#:~:text=2%20years%20ago-,Radmin.tkape,-(File) | ||||||||||||||||||||
71 | Remote Manaulpator System | https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/ https://malpedia.caad.fkie.fraunhofer.de/details/win.rms | https://redcanary.com/blog/misbehaving-rats/ | ------- | ||||||||||||||||||||
72 | Remote Utiliies | https://socprime.com/blog/remote-utilities-exploitation-new-phishing-campaign-by-the-uac-0096-group-targeting-ukrainian-organizations/ https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-malspam-campaign-with-fake-invoice-drops-rurat.pdf | ----------- | https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/system/service_control_manager/win_system_service_install_remote_utilities.yml https://github.com/EricZimmerman/KapeFiles/tree/master/Targets/Apps#:~:text=RemoteUtilities_app.tkape | ||||||||||||||||||||
73 | Remotely | |||||||||||||||||||||||
74 | RemotePC | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy https://medium.com/walmartglobaltech/state-of-the-rat-part-1-cfec6c967e2f | ----------- | ------- | ||||||||||||||||||||
75 | RemoteUtilities | https://socprime.com/blog/remote-utilities-exploitation-new-phishing-campaign-by-the-uac-0096-group-targeting-ukrainian-organizations/ | https://redcanary.com/blog/misbehaving-rats/ https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf | ------- | ||||||||||||||||||||
76 | Remotix | |||||||||||||||||||||||
77 | Rexec | |||||||||||||||||||||||
78 | Rport | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ | ----------- | ------- | ||||||||||||||||||||
79 | Rsocx | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://www.packetlabs.net/posts/scattered-spider-is-a-young-ransomware-gang-exploiting-large-corporations/ | ----------- | ------- | ||||||||||||||||||||
80 | Rsupport | |||||||||||||||||||||||
81 | RustDesk | https://unit42.paloaltonetworks.com/muddled-libra/ https://www.bleepingcomputer.com/news/security/akira-ransomware-targets-cisco-vpns-to-breach-organizations/ | ----------- | https://github.com/EricZimmerman/KapeFiles/blob/master/Targets/Apps/RustDesk.tkape | ||||||||||||||||||||
82 | rudesk | https://asec.ahnlab.com/en/40263/ | ||||||||||||||||||||||
83 | ScreenConnect | https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-277a https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://www.silentpush.com/blog/silent-push-uncovers-a-large-phishing-operation-featuring-amazon-geek-squad-mcafee-microsoft-norton-and-paypal-domains https://medium.com/@wintersoldiers/behind-the-curtain-how-threat-actors-leverage-various-rmm-tools-for-malicious-intentions-ff9778e19e74 https://www.darkreading.com/threat-intelligence/lockbit-using-rmms-spread-ransomware | https://dfirtnt.wordpress.com/2023/07/14/rmm-screenconnect-client-side-evidence/ https://vikas-singh.notion.site/Remote-Access-Software-Forensics-3e38d9a66ca0414ca9c882ad67f4f71b#ce90796755454ae9aca0a75b17438614 https://redcanary.com/blog/misbehaving-rats/ | https://github.com/SigmaHQ/sigma/tree/master/rules/windows/process_creation/proc_creation_win_remote_access_tools_screenconnect_anomaly.yml https://github.com/SigmaHQ/sigma/tree/master/rules/windows/file/file_event/file_event_win_remote_access_tools_screenconnect_artefact.yml | ||||||||||||||||||||
84 | Screenhero | |||||||||||||||||||||||
85 | ScreenMeet | Reporting seems limited to malware checking for this as an RMM | ----------- | https://github.com/EricZimmerman/KapeFiles/blob/master/Targets/Apps/ScreenConnect.tkape | ||||||||||||||||||||
86 | ServerEye | Reporting seems limited to malware checking for this as an RMM | ----------- | ------- | ||||||||||||||||||||
87 | ShowMyPC | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy | ----------- | ------- | ||||||||||||||||||||
88 | SightCall | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy | ----------- | ------- | ||||||||||||||||||||
89 | Sorillus | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/ https://redcanary.com/threat-detection-report/trends/rmm-tools/#:~:text=remcos%E2%80%99%20%7C%7C%20%E2%80%98%5Cscreenshots%E2%80%99%20%7C%7C%20%E2%80%98%5Cmicrecords%E2%80%99)-,Atera,-Look%20for%20process | ----------- | ------- | ||||||||||||||||||||
90 | Splashtop | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy https://www.synacktiv.com/en/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects https://thedfirreport.com/2023/03/06/2022-year-in-review/ https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/ https://unit42.paloaltonetworks.com/muddled-libra/ https://medium.com/@wintersoldiers/behind-the-curtain-how-threat-actors-leverage-various-rmm-tools-for-malicious-intentions-ff9778e19e74 | https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf | ------- | ||||||||||||||||||||
91 | SpyAgent | |||||||||||||||||||||||
92 | Sunlogin | |||||||||||||||||||||||
93 | SuperOps | |||||||||||||||||||||||
94 | Supremo | https://www.davidmartinwhite.com/2014/09/30/an-analysis-of-an-attackers-attempt-to-control-my-windows-machine/ https://www.wired.co.uk/article/tech-support-scam | https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf | ------- | ||||||||||||||||||||
95 | Surfly | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy | ----------- | ------- | ||||||||||||||||||||
96 | SynCro | https://www.csoonline.com/article/574459/hackers-abuse-legitimate-remote-monitoring-and-management-tools-in-attacks.html https://www.darkreading.com/attacks-breaches/federal-agencies-infested-cyberattackers-legit-remote-management-systems https://www.bleepingcomputer.com/news/security/hacked-corporate-email-accounts-used-to-send-msp-remote-access-tool/ https://medium.com/@wintersoldiers/behind-the-curtain-how-threat-actors-leverage-various-rmm-tools-for-malicious-intentions-ff9778e19e74 | ----------- | ------- | ||||||||||||||||||||
97 | Synergy | |||||||||||||||||||||||
98 | TacticalRMM | https://thedfirreport.com/2023/03/06/2022-year-in-review/ | ----------- | https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/system/service_control_manager/win_system_service_install_tacticalrmm.yml | ||||||||||||||||||||
99 | TailScale | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a | ||||||||||||||||||||||
100 | Take Control |