Skip to content

Hide Navigation Hide TOC

Edit

RMM tools

Remote monitoring and management tools listed by LOLRMM.

Authors
Authors and/or Contributors
MISP Project
LOLRMM Contributors

247ithelp.com (ConnectWise)

247ithelp.com (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2141edf3-597d-5285-89d1-431ba1ff5892 which can be used as unique global reference for 247ithelp.com (ConnectWise) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of 247ithelp.com (ConnectWise) RMM tool', 'Detects potential processes activity of 247ithelp.com (ConnectWise) RMM tool']
domains ['*.247ithelp.com']
installation_paths ['Remote Workforce Client.exe']
last_modified 2024-08-02

Absolute (Computrace)

Absolute (Computrace) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ec5fd1c6-0954-54ae-b538-94fdefcd3851 which can be used as unique global reference for Absolute (Computrace) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Absolute (Computrace) RMM tool', 'Detects potential processes activity of Absolute (Computrace) RMM tool']
domains ['search.namequery.com', 'server.absolute.com']
installation_paths ['rpcnet.exe', 'ctes.exe', 'ctespersitence.exe', 'cteshostsvc.exe', 'rpcld.exe']
last_modified 2024-08-02

Access Remote PC

Access Remote PC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 5ad2dd95-c5ba-5030-bb4f-31a3132ebfd1 which can be used as unique global reference for Access Remote PC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Daniel Koifman (@koifsec)']
category RMM
created 2024-08-02
detection_descriptions ['Detects potential files activity of Access Remote PC RMM tool']
free true
installation_paths ['C:\Program Files (x86)\RemotePC\*']
last_modified 2024-08-02
supported_os ['Windows', 'Mac', 'Linux', 'Android', 'iOS']
verification true

Acronis Cyber Protect (Remotix)

Acronis Cyber Protect (Remotix) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID cea3b05e-cd1d-5263-be17-e80c7d9068a1 which can be used as unique global reference for Acronis Cyber Protect (Remotix) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2025-09-05
detection_descriptions ['Detects potential network activity of Acronis Cyber Protect (Remotix) RMM tool', 'Detects potential processes activity of Acronis Cyber Protect (Remotix) RMM tool']
domains ['cloud.acronis.com', 'agents*-cloud.acronis.com', 'gw.remotix.com', 'connect.acronis.com']
installation_paths ['AcronisCyberProtectConnectQuickAssist*.exe', 'AcronisCyberProtectConnectAgent.exe']
last_modified 2025-09-05
supported_os ['Windows']

Action1

Action1 is a powerful Remote Monitoring and Management(RMM) tool that enables users to execute commands, scripts, and binaries. Through the web interface of action1, the administrator must create a new policy or an app to establish remote execution and then points that the agent is installed.

Internal MISP references

UUID 206c99d3-f2d7-564b-bce9-8d57f7c3179e which can be used as unique global reference for Action1 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Kostas (@kostastsale)']
author @kostastsale
capabilities ['Backup and disaster recovery', 'Billing and invoicing', 'Customer portal', 'HelpDesk and ticketing', 'Mobile app', 'Network discovery', 'Patch management', 'Remote monitoring and management', 'Reporting and analytics']
category RMM
created 2024-08-03
detection_descriptions ['Threat hunting rule for detecting the execution of arbitrary code and remote sessions via Action1 RMM', 'Detects potential registry activity of Action1 RMM tool', 'Detects potential network activity of Action1 RMM tool', 'Detects potential files activity of Action1 RMM tool']
domains ['*.action1.com', 'a1-backend-packages.s3.amazonaws.com']
free Yes
installation_paths ['C:\Windows\Action1\*']
last_modified 2024-08-03
ports ['443']
privileges SYSTEM
supported_os ['Windows']
verification Corporate email required although temporary email services are accepted

Addigy

Addigy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 96efd543-e066-536a-82c3-df6f6d4181a8 which can be used as unique global reference for Addigy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Addigy RMM tool']
domains ['prod.addigy.com', 'grtmprod.addigy.com', 'agents.addigy.com']
installation_paths ['addigy-*.pkg']
last_modified 2024-08-02

Adobe Connect

Adobe Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 1221e9c1-f2f4-53b6-9a00-131bd2379eac which can be used as unique global reference for Adobe Connect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Adobe Connect RMM tool', 'Detects potential processes activity of Adobe Connect RMM tool']
domains ['*.adobeconnect.com']
installation_paths ['ConnectAppSetup.exe', 'ConnectShellSetup.exe', 'Connect.exe', 'ConnectDetector.exe']
last_modified 2024-08-02

AeroAdmin

AeroAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 17ea4258-8b79-53e5-b44a-1f92c6cce4f2 which can be used as unique global reference for AeroAdmin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of AeroAdmin RMM tool', 'Detects potential processes activity of AeroAdmin RMM tool']
domains ['auth*.aeroadmin.com', 'aeroadmin.com']
installation_paths ['aeroadmin.exe', 'AeroAdmin.exe']
last_modified 2024-08-02

AliWangWang-remote-control

AliWangWang-remote-control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 24696c52-2e3f-5c4b-aa8e-99e6ea29fc1f which can be used as unique global reference for AliWangWang-remote-control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of AliWangWang-remote-control RMM tool', 'Detects potential processes activity of AliWangWang-remote-control RMM tool']
domains ['wangwang.taobao.com']
installation_paths ['alitask.exe']
last_modified 2024-08-02

Alpemix

Alpemix is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID eaa19b49-d775-521f-9ffe-63ae81c0bb90 which can be used as unique global reference for Alpemix in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Nasreddine Bencherchali (@nas_bench)']
author Nasreddine Bencherchali
capabilities ['5 Different Solutions for Remote Support', 'Access to Unattended Computers', 'Access to User Account Control (UAC) Screens', 'Add Your Own Logo', 'Auto Sizing', 'Automatic Update', 'Clipboard Transfer', 'Computer Independent Licensing', 'Contact List and Groups', 'Encrypted Communication', 'External Communication Barrier', 'File Transfer', 'Instant Messaging', 'Multi-Platform Support', 'Multiple Chat', 'Multiple Connections', 'No Port Forwarding Required', 'Peer to Peer Connection (p2p)', 'Receiving Offline Message', 'Remote Restart', 'ReportingRestricting The Authority', 'Screen Sharing', 'Sending Announcement Message', 'Sharing a certain part of the screen', 'Video Recording', 'Voice Communication', 'Who is currently supporting?', 'Working in Black Screen Mode']
category RMM
created 2024-08-05
detection_descriptions ['Detects potential registry activity of Alpemix RMM tool', 'Detects potential network activity of Alpemix RMM tool', 'Detects potential files activity of Alpemix RMM tool', 'Detects potential processes activity of Alpemix RMM tool']
domains ['.alpemix.com', '.teknopars.com']
installation_paths ['C:\AlpemixService.exe', 'C:\AlpemixSrvc\']
last_modified 2024-08-05
ports ['443', '80']
supported_os ['Windows', 'Linux', 'Android', 'Mac', 'IOS']

Ammyy Admin

Ammyy Admin is a remote monitoring and management (RMM) tool. Ammyy admin has been used by scammers to gain remote access to victims' computers. The tool is legitimate and is used by IT professionals for remote management. However, it has been abused by scammers to gain unauthorized access to victims' computers. The tool is free for personal use, but a license is required for commercial use. The tool allows for remote desktop control, file transfer, voice chat, and more. The tool is available for Windows only. will be added as it becomes available.

Internal MISP references

UUID b7f6818c-6221-5cce-bf6a-c521bcf1dfa7 which can be used as unique global reference for Ammyy Admin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Kostas (@kostastsale)']
author @kostsatsale
capabilities ['Remote Management session', 'RDP Connection', 'File Transfer', 'Voice Chat']
category RMM
created 2024-05-08
detection_descriptions ['Detects the execution of the Ammy Admin RMM agent for remote management.', 'Detects potential registry activity of Ammyy Admin RMM tool', 'Detects potential network activity of Ammyy Admin RMM tool', 'Detects potential files activity of Ammyy Admin RMM tool', 'Detects potential processes activity of Ammyy Admin RMM tool']
domains ['ammyy.com', '*ammyy.com', '136.243.104.235', '136.243.104.242', '136.243.18.122']
free Yes/1 active session at a time
installation_paths ['C:\\ProgramData\\AMMYY\\', 'AMMYY_Admin.exe', 'aa_v.exe', 'C:\Users\\Downloads\AMMYY_Admin.exe', '\AMMYY_Admin.exe']
last_modified 2024-05-08
ports ['5931', '80', '443', '8080']
privileges Curent User
supported_os ['Windows']
verification None

Any Support

Any Support is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e3cd1dda-e427-5ac6-bd36-da58b810556b which can be used as unique global reference for Any Support in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Any Support RMM tool', 'Detects potential processes activity of Any Support RMM tool']
domains ['*.anysupport.net']
installation_paths ['ManualLauncher.exe']
last_modified 2024-08-02
supported_os ['Windows']

AnyDesk

AnyDesk is a popular remote desktop software that enables users to access and control a computer or device from a remote location. It was developed with the primary goal of facilitating remote work, technical support, and collaboration between individuals and teams.

Internal MISP references

UUID d4958d3a-bab9-5d49-bd04-64da5418cb3d which can be used as unique global reference for AnyDesk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Théo Letailleur (in/theosyn)', 'Ali Alwashali (@ali_alwashali)', 'Nasreddine Bencherchali (@nas_bench)']
author Ali Alwashali, Nasreddine Bencherchali
capabilities ['File Transfer', 'File System Access', 'Remote Control', 'GUI Support', 'Command line Support']
category RMM
created 2023-09-29
detection_descriptions ['Anydesk Remote Access Software Service Installation', 'N/A', 'Remote Access Tool - AnyDesk Silent Installation', 'Detects potential registry activity of AnyDesk RMM tool', 'Detects potential network activity of AnyDesk RMM tool', 'Detects potential files activity of AnyDesk RMM tool']
domains ['boot.net.anydesk.com', 'relay-[a-f0-9]{8}.net.anydesk.com:443', '*.anydesk.com']
free true
installation_paths ['C:\Program Files (x86)\AnyDesk\', 'C:\Program Files\AnyDesk\', '/Applications/AnyDesk.app']
last_modified 2023-09-29
ports ['443']
privileges User
supported_os ['Android', 'ChromeOS', 'IOS', 'Linux', 'Mac', 'Windows']
verification false

Anyplace Control

Anyplace Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e62214ae-5773-58a6-8aa1-3554c8a9506b which can be used as unique global reference for Anyplace Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Anyplace Control RMM tool', 'Detects potential processes activity of Anyplace Control RMM tool']
domains ['anyplace-control.com']
installation_paths ['apc_host.exe']
last_modified 2024-08-02
supported_os ['Windows']

AnyViewer

AnyViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ea39da2d-1ce2-5cd5-a037-811f0a19e203 which can be used as unique global reference for AnyViewer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Kostas (@kostastsale)']
author @kostastsale
capabilities ['Remote desktop', 'Remote file transfer', 'Remote monitoring and management', 'Remote shell open']
category RMM
created 2024-08-03
detection_descriptions ['Threat hunting rule for detecting the execution of arbitrary code and remote sessions via Action1 RMM', 'Detects potential network activity of AnyViewer RMM tool']
domains ['.anyviewer.com', '.aomeisoftware.com']
free up to 10 devices
installation_paths ['C:\Program Files (x86)\AnyViewer\*']
last_modified 2024-08-03
ports ['443']
privileges System
supported_os ['Windows']
verification None

Apple Remote Desktop

Apple Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 4faa4c0b-ef5a-512e-85a8-e2ba69850e6e which can be used as unique global reference for Apple Remote Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Apple Remote Desktop RMM tool']
domains ['user_managed']
installation_paths ['ARDAgent.app']
last_modified 2024-08-02

Aspia

Aspia is an open-source Remote Desktop, file transfer and system information tool.

Internal MISP references

UUID f88950c8-5a20-5aec-8d79-901c8f3fd30c which can be used as unique global reference for Aspia in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Swachchhanda Shrawan Poudel (@swachchhanda)']
capabilities ['Remote desktop management', 'Remote desktop view', 'File transfer', 'System information', 'Text chat', 'Task manager', 'Encryption', 'Authorization (it is possible to add users with different access rights)', 'Address book with encryption and master-password', 'NAT traversal with connection by ID (with using Aspia Router and Aspia Relay)', 'Direct connections', 'Audio support', 'Video recording', 'Client and Console for Windows, MacOSX and Linux', 'Host for Windows only', 'Router/Relay for Windows and Linux']
category RMM
created 2025-05-09
detection_descriptions ['Detects potential network activity of Aspia RMM tool', 'Detects potential files activity of Aspia RMM tool', 'Detects potential processes activity of Aspia RMM tool']
domains ['https://github.com/dchapyshev/aspia']
installation_paths ['*\aspia_client.exe', 'C:\Program Files\Aspia\', 'C:\Program Files (x86)\Aspia\']
last_modified 2025-05-09
ports ['N/A']
privileges SYSTEM
supported_os ['Windows', 'MacOS', 'Linux']

Atera

Atera is a remote monitoring and management (RMM) tool. It is used by threat actors to deploy ransomware or facilitate command execution and lateral movement.

Internal MISP references

UUID 5741d522-c42c-50da-89e6-b7365a33a743 which can be used as unique global reference for Atera in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Théo Letailleur (in/theosyn)', 'Nasreddine Bencherchali (@nas_bench)', 'Kostas (@kostastsale)']
capabilities ['Integrated remote access with Splashtop and AnyDesk', 'Remote monitoring and management', 'Patch management', 'Network discovery', 'Backup and disaster recovery', 'Helpdesk and ticketing', 'Reporting and analytics', 'Billing and invoicing', 'Customer portal', 'Mobile app']
category RMM
created 2024-08-03
detection_descriptions ['Detects AteraAgent installations with suspicious command line arguments.', 'Detects Atera Agent installation.', 'Detects potential registry activity of Atera RMM tool', 'Detects potential network activity of Atera RMM tool', 'Detects potential files activity of Atera RMM tool', 'Detects potential processes activity of Atera RMM tool']
domains ['pubsub.atera.com', 'pubsub.pubnub.com', 'agentreporting.atera.com', 'getalphacontrol.com', 'app.atera.com', 'agenthb.atera.com', 'packagesstore.blob.core.windows.net', 'ps.pndsn.com', 'agent-api.atera.com', 'agentreportingstore.blob.core.windows.net', 'atera-agent-heartbeat.servicebus.windows.net', 'ps.atera.com', 'atera.pubnubapi.com', 'appcdn.atera.com']
free 30 day trial
installation_paths ['\AgentPackageNetworkDiscovery.exe', '\AgentPackageTaskScheduler.exe', '\ATERA Networks\AteraAgent\', '\AteraAgent.exe', 'atera_agent.exe', 'ateraagent.exe', 'C:\Program Files\ATERA Networks\AteraAgent\', 'C:\Program Files\Atera Networks', 'C:\Program Files (x86)\Atera Networks', 'syncrosetup.exe']
last_modified 2024-08-03
ports ['N/A']
privileges SYSTEM
supported_os ['Windows', 'MacOS', 'Linux']
verification None

Auvik

Auvik is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 61c69e86-4204-5f01-a89f-f922e974fbc8 which can be used as unique global reference for Auvik in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Auvik RMM tool', 'Detects potential processes activity of Auvik RMM tool']
domains ['.my.auvik.com', '.auvik.com', 'auvik.com']
installation_paths ['auvik.engine.exe', 'auvik.agent.exe']
last_modified 2024-08-02

AweRay

AweRay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 634ab1f4-ad01-5081-990f-d600eb7c7688 which can be used as unique global reference for AweRay in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of AweRay RMM tool', 'Detects potential processes activity of AweRay RMM tool']
domains ['asapi*.aweray.net', 'client-api.aweray.com']
installation_paths ['aweray_remote*.exe', 'AweSun.exe']
last_modified 2024-08-02

baramundi Management Suite

baramundi Management Suite is a comprehensive Unified Endpoint Management (UEM) platform designed for automated endpoint management across Windows, macOS, iOS, Linux, and Android devices. It provides features for inventory and network discovery, endpoint security, patch management, mobile device management (MDM), IT automation, operating system deployment and configuration, remote access service, digital employee experience (DEX), and license management. The baramundi Management Agent (bma.exe) operates as a Windows service named BARAAGNT and is used for remote monitoring and management of enterprise systems. The suite is available for on-premises, hybrid, or fully hosted deployment. baramundi also offers the Proactive Hub, a cloud-based platform for proactive IT management.

Internal MISP references

UUID 1f28abb7-d2ae-5067-a8d3-8507870ee4ae which can be used as unique global reference for baramundi Management Suite in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Michael Haag (@M_haggis)']
author @m_haggis
capabilities ['Remote Management', 'Inventory and Network Discovery', 'Endpoint Security', 'Patch Management', 'Mobile Device Management', 'IT Automation', 'OS Deployment and Configuration', 'Remote Access Service', 'Digital Employee Experience', 'License Management', 'File Transfer', 'Software Distribution', 'Vulnerability Scanning']
category RMM
created 2025-10-28
detection_descriptions ['Detects potential registry activity of baramundi Management Suite RMM tool', 'Detects potential network activity of baramundi Management Suite RMM tool', 'Detects potential file activity of baramundi Management Suite RMM tool']
domains ['*.baramundi.com', 'www.baramundi.com', 'docs.baramundi.com', 'isodownload.baramundi.com']
free false
installation_paths ['C:\Program Files\bsag\bma\', 'C:\Program Files\bsag\', 'C:\Program Files (x86)\bsag\bma\', 'C:\Program Files (x86)\bsag\']
last_modified 2025-10-28
ports ['443', '2608', '80']
privileges System
supported_os ['Windows', 'Linux', 'Mac', 'Android', 'IOS']
verification true

Barracuda

Barracuda is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 3fde6536-e59f-52b9-86ab-44b7af65c375 which can be used as unique global reference for Barracuda in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Barracuda RMM tool']
domains ['*.islonline.net', 'rmm.barracudamsp.com', 'barracudamsp.com']
last_modified 2024-08-02

Basecamp

Basecamp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 40bb6fd8-7853-5de7-b520-32ed7c9dfd8c which can be used as unique global reference for Basecamp in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Basecamp RMM tool']
domains ['basecamp.com']
last_modified 2024-08-02

BeamYourScreen

BeamYourScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID d505107b-1be9-536f-9454-5d40874c587d which can be used as unique global reference for BeamYourScreen in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of BeamYourScreen RMM tool', 'Detects potential processes activity of BeamYourScreen RMM tool']
domains ['beamyourscreen.com', '*.beamyourscreen.com']
installation_paths ['beamyourscreen.exe', 'beamyourscreen-host.exe']
last_modified 2024-08-02

BeAnyWhere

BeAnyWhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2402867d-7a6e-517d-90fc-d385be6f545a which can be used as unique global reference for BeAnyWhere in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of BeAnyWhere RMM tool', 'Detects potential processes activity of BeAnyWhere RMM tool']
domains ['beanywhere.en.uptodown.com/windows', 'beanywhere.com']
installation_paths ['basuptshelper.exe', 'basupsrvcupdate.exe', 'BASupApp.exe', 'BASupSysInf.exe', 'BASupAppSrvc.exe', 'TakeControl.exe', 'BASupAppElev.exe', 'basupsrvc.exe']
last_modified 2024-08-02

BeInSync

BeInSync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID efd662f3-a189-555f-a61b-9380c6590cea which can be used as unique global reference for BeInSync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of BeInSync RMM tool', 'Detects potential processes activity of BeInSync RMM tool']
domains ['.beinsync.net', '.beinsync.com']
installation_paths ['Beinsync*.exe']
last_modified 2024-08-02

BeyondTrust

BeyondTrust is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID de9a1242-b1bd-5c37-974c-8f7a720230f5 which can be used as unique global reference for BeyondTrust in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
category RMM
created 2024-08-02
last_modified 2024-08-02

BeyondTrust (Bomgar)

BeyondTrust (Bomgar) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2388c64d-ebeb-5b55-9bdf-29a64b5f2c98 which can be used as unique global reference for BeyondTrust (Bomgar) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of BeyondTrust (Bomgar) RMM tool', 'Detects potential processes activity of BeyondTrust (Bomgar) RMM tool']
domains ['.beyondtrustcloud.com', '.bomgarcloud.com', 'bomgarcloud.com']
installation_paths ['bomgar-scc-.exe', 'bomgar-scc.exe', 'bomgar-pac-.exe', 'bomgar-pac.exe', 'bomgar-rdp.exe']
last_modified 2024-08-02

Bitvise SSH Client

Bitvise SSH Client is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 522af268-eddf-5c3c-aafc-fcec6b604e6c which can be used as unique global reference for Bitvise SSH Client in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Bitvise SSH Client RMM tool']
installation_paths ['C:\Program Files (x86)\Bitvise SSH Client\', '\Bitvise SSH Client\', '\BvSshClient-Inst.exe']
last_modified 2024-08-02

Bitvise SSH Server

Bitvise SSH Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID a16fc07a-0730-555b-870a-7a3d0271e6a0 which can be used as unique global reference for Bitvise SSH Server in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Bitvise SSH Server RMM tool']
installation_paths ['C:\Program Files\Bitvise SSH Server\', '\Bitvise SSH Server\', '\BvSshServer-Inst.exe']
last_modified 2024-08-02

Bluetrait

Bluetrait is a Remote Monitoring and Management (RMM) tool designed to provide IT administrators and Managed Service Providers (MSPs) with remote access, system monitoring, and automation capabilities across Windows, Linux, and macOS devices. Like many RMM solutions, Bluetrait enables seamless remote management, allowing administrators to execute commands, install software, and troubleshoot issues without direct user intervention.

However, Proofpoint's research has highlighted how threat actors are increasingly abusing RMM tools, including Bluetrait, for malicious purposes. Attackers leverage Bluetrait as part of their post-exploitation strategy, often deploying it through phishing or social engineering techniques. Once installed, Bluetrait allows attackers to establish persistent remote access, circumvent traditional security controls, and execute malicious payloads under the guise of legitimate administrative activity.

Internal MISP references

UUID f4ee8bd1-08d4-5860-9094-31ab22980e0a which can be used as unique global reference for Bluetrait in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['The Haag (@M_haggis)']
author The Haag
capabilities ['Remote Monitoring', 'Remote Management', 'File Transfer', 'PowerShell Execution']
category RAT
created 2025-03-13
detection_descriptions ['Detects execution of Bluetrait agent executable by monitoring process creation events', 'Detects potential network activity of Bluetrait RMM tool', 'Detects potential files activity of Bluetrait RMM tool']
domains ['bluetrait.io', '*.bluetrait.io']
free true
installation_paths ['C:\Program Files (x86)\Bluetrait Agent\*']
last_modified 2025-03-13
ports ['443', '8080']
privileges Current User
supported_os ['Windows', 'Linux', 'macOS']
verification false

CentraStage (Now Datto)

CentraStage (Now Datto) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 75e8bdbc-2124-5b41-80cd-aaebab32a707 which can be used as unique global reference for CentraStage (Now Datto) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of CentraStage (Now Datto) RMM tool', 'Detects potential processes activity of CentraStage (Now Datto) RMM tool']
domains ['.rmm.datto.com', 'cc.centrastage.net', 'datto.com/au/products/rmm/']
installation_paths ['CagService.exe', 'AEMAgent.exe']
last_modified 2024-08-02

Centurion

Centurion is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 155b6c0d-8231-5d6f-b2e4-f2e5f0ed32b2 which can be used as unique global reference for Centurion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Centurion RMM tool', 'Detects potential processes activity of Centurion RMM tool']
domains ['centuriontech.com']
installation_paths ['ctiserv.exe']
last_modified 2024-08-02

Chicken (of the VNC)

Chicken (of the VNC) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 47bbd8dc-df04-5b56-a299-75a9401f8864 which can be used as unique global reference for Chicken (of the VNC) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

Chrome Remote Desktop

Chrome Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 20da1d96-221d-53ed-b5e7-202f8eb11447 which can be used as unique global reference for Chrome Remote Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Chrome Remote Desktop RMM tool', 'Detects potential processes activity of Chrome Remote Desktop RMM tool']
domains ['remotedesktop.google.com', 'remotedesktop-pa.googleapis.com', 'remotedesktop.google.com', 'chromoting-client.talkgadget.google.com', 'chromoting-host.talkgadget.google.com', 'chromoting-oauth.talkgadget.google.com']
installation_paths ['remote_host.exe', 'remoting_host.exe', 'C:\Program Files (x86)\Google\Chrome Remote Desktop\', '\Google\Chrome Remote Desktop\', '\remoting_host.exe']
last_modified 2024-08-02
supported_os ['Windows']

Chrome SSH Extension

Chrome SSH Extension is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID f6eccaba-4f59-563a-9a42-469280e9292a which can be used as unique global reference for Chrome SSH Extension in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
installation_paths ['C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodihamcpbpeioajjeobimgagajmlibd', 'Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodihamcpbpeioajjeobimgagajmlibd*']
last_modified 2024-08-02

CloudFlare Tunnel

CloudFlare Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 1a6410a4-1af8-5bd6-86fe-b70934c99b13 which can be used as unique global reference for CloudFlare Tunnel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of CloudFlare Tunnel RMM tool', 'Detects potential processes activity of CloudFlare Tunnel RMM tool']
domains ['cloudflare.com/products/tunnel/']
installation_paths ['cloudflared.exe']
last_modified 2024-08-02

Comodo RMM

Comodo RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID fccb1a99-0f24-5966-bb53-d25696e18283 which can be used as unique global reference for Comodo RMM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Comodo RMM RMM tool', 'Detects potential processes activity of Comodo RMM RMM tool']
domains ['.itsm-us1.comodo.com', 'mdmsupport.comodo.com', 'one.comodo.com']
installation_paths ['itsmagent.exe', 'rviewer.exe']
last_modified 2024-08-02
supported_os ['Windows']

ConnectWise

ConnectWise is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 97ae3b79-994d-5c1e-8a3a-8e7ea8246dc8 which can be used as unique global reference for ConnectWise in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
installation_paths ['C:\Program Files (x86)\ScreenConnect Client ()\', '\ScreenConnectClient\*']
last_modified 2024-08-02

Connectwise Automate (LabTech)

Connectwise Automate (LabTech) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 3c8ecd42-2a50-565a-816f-af9fccbec2ee which can be used as unique global reference for Connectwise Automate (LabTech) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Connectwise Automate (LabTech) RMM tool', 'Detects potential processes activity of Connectwise Automate (LabTech) RMM tool']
domains ['*.hostedrmm.com']
installation_paths ['ltsvc.exe', 'ltsvcmon.exe', 'lttray.exe']
last_modified 2024-08-02

ConnectWise Control

ConnectWise Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 90944dfe-839d-569b-a9a3-26e2740b1460 which can be used as unique global reference for ConnectWise Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ConnectWise Control RMM tool', 'Detects potential processes activity of ConnectWise Control RMM tool']
domains ['live.screenconnect.com', 'control.connectwise.com']
installation_paths ['connectwisechat-customer.exe', 'connectwisecontrol.client.exe', 'screenconnect.windowsclient.exe']
last_modified 2024-08-02

CrossLoop

CrossLoop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID b5a239fa-23d1-54f7-8361-615df4a2fbad which can be used as unique global reference for CrossLoop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of CrossLoop RMM tool', 'Detects potential processes activity of CrossLoop RMM tool']
domains ['*.crossloop.com', 'crossloop.en.softonic.com']
installation_paths ['crossloopservice.exe', 'CrossLoopConnect.exe', 'WinVNCStub.exe']
last_modified 2024-08-02

CrossTec Remote Control

CrossTec Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 16ae8de7-7c1c-5832-ba57-5e24a6015291 which can be used as unique global reference for CrossTec Remote Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of CrossTec Remote Control RMM tool', 'Detects potential processes activity of CrossTec Remote Control RMM tool']
domains ['user_managed', 'crosstecsoftware.com/remotecontrol']
installation_paths ['PCIVIDEO.EXE', 'supporttool.exe']
last_modified 2024-08-02

CruzControl

CruzControl is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID bed554cf-a26a-52ea-8b09-ca026de483e6 which can be used as unique global reference for CruzControl in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
last_modified 2024-08-02

DameWare

DameWare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2661f638-491b-5a09-b24d-e31006142127 which can be used as unique global reference for DameWare in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of DameWare RMM tool', 'Detects potential processes activity of DameWare RMM tool']
domains ['dameware.com']
installation_paths ['SolarWinds-Dameware-DRS.exe', 'DameWare Mini Remote Control.exe', 'C:\Windows\dwrcs\', 'C:\Program Files\SolarWinds\Dameware Mini Remote Control\', 'dntus.exe', 'dwrcs.exe', '\dwrcs\', '\dwrcst.exe', 'DameWare Remote Support.exe', 'SolarWinds-Dameware-MRC*.exe']
last_modified 2024-08-02

DeskDay

DeskDay is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID f5384da6-b7c8-5fa4-b2c5-ca05f7c77147 which can be used as unique global reference for DeskDay in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of DeskDay RMM tool', 'Detects potential processes activity of DeskDay RMM tool']
domains ['deskday.ai', 'app.deskday.ai']
installation_paths ['ultimate_*.exe']
last_modified 2024-08-02
supported_os ['Windows']

DeskNets

DeskNets is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 1e4ecf9a-b537-5566-90e9-6672c9a824bf which can be used as unique global reference for DeskNets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
last_modified 2024-08-02

DeskShare

DeskShare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 73f96f59-2f82-5870-abfc-61e89a31b980 which can be used as unique global reference for DeskShare in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of DeskShare RMM tool', 'Detects potential processes activity of DeskShare RMM tool']
domains ['user_managed']
installation_paths ['TeamTaskManager.exe', 'DSGuest.exe']
last_modified 2024-08-02

DesktopNow

DesktopNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e0d806bb-47dd-58b4-8fcf-8e6f7dc188d8 which can be used as unique global reference for DesktopNow in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of DesktopNow RMM tool', 'Detects potential processes activity of DesktopNow RMM tool']
domains ['*.nchuser.com']
installation_paths ['desktopnow.exe']
last_modified 2024-08-02

Dev Tunnels (aka Visual Studio Dev Tunnel)

Dev Tunnels (aka Visual Studio Dev Tunnel) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID a69ece77-0c47-55e2-b889-cb83bc8dcb18 which can be used as unique global reference for Dev Tunnels (aka Visual Studio Dev Tunnel) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Dev Tunnels (aka Visual Studio Dev Tunnel) RMM tool']
domains ['learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview']
last_modified 2024-08-02

Devolutions Remote Desktop Manager

Devolutions Remote Desktop Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 9278b28e-54be-5be2-bf34-5f03a104c47c which can be used as unique global reference for Devolutions Remote Desktop Manager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['ogmini (https://ogmini.github.io/)']
author ogmini
category RAT
created 2025-06-02
detection_descriptions ['Detects potential files activity of Devolutions Remote Desktop Manager RMM tool', 'Detects potential processes activity of Devolutions Remote Desktop Manager RMM tool']
installation_paths ['C:\Program Files\Devolutions\Remote Desktop Manager', '*\RemoteDesktopManager.exe']
last_modified 2025-06-02
supported_os ['Windows', 'Linux', 'Android', 'Mac', 'IOS']

Distant Desktop

Distant Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 641e598e-9896-5448-8a4e-85886c66644f which can be used as unique global reference for Distant Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Distant Desktop RMM tool', 'Detects potential processes activity of Distant Desktop RMM tool']
domains ['.distantdesktop.com', 'signalserver.xyz']
installation_paths ['ddsystem.exe', 'dd.exe', 'distant-desktop.exe']
last_modified 2024-08-02

Domotz

Domotz is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID d53797e9-04d2-5393-a50c-59833497a03b which can be used as unique global reference for Domotz in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Domotz RMM tool', 'Detects potential processes activity of Domotz RMM tool']
domains ['.domotz.co', 'domotz.com', 'cell-1.domotz.com']
installation_paths ['domotz.exe', 'Domotz Pro Desktop App.exe', 'domotz_bash.exe', 'domotz.exe', 'Domotz Pro Desktop App Setup.exe', 'domotz-windows*.exe']
last_modified 2024-08-02

DragonDisk

DragonDisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 190a6e69-4b2e-5f14-a8bf-beaea2a01e71 which can be used as unique global reference for DragonDisk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of DragonDisk RMM tool']
installation_paths ['C:\Program Files (x86)\Almageste\DragonDisk\', '\Almageste\DragonDisk\', '\DragonDisk.exe']
last_modified 2024-08-02
supported_os ['Windows']

Duet Display

Duet Display is a screen sharing and remote desktop software product that ships with RMM capability. The tool includes remote desktop access functionality and is part of the broader itagent product family which features system management and automation functions. Duet Display has been observed being used for remote access capabilities beyond its primary screen-sharing purpose.

Internal MISP references

UUID 516519ca-5a07-5128-842f-dd96e8334f27 which can be used as unique global reference for Duet Display in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Syndikalist (@Syndikalist)']
author Michael Haag
capabilities ['Remote Control', 'Remote Access', 'Screen Sharing', 'Remote Desktop', 'System Management']
category RAT
created 2026-01-15
domains ['.duetdisplay.com', 'rdp.duetdisplay.com', 'duetdisplay.com', '.itagent.com', 'itagent.com']
free Trial Available
installation_paths ['duet.exe', 'DuetSetup.exe', 'DuetDisp.exe']
last_modified 2026-01-15
ports ['443']
privileges User/SYSTEM
supported_os ['Windows', 'Mac', 'iOS', 'Android']
verification Code-signed

Duplicati

Duplicati is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 9ac0fbce-e75c-5299-8b3c-1739ff4759e1 which can be used as unique global reference for Duplicati in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Duplicati RMM tool']
installation_paths ['c:\Program Files\\Duplicati.Server.exe', '\*\Duplicati.Server.exe']
last_modified 2024-08-02
supported_os ['Windows']

DW Service

DW Service is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 91f74b17-947b-5cd0-9bca-ed6585aaff92 which can be used as unique global reference for DW Service in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of DW Service RMM tool', 'Detects potential processes activity of DW Service RMM tool']
domains ['*.dwservice.net']
installation_paths ['dwagsvc.exe', 'dwagent.exe']
last_modified 2024-08-02
supported_os ['Windows']

Echoware

Echoware is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID a48207df-4bbf-55e9-a1f5-e0b85cd08818 which can be used as unique global reference for Echoware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Echoware RMM tool']
installation_paths ['echoserver*.exe', 'echoware.dll']
last_modified 2024-08-02

eHorus

eHorus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 9a3632a0-d23a-53c6-a584-60f9a4b2e220 which can be used as unique global reference for eHorus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Daniel Koifman (@KoifSec)']
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of eHorus RMM tool', 'Detects potential processes activity of eHorus RMM tool']
domains ['ehorus.com']
installation_paths ['C:\Program Files\ehorus_agent\*', 'ehorus standalone.exe', 'ehorus_agent.exe', 'ehorus_cmd.exe', 'ehorus_launcher.exe', 'ehorus_uit.exe']
last_modified 2024-08-02
supported_os ['Windows', 'Linux', 'Mac']
verification true

Electric AI (Kaseya)

Electric AI (Kaseya) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 4fd8d6a6-247b-5a16-961c-eb56360b4757 which can be used as unique global reference for Electric AI (Kaseya) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Electric AI (Kaseya) RMM tool']
domains ['electric.ai']
last_modified 2024-08-02

EMCO Remote Console

EMCO Remote Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7de26a2a-3f71-589d-a857-914b55b88a2d which can be used as unique global reference for EMCO Remote Console in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of EMCO Remote Console RMM tool', 'Detects potential processes activity of EMCO Remote Console RMM tool']
domains ['user_managed', 'emcosoftware.com']
installation_paths ['remoteconsole.exe']
last_modified 2024-08-02

Encapto

Encapto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 1a5b9bae-b2e5-5a29-b109-48520cb2d97b which can be used as unique global reference for Encapto in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Encapto RMM tool']
domains ['encapto.com']
last_modified 2024-08-02

Ericom AccessNow

Ericom AccessNow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 68423d5b-97f9-5623-a1d1-0663dd416ef4 which can be used as unique global reference for Ericom AccessNow in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Ericom AccessNow RMM tool', 'Detects potential processes activity of Ericom AccessNow RMM tool']
domains ['user_managed', 'ericom.com']
installation_paths ['accessserver*.exe', 'accessserver.exe']
last_modified 2024-08-02

Ericom Connect

Ericom Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 8577f653-d7fa-5cc3-ac84-a9c2d1a14333 which can be used as unique global reference for Ericom Connect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Ericom Connect RMM tool', 'Detects potential processes activity of Ericom Connect RMM tool']
domains ['user_managed', 'ericom.com']
installation_paths ['EricomConnectRemoteHost*.exe', 'ericomconnnectconfigurationtool.exe']
last_modified 2024-08-02

ESET Remote Administrator

ESET Remote Administrator is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID a2e157f0-f539-5086-9e50-5cb14ba884d8 which can be used as unique global reference for ESET Remote Administrator in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ESET Remote Administrator RMM tool', 'Detects potential processes activity of ESET Remote Administrator RMM tool']
domains ['user_managed', 'eset.com/me/business/remote-management/remote-administrator/']
installation_paths ['era.exe', 'einstaller.exe', 'ezhelp*.exe', 'eratool.exe', 'ERAAgent.exe']
last_modified 2024-08-02

ExtraPuTTY

ExtraPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 8f1977fe-7a19-5b99-b664-fd956a206eb2 which can be used as unique global reference for ExtraPuTTY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of ExtraPuTTY RMM tool']
installation_paths ['C:\Users\\ExtraPuTTY-0.30-2016-01-28-installer.exe', 'Users\\ExtraPuTTY-0.30-2016-01-28-installer.exe', '\ExtraPuTTY-0.30-2016-01-28-installer.exe']
last_modified 2024-08-02
supported_os ['Windows']

ezHelp

ezHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID eaabf55c-1728-5457-820d-e51a1e1628de which can be used as unique global reference for ezHelp in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ezHelp RMM tool', 'Detects potential processes activity of ezHelp RMM tool']
domains ['*.ezhelp.co.kr', 'ezhelp.co.kr']
installation_paths ['ezhelpclientmanager.exe', 'ezHelpManager.exe', 'ezhelpclient.exe']
last_modified 2024-08-02

FastViewer

FastViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID a124643a-d4bc-56cf-ac9a-204ca7ece554 which can be used as unique global reference for FastViewer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of FastViewer RMM tool', 'Detects potential processes activity of FastViewer RMM tool']
domains ['*.fastviewer.com', 'fastviewer.com']
installation_paths ['fastclient.exe', 'fastmaster.exe', 'FastViewer.exe']
last_modified 2024-08-02

FixMe.it

FixMe.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 8c44e62f-6302-52d2-a102-895c09d9abac which can be used as unique global reference for FixMe.it in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of FixMe.it RMM tool', 'Detects potential processes activity of FixMe.it RMM tool']
domains ['.fixme.it', '.techinline.net', 'fixme.it', 'set.me', 'setme.net']
installation_paths ['FixMeit Client.exe', 'TiExpertStandalone.exe', 'FixMeitClient.exe', 'TiExpertCore.exe', 'FixMeit Unattended Access Setup.exe', 'FixMeit Expert Setup.exe', 'fixmeitclient.exe', 'TiClientCore.exe', 'TiClientHelper.exe', '9380CC75B872221A7425D7503565B67580407F60']
last_modified 2024-08-02
supported_os ['Windows']

FleetDeck.io

FleetDeck is a remote monitoring and management (RMM) tool that provides agent-based remote desktop access and system management capabilities. The software supports remote desktop access, reboot/shutdown capabilities including safe mode, and virtual terminal support. FleetDeck agents report system information and enable remote access to managed endpoints. The tool can be deployed via MSI, MST, or shared link installations.

Internal MISP references

UUID 8b904090-6288-5c1e-b958-ac8f380a7cea which can be used as unique global reference for FleetDeck.io in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['default1337 (@default1337)']
author Michael Haag
capabilities ['Remote Control', 'Remote Access', 'Remote Desktop', 'System Reboot', 'Safe Mode Access', 'Remote Shutdown', 'Virtual Terminal', 'System Monitoring']
category RMM
created 2026-01-15
detection_descriptions ['Detects potential network activity of FleetDeck.io RMM tool', 'Detects potential processes activity of FleetDeck.io RMM tool']
domains ['*.fleetdeck.io', 'fleetdeck.io', 'agentmqtt.fleetdeck.io', 'checkip.zmazonaws.com']
free Trial and Paid
installation_paths ['C:\Program Files (x86)\FleetDeck Agent\fleetdeck_agent_svc.exe', 'C:\Program Files (x86)\FleetDeck Agent\\fleetdeck_agent.exe', 'C:\Program Files (x86)\FleetDeck Agent\\fd_agent.dll', 'C:\Windows\Temp\FleetDeck\*', 'fleetdeck-agent.exe', 'fleetdeck_agent_svc.exe', 'fleetdeck_commander_svc.exe', 'fleetdeck_installer.exe', 'fleetdeck_commander_launcher.exe', 'fleetdeck_agent.exe', 'fleetdeck-agent.msi', 'fleetdeck-agent.mst']
last_modified 2026-01-15
ports ['443']
privileges SYSTEM
supported_os ['Windows']
verification Code-signed

Fortra

Fortra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 76413478-726b-5fe8-8100-ba2a1c79794c which can be used as unique global reference for Fortra in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Fortra RMM tool']
domains ['fortra.com']
last_modified 2024-08-02

Free Ping Tool

Free Ping Tool is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 4a6220d4-f5f2-5939-8623-63470f7888be which can be used as unique global reference for Free Ping Tool in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
category RAT
created 2024-08-02
installation_paths ["can't find this one"]
last_modified 2024-08-02

Free Tools Launcher

Free Tools Launcher is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 9c8ee8b7-88f4-553d-80ce-a0912fa4e75c which can be used as unique global reference for Free Tools Launcher in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
installation_paths ['C:\Program Files\ManageEngine\ManageEngine Free Tools\Launcher\', '\ManageEngine\*']
last_modified 2024-08-02

FreeNX

FreeNX is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 040fe6ac-7f04-51dd-a5f1-170aadea2865 which can be used as unique global reference for FreeNX in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of FreeNX RMM tool']
installation_paths ['C:\\nxplayer.exe', '\nxplayer.exe']
last_modified 2024-08-02
supported_os ['Windows']

FreeRDP

FreeRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 99baae0d-db17-5ed4-b841-ac0e53a8d91f which can be used as unique global reference for FreeRDP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

GatherPlace-desktop sharing

GatherPlace-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0fb82c4e-da7a-5bbe-abe5-bb3d0bc406e3 which can be used as unique global reference for GatherPlace-desktop sharing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of GatherPlace-desktop sharing RMM tool', 'Detects potential processes activity of GatherPlace-desktop sharing RMM tool']
domains ['.gatherplace.com', '.gatherplace.net', 'gatherplace.com']
installation_paths ['gp3.exe', 'gp4.exe', 'gp5.exe']
last_modified 2024-08-02

GetScreen

GetScreen is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID beef88f0-a813-552b-be9a-b7e6baff459a which can be used as unique global reference for GetScreen in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of GetScreen RMM tool', 'Detects potential processes activity of GetScreen RMM tool']
domains ['getscreen.me', 'GetScreen.me', '*.getscreen.me']
installation_paths ['GetScreen.exe', 'getscreen.exe']
last_modified 2024-08-02
supported_os ['Windows']

Gorelo RMM

Gorelo RMM is a remote monitoring and management tool facilitating remote access and control of devices for support and administration.

Internal MISP references

UUID 6ad9415e-3242-56cd-a313-673b09dbf4fd which can be used as unique global reference for Gorelo RMM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Squiblydoo (https://github.com/Squiblydoo)', 'Jean-Marc ALBERT (in/jeanmarcalbert)']
author Jean-Marc ALBERT
capabilities ['File Transfer', 'File System Access', 'Remote Control', 'GUI Support', 'Command line Support']
category RMM
created 2025-11-13
detection_descriptions ['Detects potential network activity of Gorelo RMM RMM tool', 'Detects potential files activity of Gorelo RMM RMM tool']
domains ['app.gorelo.io', 'gorelo-rmm.azurewebsites.net', 'gw.usw.gorelo.tech', 'lr.rmm.pod1.usw.gorelo.tech', 'public.rmm.pod1.usw.gorelo.tech', 'r1.rmm.uw.gorelo.tech', 'sr.rmm.pod1.usw.gorelo.tech']
free false
last_modified 2025-11-13
ports ['443']
privileges User
supported_os ['Windows', 'Mac']
verification false

GoTo Opener

GoTo Opener is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID da618438-ecb6-5859-ab03-e7072a76cbd9 which can be used as unique global reference for GoTo Opener in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
installation_paths ['C:\Program Files (x86)\GoTo Opener', '*\GoTo Opener']
last_modified 2024-08-02

GoToAssist

GoToAssist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 9a6aaf92-688f-5c63-b532-7f58c8488931 which can be used as unique global reference for GoToAssist in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of GoToAssist RMM tool', 'Detects potential processes activity of GoToAssist RMM tool']
domains ['goto.com', '.getgo.com', '.fastsupport.com', '.gotoassist.com', 'helpme.net', '.gotoassist.me', '.gotoassist.at', '.desktopstreaming.com', '*.cdn.getgo.com']
installation_paths ['gotoassist.exe', 'g2a*.exe', 'GoTo Assist Opener.exe', 'g2mcomm.exe', 'g2mupdate.com', 'goto opener.exe', 'g2ax_comm_customer.exe']
last_modified 2024-08-02
supported_os ['Windows']

GoToAssist (GoTo Resolve)

GoTo Resolve (formerly LogMeIn Resolve) is an all-in-one IT management and remote monitoring and management (RMM) solution designed for small and midsize businesses (SMBs) and managed service providers (MSPs). It combines remote monitoring and management capabilities with remote support and access, ticketing, automation, and helpdesk functionality in a unified platform.

Internal MISP references

UUID 0e8a898b-4672-5667-82dd-bea6b73127b2 which can be used as unique global reference for GoToAssist (GoTo Resolve) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Daniel Koifman (KoifSec)
capabilities ['Command line Support', 'File System Access', 'File Transfer', 'GUI Support', 'Remote Control']
category RMM
created 2025-11-12
free false
installation_paths ['C:\Program Files (x86)\GoTo Resolve Unattended\', 'C:\Program Files\GoTo Resolve Unattended\', 'GoToResolveExternalModuleHandler.exe', 'GoToResolveFileManager.exe', 'GoToResolveLoggerProcess.exe', 'GoToResolveNetworkChecker.exe', 'GoToResolveProcessChecker.exe', 'GoToResolveQuickView.exe', 'GoToResolveRegistryEditor.exe', 'GoToResolveRemoteControl.exe', 'GoToResolveService.exe', 'GoToResolveServiceManager.exe', 'GoToResolveTerminal.exe', 'GoToResolveTools32.exe', 'GoToResolveTools64.exe', 'GoToResolveUi.exe', 'GoToResolveUnattended.exe', 'GoToResolveUnattendedRemover.exe', 'GoToResolveUnattendedUi.exe']
last_modified 2025-11-12
privileges User
supported_os ['Android', 'Windows', 'Mac']
verification true

GoToAssist Agent Desktop Console

GoToAssist Agent Desktop Console is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ebb8d433-a53a-5226-b006-251c2164a29b which can be used as unique global reference for GoToAssist Agent Desktop Console in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
installation_paths ['C:\\G2RDesktopConsole-x64.msi', '\G2RDesktopConsole-x64.msi']
last_modified 2024-08-02

GotoHTTP

GotoHTTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 62f4e138-2a90-54f4-b3dd-4914775b1af2 which can be used as unique global reference for GotoHTTP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of GotoHTTP RMM tool', 'Detects potential processes activity of GotoHTTP RMM tool']
domains ['*.gotohttp.com', 'gotohttp.com']
installation_paths ['GotoHTTP_x64.exe', 'gotohttp.exe', 'GotoHTTP*.exe']
last_modified 2024-08-02

GoToMyPC

GoToMyPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID fc4d4948-c837-5e2f-8d9a-b0d9e4de8eb7 which can be used as unique global reference for GoToMyPC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Phill Moore (@phillmoore)']
author Nasreddine Bencherchali
category RMM
created 2024-08-05
detection_descriptions ['Detects potential registry activity of GoToMyPC RMM tool', 'Detects potential network activity of GoToMyPC RMM tool', 'Detects potential files activity of GoToMyPC RMM tool']
domains ['*.GoToMyPC.com']
installation_paths ['C:\Program Files (x86)\GoToMyPC\*']
last_modified 2024-08-05
ports ['N/A']

Goverlan

Goverlan is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7be6b42f-bcbd-5113-b28e-c3e20673b1f7 which can be used as unique global reference for Goverlan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Goverlan RMM tool', 'Detects potential processes activity of Goverlan RMM tool']
domains ['user_managed', 'goverlan.com']
installation_paths ['goverrmc.exe', 'govsrv.exe', 'GovAgentInstallHelper.exe', 'GovAgentx64.exe', 'GovReachClient.exe', 'C:\Program Files (x86)\PJ Technologies\GOVsrv\', '\PJ Technologies\GOVsrv\', '*\GovSrv.exe']
last_modified 2024-08-02
supported_os ['Windows']

Guacamole

Guacamole is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ea82c9c7-10d6-5666-919c-8ac058d86dad which can be used as unique global reference for Guacamole in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Guacamole RMM tool', 'Detects potential processes activity of Guacamole RMM tool']
domains ['user_managed', 'guacamole.apache.org']
installation_paths ['guacd.exe']
last_modified 2024-08-02

HeartbeatRM

HeartbeatRM is a remote monitoring and management (RMM) tool that has been observed being leveraged in social engineering campaigns, including invitation-themed and Social Security–related phishing lures, to establish unauthorised remote access on victim endpoints prior to the deployment of ScreenConnect. The tool installs as a Windows service and serves as an initial access mechanism and staging point for secondary RMM deployment. Note - Specific binary names and paths reported in threat intelligence could not be independently verified via VirusTotal or official documentation.

Internal MISP references

UUID 152b561b-3df2-56de-bee7-c7626e5c0856 which can be used as unique global reference for HeartbeatRM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['0xburgers (@0xburgers)']
author Michael Haag
capabilities ['Remote Control', 'Remote Access', 'File Transfer', 'Command Line Support']
category RMM
created 2026-01-15
domains ['*.heartbeatrm.com', 'heartbeatrm.com']
free Unknown
installation_paths ['C:\Program Files (x86)\HeartbeatRM\', 'C:\Program Files\HeartbeatRM\', '\HeartbeatRM\', 'agent-installer-any.exe', 'hbrm-x64.exe', 'hbrm-updater-x64.exe']
last_modified 2026-01-15
privileges SYSTEM
supported_os ['Windows']

HelpBeam

HelpBeam is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 550dbcb4-a420-593e-8d4b-c25ec706cddc which can be used as unique global reference for HelpBeam in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of HelpBeam RMM tool', 'Detects potential processes activity of HelpBeam RMM tool']
domains ['helpbeam.software.informer.com']
installation_paths ['helpbeam*.exe']
last_modified 2024-08-02

HelpU

HelpU is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 266417e6-310e-5f3d-987d-4544360ac165 which can be used as unique global reference for HelpU in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of HelpU RMM tool', 'Detects potential processes activity of HelpU RMM tool']
domains ['helpu.co.kr', '*.helpu.co.kr']
installation_paths ['helpu_install.exe', 'HelpuUpdater.exe', 'HelpuManager.exe']
last_modified 2024-08-02

HopToDesk

HopToDesk is an open-source remote desktop tool similar to RustDesk. The tool has been observed being used by ransomware actors as a fallback when Quick Assist is blocked. HopToDesk creates firewall rules automatically and installs itself in Program Files. The tool communicates with signal servers and uses TURN servers for connectivity.

Internal MISP references

UUID be9d2517-bd25-57b3-a9da-6b1e1c17c079 which can be used as unique global reference for HopToDesk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Tyler Schultz (@shockwave_ts)', 'rcKillam (@rcKillam)']
author Michael Haag
capabilities ['Remote Control', 'Remote Desktop', 'Screen Sharing', 'File Transfer']
category RMM
created 2026-01-15
detection_descriptions ['Detects potential network activity of HopToDesk RMM tool', 'Detects potential files activity of HopToDesk RMM tool', 'Detects potential processes activity of HopToDesk RMM tool']
domains ['hoptodesk.com', 'api.hoptodesk.com', 'signal.hoptodesk.com', 'turn.hoptodesk.com', 'download.hoptodesk.com', 'www.hoptodesk.com']
free Open Source
installation_paths ['C:\Program Files (x86)\HopToDesk\HopToDesk.exe', 'HopToDesk.exe', 'HopToDesk-Standalone.exe']
last_modified 2026-01-15
ports ['443']
privileges User/SYSTEM
supported_os ['Windows', 'Mac', 'Linux', 'Android']
verification Code-signed by Sectigo

I'm InTouch

I'm InTouch is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0c1df67a-cf13-5f2f-a760-a9de2da1e5db which can be used as unique global reference for I'm InTouch in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ["Detects potential network activity of I'm InTouch RMM tool", "Detects potential processes activity of I'm InTouch RMM tool"]
domains ['*.01com.com', '01com.com/imintouch-remote-pc-desktop']
installation_paths ['iit.exe', 'intouch.exe', "I'm InTouch Go Installer.exe"]
last_modified 2024-08-02

iDrive

iDrive is a cloud backup and remote management software that has recently been observed being leveraged in social engineering campaigns, including invitation-themed and Social Security-related phishing lures, to establish unauthorized remote access on victim endpoints prior to the deployment of ScreenConnect. The tool installs as a Windows Scheduled Task and has been used as an initial access mechanism and staging point for secondary RMM deployment.

Internal MISP references

UUID ebc26294-581b-5f12-b683-6387f1d3cc78 which can be used as unique global reference for iDrive in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['0xburgers (@0xburgers)']
author Michael Haag
capabilities ['Cloud Backup', 'Remote Access', 'File Synchronization', 'Remote Desktop (BMR)', 'System Management']
category RAT
created 2026-01-21
domains ['idrive.com', '*.idrive.com', 'api.idrive.com']
free false
installation_paths ['C:\ProgramData\IDrive\', 'C:\Program Files\IDrive\', 'C:\Program Files (x86)\IDrive\', 'C:\Users\\AppData\Local\IDrive\', 'C:\Users\\Downloads\IDriveWinSetup.exe', 'IDriveWinSetup.exe', 'IDriveEClassic.exe', 'id_tray.exe', 'IDComponent.dll']
last_modified 2026-01-21
ports ['443', '80']
privileges User
supported_os ['Windows', 'macOS', 'Linux', 'Android', 'iOS']
verification Commercial

ImmyBot

ImmyBot is a remote monitoring and management (RMM) and automation tool designed for MSPs, focusing on workstation configuration, software deployment, and patch management. The tool has been reported in private threat intelligence as being delivered via phishing campaigns to establish unauthorized remote access, though no public references are currently available. ImmyBot uses signed agents and operates over secure websockets to managed endpoints.

Internal MISP references

UUID 0848e646-778b-5a26-8b47-5360c3df6e3e which can be used as unique global reference for ImmyBot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['boredchilada (@boredchilada)']
author Michael Haag
capabilities ['Remote Control', 'Remote Access', 'File Transfer', 'Command Line Support', 'Software Deployment', 'Patch Management', 'Script Execution', 'Automated Configuration']
category RMM
created 2026-01-15
domains ['*.immy.bot', 'immy.bot']
free Trial Available
installation_paths ['C:\Program Files\ImmyBot\ImmyAgent.exe', 'C:\Program Files\ImmyBot\ImmyUpdater.exe', 'C:\Program Files (x86)\ImmyBot\ImmyAgent.exe', 'C:\Program Files (x86)\ImmyBot\ImmyUpdater.exe', '\ImmyBot\', 'C:\Windows\Temp\ImmyBot\*', 'ImmyAgent.exe', 'ImmyUpdater.exe', 'ImmyBot.Agent.Ephemeral.exe', 'ImmyBot.msi']
last_modified 2026-01-15
ports ['443']
privileges SYSTEM
supported_os ['Windows']
verification Code-signed with EV certificate

Impero Connect

Impero Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 74f707fd-2926-584a-8e5a-7d7abc8f2eca which can be used as unique global reference for Impero Connect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Impero Connect RMM tool', 'Detects potential processes activity of Impero Connect RMM tool']
domains ['imperosoftware.com']
installation_paths ['ImperoClientSVC.exe']
last_modified 2024-08-02

Instant Housecall

Instant Housecall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID effbe985-ec78-53cc-8495-c20d41da6a47 which can be used as unique global reference for Instant Housecall in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Instant Housecall RMM tool', 'Detects potential processes activity of Instant Housecall RMM tool']
domains ['.instanthousecall.com', 'secure.instanthousecall.com', '.instanthousecall.net', 'instanthousecall.com']
installation_paths ['hsloader.exe', 'InstantHousecall.exe', 'ihcserver.exe', 'instanthousecall.exe']
last_modified 2024-08-02

Insync

Insync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 24bc3aed-5464-5cc7-84f6-560b478cf487 which can be used as unique global reference for Insync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Insync RMM tool']
installation_paths ['C:\Users\USERNAME\AppData\Roaming\Insync\App\Insync.exe', 'Users\\AppData\Roaming\Insync\App\Insync.exe', '*\Insync.exe']
last_modified 2024-08-02

IntelliAdmin Remote Control

IntelliAdmin Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID b04a40c6-9731-50fd-bffb-fa87cbdc100e which can be used as unique global reference for IntelliAdmin Remote Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of IntelliAdmin Remote Control RMM tool', 'Detects potential processes activity of IntelliAdmin Remote Control RMM tool']
domains ['user_managed', '*.intelliadmin.com', 'intelliadmin.com/remote-control']
installation_paths ['iadmin.exe', 'intelliadmin.exe', 'agent32.exe', 'agent64.exe', 'agent_setup_5.exe']
last_modified 2024-08-02

Iperius Remote

Iperius Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 3135ff63-3e39-53a6-8bea-66bfbaa08f51 which can be used as unique global reference for Iperius Remote in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Iperius Remote RMM tool', 'Detects potential processes activity of Iperius Remote RMM tool']
domains ['.iperiusremote.com', '.iperius.com', '*.iperius-rs.com', 'iperiusremote.com']
installation_paths ['iperius.exe', 'iperiusremote.exe']
last_modified 2024-08-02

ISL Light

ISL Light is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID c580eb1e-816e-5c78-8ed1-29306db1a363 which can be used as unique global reference for ISL Light in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ISL Light RMM tool', 'Detects potential processes activity of ISL Light RMM tool']
domains ['islonline.com']
installation_paths ['islalwaysonmonitor.exe', 'isllight.exe', 'isllightservice.exe']
last_modified 2024-08-02

ISL Online

ISL Online is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 68a3e0bd-82e3-5d0f-a38f-7869086a93f9 which can be used as unique global reference for ISL Online in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ISL Online RMM tool', 'Detects potential processes activity of ISL Online RMM tool']
domains ['.islonline.com', '.islonline.net']
installation_paths ['\ISLLight.exe', 'isllight.exe', 'ISLLightClient.exe', 'C:\Program Files (x86)\ISL Online\ISL Light', '\ISL Online\ISL Light', 'ISLLight.exe', 'isllightservice.exe', 'islalwaysonmonitor.exe']
last_modified 2024-08-02

Itarian

Itarian is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 891d1693-fcae-5bb9-9649-28d7df3d4f45 which can be used as unique global reference for Itarian in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Itarian RMM tool', 'Detects potential processes activity of Itarian RMM tool']
domains ['mdmsupport.comodo.com', '.itsm-us1.comodo.com', '.cmdm.comodo.com', 'remoteaccess.itarian.com', 'servicedesk.itarian.com']
installation_paths ['ITSMAgent.exe', 'RViewer.exe', 'ItsmRsp.exe', 'RAccess.exe', 'RmmService.exe', 'ITarianRemoteAccessSetup.exe', 'RDesktop.exe', 'ComodoRemoteControl.exe', 'ITSMService.exe', 'RHost.exe']
last_modified 2024-08-02

ITSupport247 (ConnectWise)

ITSupport247 (ConnectWise) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 3b24327a-9190-58fa-92be-1e25551784bf which can be used as unique global reference for ITSupport247 (ConnectWise) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ITSupport247 (ConnectWise) RMM tool', 'Detects potential processes activity of ITSupport247 (ConnectWise) RMM tool']
domains ['*.itsupport247.net']
installation_paths ['saazapsc.exe']
last_modified 2024-08-02
supported_os ['Windows']

Ivanti Remote Control

Ivanti Remote Control is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 447ba4a9-42b6-58dd-b8a9-78f52a2aaf68 which can be used as unique global reference for Ivanti Remote Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Ivanti Remote Control RMM tool', 'Detects potential processes activity of Ivanti Remote Control RMM tool']
domains ['*.ivanticloud.com']
installation_paths ['IvantiRemoteControl.exe', 'ArcUI.exe', 'AgentlessRC.exe']
last_modified 2024-08-02

JollysFastVNC

JollysFastVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 4963e3e8-168e-5e35-b854-ab42addf3254 which can be used as unique global reference for JollysFastVNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

Jump Cloud

Jump Cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID b4b07d8d-998f-548e-81d8-d1328882e0d6 which can be used as unique global reference for Jump Cloud in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Jump Cloud RMM tool']
domains ['.api.jumpcloud.com', '.assist.jumpcloud.com']
installation_paths ['JumpCloud*.exe']
last_modified 2024-08-02

Jump Desktop

Jump Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ae566ae9-fdb3-5f43-8240-ad5893ff5a8e which can be used as unique global reference for Jump Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Jump Desktop RMM tool', 'Detects potential processes activity of Jump Desktop RMM tool']
domains ['.jumpdesktop.com', 'jumpdesktop.com', 'jumpto.me', '.jumpto.me']
installation_paths ['jumpclient.exe', 'jumpdesktop.exe', 'jumpservice.exe', 'jumpconnect.exe', 'jumpupdater.exe']
last_modified 2024-08-02

Kabuto

Kabuto is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID f4ca3877-a322-5190-aec8-c31f51502812 which can be used as unique global reference for Kabuto in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Kabuto RMM tool', 'Detects potential processes activity of Kabuto RMM tool']
domains ['*.kabuto.io', 'repairtechsolutions.com/kabuto/']
installation_paths ['Kabuto.App.Runner.exe']
last_modified 2024-08-02

Kaseya (VSA)

Kaseya (VSA) aka Unigma is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID dfe81154-54d9-5967-ae60-3d669beb0c20 which can be used as unique global reference for Kaseya (VSA) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Nasreddine Bencherchali
category RMM
created 2024-08-05
detection_descriptions ['Detects potential network activity of Kaseya (VSA) RMM tool', 'Detects potential files activity of Kaseya (VSA) RMM tool']
domains ['deploy01.kaseya.com', 'managedsupport.kaseya.net', '.kaseya.net', 'kaseya.com']
installation_paths ['C:\Program Files (x86)\Kaseya\', 'C:\ProgramData\Kaseya\']
last_modified 2024-08-05
supported_os ['Windows']

KHelpDesk

KHelpDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 88f6cb19-5149-5d37-b980-d6a56d2bb942 which can be used as unique global reference for KHelpDesk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of KHelpDesk RMM tool', 'Detects potential processes activity of KHelpDesk RMM tool']
domains ['*.khelpdesk.com.br']
installation_paths ['KHelpDesk.exe']
last_modified 2024-08-02

KickIdler

KickIdler is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ed859ff5-9ee9-58ba-a041-d85c05275e2a which can be used as unique global reference for KickIdler in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of KickIdler RMM tool']
domains ['kickidler.com', 'my.kickidler.com']
installation_paths ['grabberEM.msi', 'grabberTT.msi']
last_modified 2024-08-02

KiTTY

KiTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0b24c4cc-635e-5be1-8d3d-cf05d95f5196 which can be used as unique global reference for KiTTY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of KiTTY RMM tool']
installation_paths ['C:\\kitty.exe', '\kitty.exe']
last_modified 2024-08-02

Koofr

Koofr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2a006a75-e736-54a2-a82d-6bad08303bee which can be used as unique global reference for Koofr in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

LabTeach (Connectwise Automate)

LabTeach (Connectwise Automate) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ad893564-6123-5a02-9d98-0cbf14219d3c which can be used as unique global reference for LabTeach (Connectwise Automate) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of LabTeach (Connectwise Automate) RMM tool']
installation_paths ['ltsvc.exe']
last_modified 2024-08-02
supported_os ['Windows']

LabTech RMM (Now ConnectWise Automate)

LabTech RMM (Now ConnectWise Automate) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 05a80ae1-d9eb-5a67-946c-c3b0ed3cf612 which can be used as unique global reference for LabTech RMM (Now ConnectWise Automate) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of LabTech RMM (Now ConnectWise Automate) RMM tool', 'Detects potential processes activity of LabTech RMM (Now ConnectWise Automate) RMM tool']
domains ['connectwise.com']
installation_paths ['ltsvc.exe', 'ltsvcmon.exe', 'lttray.exe']
last_modified 2024-08-02

LANDesk

LANDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID aadc5657-de6f-587b-b1f4-ded30d32b23f which can be used as unique global reference for LANDesk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of LANDesk RMM tool', 'Detects potential processes activity of LANDesk RMM tool']
domains ['.ivanticloud.com', '.ivanti.com', 'ivanti.com']
installation_paths ['issuser.exe', 'landeskagentbootstrap.exe', 'LANDeskPortalManager.exe', 'ldinv32.exe', 'ldsensors.exe', 'C:\Program Files (x86)\LANDesk\', '\LANDesk\', '\issuser.exe', '\softmon.exe', '\tmcsvc.exe']
last_modified 2024-08-02

Laplink Everywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 134ea21c-3dc7-5867-ba8c-69bbc6fb1a9c which can be used as unique global reference for Laplink Everywhere in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Laplink Everywhere RMM tool', 'Detects potential processes activity of Laplink Everywhere RMM tool']
domains ['everywhere.laplink.com', 'le.laplink.com', 'atled.syspectr.com']
installation_paths ['laplink.exe', 'laplink-everywhere-setup*.exe', 'laplinkeverywhere.exe', 'llrcservice.exe', 'serverproxyservice.exe', 'OOSysAgent.exe']
last_modified 2024-08-02

Laplink Gold is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID dce3c283-7cbc-5b34-b35c-5649bc2e24fa which can be used as unique global reference for Laplink Gold in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Laplink Gold RMM tool', 'Detects potential processes activity of Laplink Gold RMM tool']
domains ['user_managed', 'web.laplink.com/product/laplink-gold']
installation_paths ['tsircusr.exe', 'laplink.exe']
last_modified 2024-08-02

Level

Level is a remote monitoring and management (RMM) tool. Threat actors ...

Internal MISP references

UUID 5dd07d4e-b788-50f8-a57c-8506ba5ac260 which can be used as unique global reference for Level in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Christian Henriksen, ITM8
capabilities ['File Transfer', 'File System Access', 'Remote Control', 'Automation & Scripting']
category RMM
created 2024-02-11
detection_descriptions ['Detects potential network activity of Level RMM tool', 'Detects potential files activity of Level RMM tool']
domains ['level.io', 'builds.level.io', 'agents.level.io', 'online.level.io', 'downloads.io']
free Free
installation_paths ['C:\Program Files\Level\*']
last_modified 2024-02-11
ports ['443']
privileges User
supported_os ['Windows']
verification True

Level.io

Level.io is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 4ac3c901-7484-5345-9b2f-10fc29c6f007 which can be used as unique global reference for Level.io in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Level.io RMM tool', 'Detects potential files activity of Level.io RMM tool', 'Detects potential processes activity of Level.io RMM tool']
domains ['level.io', '*.level.io']
installation_paths ['level-windows-amd64.exe', 'level.exe', 'level-remote-control-ffmpeg.exe']
last_modified 2024-08-02
supported_os ['Windows']

Lite Manager

Lite Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID d3cdff16-1dc8-5be1-82f7-30aeca22709f which can be used as unique global reference for Lite Manager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Lite Manager RMM tool']
installation_paths ['C:\Program Files\LiteManager Pro – Viewer\', '\LiteManager Pro – Viewer\', '\LMNoIpServer.exe']
last_modified 2024-08-02

LiteManager

LiteManager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 9dcd9249-e815-5a39-849a-8d7b3d6cb2fd which can be used as unique global reference for LiteManager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of LiteManager RMM tool', 'Detects potential processes activity of LiteManager RMM tool']
domains ['.litemanager.ru', '.litemanager.com', 'litemanager.com']
installation_paths ['lmnoipserver.exe', 'ROMFUSClient.exe', 'romfusclient.exe', 'romviewer.exe', 'romserver.exe', 'ROMServer.exe']
last_modified 2024-08-02

LogMeIn

LogMeIn is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 6b2d7df2-cd31-5f4e-a058-e3982c91e300 which can be used as unique global reference for LogMeIn in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Nasreddine Bencherchali (@nas_bench)']
author Nasreddine Bencherchali
category RMM
created 2024-08-05
detection_descriptions ['DNS Query To Remote Access Software Domain From Non-Browser App', 'Remote Access Tool - LogMeIn Execution', 'Detects potential network activity of LogMeIn RMM tool']
domains ['logmein-gateway.com', '.logmein.com', '.logmein.eu', 'logmeinrescue.com', '*.logmeininc.com']
last_modified 2024-08-05
ports ['443']

LogMeIn rescue

LogMeIn rescue is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 969c0b77-e897-57c0-b843-f9a4ae3b7514 which can be used as unique global reference for LogMeIn rescue in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of LogMeIn rescue RMM tool', 'Detects potential processes activity of LogMeIn rescue RMM tool']
domains ['.logmeinrescue.com', '.logmeinrescue.eu', 'logmeinrescue.com', 'rescue-list.*.logmein-gateway.com', 'rescue-data-cetner.logmein-gateway.com']
installation_paths ['support-logmeinrescue.exe', 'support-logmeinrescue.exe', 'lmi_rescue.exe', 'C:\Users\\AppData\Local\LogMeIn Rescue Applet\LMIR.tmp\lmi_rescue.exe', 'C:\Users\\AppData\Local\LogMeIn Rescue Applet\LMIR*.tmp\lmi_rescue_srv.exe']
last_modified 2024-08-02

Manage Engine (Desktop Central)

Manage Engine (Desktop Central) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID bb3a780b-33f8-5f57-9ec9-4676afee9948 which can be used as unique global reference for Manage Engine (Desktop Central) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Manage Engine (Desktop Central) RMM tool', 'Detects potential processes activity of Manage Engine (Desktop Central) RMM tool']
domains ['desktopcentral.manageengine.com', 'desktopcentral.manageengine.com.eu', 'desktopcentral.manageengine.cn', '.dms.zoho.com', '.dms.zoho.com.eu', '*.-dms.zoho.com.cn']
installation_paths ['dcagentservice.exe', 'dcagentregister.exe']
last_modified 2024-08-02

ManageEngine

ManageEngine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2bd5774a-39c9-50d7-8d68-774830a522c1 which can be used as unique global reference for ManageEngine in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of ManageEngine RMM tool']
installation_paths ['InstallShield Setup.exe', 'ManageEngine_Remote_Access_Plus.exe', '\dcagentservice.exe', 'C:\Program Files (x86)\DesktopCentral_Agent\bin\', '\DesktopCentral_Agent\bin\']
last_modified 2024-08-02

ManageEngine RMM Central

ManageEngine RMM Central is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0dc36480-6084-5131-93e3-7e809b538511 which can be used as unique global reference for ManageEngine RMM Central in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ManageEngine RMM Central RMM tool']
domains ['manageengine.com/remote-monitoring-management/']
last_modified 2024-08-02

ManageEngine ServiceDesk Plus

ManageEngine ServiceDesk Plus is an IT service management (ITSM) and help desk software that includes remote control capabilities for IT support teams. The software provides comprehensive IT service management features including incident management, asset management, and remote desktop support.

Internal MISP references

UUID 071b9537-bd17-570d-84be-3e0bcfa839d6 which can be used as unique global reference for ManageEngine ServiceDesk Plus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['fuzzybug (@fuzzybug)']
author Michael Haag
capabilities ['Remote Control', 'Remote Desktop', 'IT Service Management', 'Incident Management', 'Asset Management', 'Help Desk']
category RMM
created 2026-01-15
domains ['*.manageengine.com', 'manageengine.com']
free Trial Available
installation_paths ['ManageEngine_ServiceDesk_Plus.exe', 'ManageEngine_ServiceDesk_Plus.bin', 'ISBEW64.exe', 'C:\Program Files\ManageEngine\ServiceDesk\', 'C:\Program Files (x86)\ManageEngine\ServiceDesk\']
last_modified 2026-01-15
ports ['443', '8080']
privileges SYSTEM
supported_os ['Windows', 'Linux']
verification Code-signed

MEGAsync

MEGAsync is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 45fcedb3-b15b-5558-947a-32c250363a7e which can be used as unique global reference for MEGAsync in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of MEGAsync RMM tool']
installation_paths ['C:\Users\\AppData\Local\MEGAsync\', 'Users\\AppData\Local\MEGAsync\', 'ProgramData\MEGAsync\', '\MEGAsyncSetup64.exe', '*\MEGAupdater.exe']
last_modified 2024-08-02

MeshCentral

MeshCentral is a remote monitoring and management (RMM) tool. MeshAgent used along with MeshCentral to remotely manage computers. MeshAgent can execute commands on the target host by leveraging win-console to obscure their activities and win-dispatcher to run malicious code through IPC with child processes.

Internal MISP references

UUID f5f58e6c-50b6-5f59-994e-ce4360b4f026 which can be used as unique global reference for MeshCentral in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Kostas (@kostastsale)']
author @kostastsale
capabilities ['Remote Desktop & Terminal', 'Remote File Access', 'Text and Voice Chat', 'Server File Storage', 'Real-time User interface', 'Port Forwarding']
category RMM
created 2024-09-20
detection_descriptions ['Detects MeshAgent Command Execution via MeshCentral', 'Detects potential network activity of MeshCentral RMM tool', 'Detects potential files activity of MeshCentral RMM tool', 'Detects potential processes activity of MeshCentral RMM tool']
domains ['user_managed', 'meshcentral.com']
free Yes
installation_paths ['meshcentral.exe', 'meshagent.exe', '/usr/local/mesh_services/meshagent/meshagent/', '/usr/local/mesh_services/meshagent/']
last_modified 2024-09-20
privileges SYSTEM
supported_os ['Windows', 'Linux', 'MacOS', 'FreeBSD']
verification N/A

Microsoft Quick Assist

Microsoft Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID c0d0252c-db11-52ee-acd3-978be6238b2e which can be used as unique global reference for Microsoft Quick Assist in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Microsoft Quick Assist RMM tool', 'Detects potential processes activity of Microsoft Quick Assist RMM tool']
domains ['user_managed', '*.support.services.microsoft.com']
installation_paths ['quickassist.exe']
last_modified 2024-08-02

Microsoft RDP

Microsoft RDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 6945ab26-980d-5173-97d8-63d2216f60e0 which can be used as unique global reference for Microsoft RDP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Microsoft RDP RMM tool']
installation_paths ['termsrv.exe', 'mstsc.exe', 'Microsoft Remote Desktop']
last_modified 2024-08-02
supported_os ['Windows']

Microsoft TSC

Microsoft TSC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 8d059ce1-ab05-503d-98da-37dee95e87cd which can be used as unique global reference for Microsoft TSC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Microsoft TSC RMM tool']
installation_paths ['termsrv.exe', 'mstsc.exe']
last_modified 2024-08-02

Mikogo

Mikogo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 17d0db2d-fc87-5ea7-85a4-ffa8341cb49e which can be used as unique global reference for Mikogo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Mikogo RMM tool', 'Detects potential processes activity of Mikogo RMM tool']
domains ['.real-time-collaboration.com', '.mikogo4.com', '*.mikogo.com', 'mikogo.com']
installation_paths ['mikogo.exe', 'mikogo-starter.exe', 'mikogo-service.exe', 'mikogolauncher.exe', 'C:\Users\\AppData\Roaming\Mikogo\', 'Users\\AppData\Roaming\Mikogo\', '\Mikogo-Service.exe', '*\Mikogo-Screen-Service.exe']
last_modified 2024-08-02

MioNet (Also known as WD Anywhere Access)

MioNet (Also known as WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 76ac9781-45d9-564b-b2fc-1127b113144b which can be used as unique global reference for MioNet (Also known as WD Anywhere Access) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of MioNet (Also known as WD Anywhere Access) RMM tool']
installation_paths ['mionet.exe', 'mionetmanager.exe']
last_modified 2024-08-02

MioNet (WD Anywhere Access)

MioNet (WD Anywhere Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 56033c8d-012f-5d8f-90a4-a92028b75a19 which can be used as unique global reference for MioNet (WD Anywhere Access) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of MioNet (WD Anywhere Access) RMM tool']
installation_paths ['mionet.exe', 'mionetmanager.exe']
last_modified 2024-08-02

Miradore

Miradore is a mobile device management (MDM) and remote monitoring and management (RMM) tool founded in 2006 as a Finnish software company. In 2022, Miradore was acquired by GoTo and is now part of the LogMeIn portfolio of IT solutions. The tool is trusted by over 2,700 customers in more than 100 countries, managing over 900,000 devices globally. Miradore has been observed being used in cyber incidents, including phishing campaigns where the installer was renamed and delivered to establish unauthorized remote access.

Internal MISP references

UUID 772d9e48-34c2-5a0b-b133-b803876c240b which can be used as unique global reference for Miradore in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Squiblydoo (@Squiblydoo)']
author Michael Haag
capabilities ['Remote Control', 'Remote Access', 'Device Management', 'Software Deployment', 'Patch Management', 'Inventory Management', 'Mobile Device Management']
category RMM
created 2026-01-15
domains ['gateway.miradore.com', '*.miradore.com', 'miradore.com', 'gerwconline.blob.core.windows.net']
free Free tier available
installation_paths ['C:\Program Files\Miradore\OnlineClient\bin\', '\Miradore\*']
last_modified 2026-01-15
ports ['443']
privileges SYSTEM
supported_os ['Windows', 'Mac', 'Linux', 'iOS', 'Android']
verification Code-signed by Sectigo

MobaXterm

MobaXterm is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7ae55da1-a7b1-5790-92de-0d1777f22f16 which can be used as unique global reference for MobaXterm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
installation_paths ['C:\\MobaXterm_installer_12.1.msi', '\MobaXterm_installer_.msi', '\Mobatek\MobaXterm\*']
last_modified 2024-08-02

Mocha VNC Lite

Mocha VNC Lite is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 31062b59-efdb-54c4-b263-609213544ebd which can be used as unique global reference for Mocha VNC Lite in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
category RAT
created 2024-08-02
installation_paths ['This installs a modified VNC and cannot be blocked by path separate from VNC', '\RealVNC\VNC4\']
last_modified 2024-08-02

Mouse Without Borders

Mouse Without Borders is a Microsoft Garage utility that lets you control up to four Windows computers with a single keyboard and mouse, with clipboard sharing and simple drag-and-drop file transfers.

Internal MISP references

UUID 630850be-05fd-56f7-b675-07b2698a0fe5 which can be used as unique global reference for Mouse Without Borders in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Michael Haag']
author Microsoft
capabilities ['Multi-computer input sharing', 'Clipboard sharing', 'Drag-and-drop file transfer (up to 100 MB)', 'Optional service for elevated app control']
category RAT
created 2011-09-12
detection_descriptions ['Detects potential files activity of Mouse Without Borders RMM tool']
free true
installation_paths ['C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\*']
last_modified 2011-09-12
ports ['15100/tcp', '15101/tcp']
privileges User; optional Service Mode for elevated apps
supported_os ['Windows']
verification true

mRemoteNG

mRemoteNG is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID a5789b69-b43b-5457-8455-c558c7657340 which can be used as unique global reference for mRemoteNG in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of mRemoteNG RMM tool', 'Detects potential files activity of mRemoteNG RMM tool', 'Detects potential processes activity of mRemoteNG RMM tool']
domains ['user_managed', 'mremoteng.org']
installation_paths ['mRemoteNG.exe', 'C:\Program Files (x86)\mRemoteNG\', '\mRemoteNG\', '\mRemoteNG.exe', 'c:\Program Files (x86)%\mRemoteNG', '%\mRemoteNG', 'mRemoteNG-Installer-.msi']
last_modified 2024-08-02

MSP360

MSP360 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 32fb71f2-5e10-57ba-a46f-725b82b4c819 which can be used as unique global reference for MSP360 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of MSP360 RMM tool', 'Detects potential processes activity of MSP360 RMM tool']
domains ['.cloudberrylab.com', '.msp360.com', '*.mspbackups.com', 'msp360.com']
installation_paths ['Online Backup.exe', 'CBBackupPlan.exe', 'Cloud.Backup.Scheduler.exe', 'Cloud.Backup.RM.Service.exe', 'cbb.exe', 'CloudRaService.exe', 'CloudRaSd.exe', 'CloudRaCmd.exe', 'CloudRaUtilities.exe', 'Remote Desktop.exe', 'Connect.exe']
last_modified 2024-08-02

mstsc

mstsc is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 946f8848-6a21-5599-b820-750954e22914 which can be used as unique global reference for mstsc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of mstsc RMM tool']
installation_paths ['C:\Windows\System32\mstsc.exe', '*Windows\System32\mstsc.exe']
last_modified 2024-08-02

MultCloud

MultCloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 82ec7e81-257b-5c3c-8ff6-337b958127db which can be used as unique global reference for MultCloud in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
installation_paths ['requires sign up']
last_modified 2024-08-02

MyGreenPC

MyGreenPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 5df9044a-5ca9-5ce3-aaca-159b8242e9fd which can be used as unique global reference for MyGreenPC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of MyGreenPC RMM tool', 'Detects potential processes activity of MyGreenPC RMM tool']
domains ['*mygreenpc.com']
installation_paths ['mygreenpc.exe']
last_modified 2024-08-02

MyIVO

MyIVO is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 50a2054f-e146-5709-a9a1-1563f45ae9d2 which can be used as unique global reference for MyIVO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of MyIVO RMM tool', 'Detects potential processes activity of MyIVO RMM tool']
domains ['myivo-server.software.informer.com']
installation_paths ['myivomgr.exe', 'myivomanager.exe']
last_modified 2024-08-02

N-Able Advanced Monitoring Agent

N-Able Advanced Monitoring Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 5d737702-8d5f-5227-8190-804e376af333 which can be used as unique global reference for N-Able Advanced Monitoring Agent in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of N-Able Advanced Monitoring Agent RMM tool', 'Detects potential processes activity of N-Able Advanced Monitoring Agent RMM tool']
domains ['remote.management', '.logicnow.com', 'systemmonitor.us', 'systemmonitor.eu.com', 'system-monitor.com', 'systemmonitor.us.cdn.cloudflare.net', 'cloudbackup.management', 'systemmonitor.co.uk', '.n-able.com', '.beanywhere.com', '.swi-tc.com']
installation_paths ['Agent_*_RW.exe', 'BASEClient.exe', 'BASupApp.exe', 'BASupSrvc.exe', 'BASupSrvcCnfg.exe', 'BASupTSHelper.exe']
last_modified 2024-08-02

N-ABLE Remote Access Software

N-ABLE Remote Access Software is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e3acba8e-730e-5b6a-b9f1-f38b910ddcb9 which can be used as unique global reference for N-ABLE Remote Access Software in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of N-ABLE Remote Access Software RMM tool']
domains ['n-able.com']
last_modified 2024-08-02

Naverisk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 72321069-b031-5c93-a9b7-74b4e5821b2c which can be used as unique global reference for Naverisk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Naverisk RMM tool', 'Detects potential processes activity of Naverisk RMM tool']
domains ['user_managed', 'naverisk.com']
installation_paths ['AgentSetup-*.exe']
last_modified 2024-08-02

Net Monitor for Employees

Net Monitor for Employees Professional is a commercial workforce monitoring tool developed by NetworkLookout. Marketed for employee productivity tracking, the software provides capabilities that extend well beyond passive screen monitoring, including reverse shell connections, remote desktop control, file management, and the ability to customize service and process names during installation. These features, while designed for legitimate administrative use, make it an attractive tool for threat actors seeking to blend into enterprise environments without deploying traditional malware.

Internal MISP references

UUID 4aa83310-c8f0-53b2-82f9-2d5da2e569e8 which can be used as unique global reference for Net Monitor for Employees in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Daniel Koifman (@KoifSec)']
author Daniel Koifman (KoifSec)
capabilities ['Remote Desktop Access', 'Screen Management', 'Remote Shell', 'Connection Management']
category RMM
created 2026-02-12
detection_descriptions ['Detects process activity of Network Monitor for Employees']
free true
installation_paths ['C:\Program Files (x86)\Net Monitor for Employees Pro\', 'C:\Program Files\Net Monitor for Employees Pro\', 'nmep_agtconfig.exe', 'nmep_ctrlagent.exe', 'nmep_ctrlagentsvc.exe', 'winpty-agent.exe', 'winpty-agent64.exe']
last_modified 2026-02-12
privileges User
supported_os ['Windows', 'MacOS', 'Linux']
verification true

NetBird

NetBird is an open-source VPN and remote access platform that provides secure peer-to-peer connectivity. It has been observed being leveraged in spear phishing campaigns across Europe, Africa, Canada, the Middle East, and South Asia, targeting financial executives and CFOs. The tool was deployed as part of multi-stage phishing attacks by threat actors including APT MuddyWater.

Internal MISP references

UUID e4ce3f9d-471e-5bb1-90a8-e91fc34c1c0e which can be used as unique global reference for NetBird in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['jacobholtz (@jacobholtz)', 'ruppde (@ruppde)']
author Michael Haag
capabilities ['Remote Access', 'VPN Connectivity', 'Peer-to-Peer Networking', 'Secure Tunneling', 'Network Management']
category RAT
created 2026-01-15
domains ['netbird.io', '*.netbird.io', 'api.netbird.io', 'signal.netbird.io']
free Yes (Open Source)
installation_paths ['C:\Program Files\Netbird\netbird.exe', 'C:\Program Files\Netbird\netbird-ui.exe', 'C:\ProgramData\Netbird\', '/usr/bin/netbird', '/usr/local/bin/netbird', '/opt/netbird/', 'netbird.exe', 'netbird-ui.exe', 'netbird']
last_modified 2026-01-15
ports ['443', '51820']
privileges User
supported_os ['Windows', 'Linux', 'macOS', 'Android', 'iOS']
verification Open Source

NetLock RMM

NetLock RMM is an open source Remote Management and Monitoring tool with a paid support and cloud offering.

Internal MISP references

UUID 2fb717b0-321a-5591-8a9a-72bdd246422d which can be used as unique global reference for NetLock RMM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Tyler Schultz (@shockwave_ts)']
author Tyler Schultz
category RMM
created 2025-07-18
detection_descriptions ['Detects potential files activity of NetLock RMM RMM tool', 'Detects potential processes activity of NetLock RMM RMM tool']
installation_paths ['NetLock_RMM_Agent_Installer.exe', 'NetLock_RMM_Agent_Installer', '/var/0x101_Cyber_Security/', '/Library/Application Support/0x101_Cyber_Security/', '/usr/local/bin/0x101_Cyber_Security/Netlock_RMM/', '/usr/0x101_Cyber_Security/Netlock_RMM/', 'C:\ProgramData\0x101 Cyber Security\NetLock RMM\Comm Agent\*', 'C:\Program Files\0x101 Cyber Security\NetLock RMM\UserAgent\NetLock_RMM_User_Process.exe', 'C:\Program Files\0x101 Cyber Security\NetLock RMM\UserAgent\NetLock_RMM_User_UAC.exe']
last_modified 2025-07-18
supported_os ['Windows', 'Linux', 'MacOS']

Netop

Netop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID d1f8e51e-6393-5576-a12b-84520d900774 which can be used as unique global reference for Netop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
installation_paths ['C:\Program Files\Danware Data\NetOp Packn Deploy\', '\Danware Data\NetOp Packn Deploy\', '\Netop Remote Control\*']
last_modified 2024-08-02
supported_os ['Windows']

Netop Remote Control (aka Impero Connect)

Netop Remote Control (aka Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 490b610b-ac81-5a29-9ce3-b129119615e4 which can be used as unique global reference for Netop Remote Control (aka Impero Connect) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Netop Remote Control (aka Impero Connect) RMM tool', 'Detects potential processes activity of Netop Remote Control (aka Impero Connect) RMM tool']
domains ['imperosoftware.com/impero-connect/']
installation_paths ['nhostsvc.exe', 'nhstw32.exe', 'nldrw32.exe', 'rmserverconsolemediator.exe']
last_modified 2024-08-02

Netop Remote Control (Impero Connect)

Netop Remote Control (Impero Connect) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID b771f5f3-55fb-52fe-bcde-662b07a6feea which can be used as unique global reference for Netop Remote Control (Impero Connect) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Netop Remote Control (Impero Connect) RMM tool', 'Detects potential processes activity of Netop Remote Control (Impero Connect) RMM tool']
domains ['.connect.backdrop.cloud', '.netop.com']
installation_paths ['nhostsvc.exe', 'nhstw32.exe', 'ngstw32.exe', 'Netop Ondemand.exe', 'nldrw32.exe', 'rmserverconsolemediator.exe', 'ImperoInit.exe', 'Connect.Backdrop.cloud*.exe', 'ImperoClientSVC.exe']
last_modified 2024-08-02

Netreo

Netreo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 932c3b4b-6d5d-5da4-a35f-5bd5e8f5b2bc which can be used as unique global reference for Netreo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Netreo RMM tool']
domains ['charon.netreo.net', 'activation.netreo.net', '*.api.netreo.com', 'netreo.com']
last_modified 2024-08-02

NetSupport Manager

NetSupport Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 5d21c239-3e5f-5051-980a-04d7034701c8 which can be used as unique global reference for NetSupport Manager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of NetSupport Manager RMM tool', 'Detects potential processes activity of NetSupport Manager RMM tool']
domains ['*.netsupportmanager.com', 'netsupportmanager.com']
installation_paths ['pcictlui.exe', 'pcicfgui.exe', 'client32.exe']
last_modified 2024-08-02

Neturo

Neturo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID dd91e240-760f-5b01-bebf-fbd651c3fedb which can be used as unique global reference for Neturo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Neturo RMM tool', 'Detects potential processes activity of Neturo RMM tool']
domains ['neturo.uplus.co.kr']
installation_paths ['neturo*.exe', 'ntrntservice.exe', 'neturo.exe']
last_modified 2024-08-02
supported_os ['Windows']

Netviewer

Netviewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID bd65876b-28bc-507d-9446-7daef812d23e which can be used as unique global reference for Netviewer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Netviewer RMM tool', 'Detects potential processes activity of Netviewer RMM tool']
domains ['download.cnet.com/Net-Viewer/3000-2370_4-10034828.html']
installation_paths ['netviewer*.exe', 'netviewer.exe']
last_modified 2024-08-02

Netviewer (GoToMeet)

Netviewer (GoToMeet) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 202a6812-b187-5c87-a6d7-ea30f3bac6f5 which can be used as unique global reference for Netviewer (GoToMeet) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Netviewer (GoToMeet) RMM tool']
installation_paths ['nvClient.exe', 'netviewer.exe']
last_modified 2024-08-02

ngrok

ngrok is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e998dd65-c920-5bd9-9288-ec86b4785cb2 which can be used as unique global reference for ngrok in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Jose Hernandez
category RAT
created 2024-07-19
detection_descriptions ['Detects potential network activity of ngrok RMM tool', 'Detects potential processes activity of ngrok RMM tool']
domains ['connect.ngrok-agent.com', 'connect.us.ngrok-agent.com', 'connect.eu.ngrok-agent.com', 'connect.ap.ngrok-agent.com', 'connect.au.ngrok-agent.com', 'connect.sa.ngrok-agent.com', 'connect.jp.ngrok-agent.com', 'connect.in.ngrok-agent.com', 'ngrok.com']
installation_paths ['ngrok.exe', 'C:\\ngrok.zip', '\ngrok*']
last_modified 2024-07-19

NinjaOne (formerly NinjaRMM)

NinjaOne (formerly NinjaRMM) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0c8a30b5-acac-50c9-96c0-e1116f02d653 which can be used as unique global reference for NinjaOne (formerly NinjaRMM) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
installation_paths ['ProgramData\NinjaRMMAgent\']
last_modified 2024-08-02

NinjaRMM

NinjaRMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 28fbed7a-82d4-524c-9f1a-ffd36a7e751c which can be used as unique global reference for NinjaRMM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of NinjaRMM RMM tool', 'Detects potential processes activity of NinjaRMM RMM tool']
domains ['.ninjarmm.com', '.ninjaone.com', 'resources.ninjarmm.com', 'ninjaone.com', 'ninjarmm.net', '.ninjarmm.net', 'rmmservice.eu', '.rmmservice.eu', 'rmmservice.com.au', '.rmmservice.com.au', 'rmmservice.ca', '.rmmservice.ca', 'ninja-backup.com', '*.ninja-backup.com']
installation_paths ['NinjaRMMAgent.exe', 'NinjaRMMAgentPatcher.exe', 'ninjarmm-cli.exe']
last_modified 2026-01-27

NoMachine

NoMachine is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID c091f01b-af6e-5edf-a14c-3c4c4b16cce6 which can be used as unique global reference for NoMachine in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of NoMachine RMM tool', 'Detects potential processes activity of NoMachine RMM tool']
domains ['user_managed', 'nomachine.com']
installation_paths ['nomachine.exe', 'nxservice.ese', 'nxd.exe']
last_modified 2024-08-02

NordLocker

NordLocker is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 80c761d5-6659-565c-9189-fcd634f678d2 which can be used as unique global reference for NordLocker in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

NoteOn-desktop sharing

NoteOn-desktop sharing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID d259d019-24f7-5d06-8cfb-b9b67790eae1 which can be used as unique global reference for NoteOn-desktop sharing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of NoteOn-desktop sharing RMM tool']
installation_paths ['nateon*.exe', 'nateon.exe', 'nateonmain.exe']
last_modified 2024-08-02

NTR Remote

NTR Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID f5face6e-c1c6-57e7-96db-8ec5389d1fcf which can be used as unique global reference for NTR Remote in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of NTR Remote RMM tool', 'Detects potential processes activity of NTR Remote RMM tool']
domains ['*.ntrsupport.com']
installation_paths ['NTRsupportPro_EN.exe']
last_modified 2024-08-02
supported_os ['Windows']

NVDA (Non-Visual Desktop Access)

NVDA (Non-Visual Desktop Access) is a free, open-source screen reader that allows blind and vision impaired people to access and interact with the Windows operating system and many third party applications. Recent versions include a "Remote Access" feature that enables remote support and assistance capabilities.

Internal MISP references

UUID fbc5195e-9eec-58cd-b925-ba5240d02262 which can be used as unique global reference for NVDA (Non-Visual Desktop Access) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['59e5aaf4 (@59e5aaf4)']
author Michael Haag
capabilities ['Screen Reading', 'Remote Access', 'Remote Support', 'Accessibility Features']
category RMM
created 2026-01-15
domains ['nvaccess.org', '*.nvaccess.org']
free true
installation_paths ['C:\Program Files (x86)\NVDA\nvda.exe', 'C:\Program Files\NVDA\nvda.exe', 'C:\Users\\AppData\Roaming\nvda\', 'C:\Users\\AppData\Local\Temp\nvda_\', 'nvda.exe', 'nvda_service.exe', 'nvda_.exe']
last_modified 2026-01-15
ports ['443']
privileges User
supported_os ['Windows']
verification Open Source

OCS inventory

OCS inventory is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0c34653b-450d-54bd-aa47-d8da29be5985 which can be used as unique global reference for OCS inventory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of OCS inventory RMM tool', 'Detects potential processes activity of OCS inventory RMM tool']
domains ['user_managed', 'ocsinventory-ng.org']
installation_paths ['ocsinventory.exe', 'ocsservice.exe']
last_modified 2024-08-02

Onionshare

Onionshare is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 1b9fc7de-53e0-5e3e-a822-0513a50a5d8f which can be used as unique global reference for Onionshare in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Onionshare RMM tool']
installation_paths ['C:\Program Files (x86)\OnionShare\', '\OnionShare\', '\onionshare.exe', 'OnionShare-win.msi']
last_modified 2024-08-02

OptiTune

OptiTune is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 6bdb9cc1-b537-5970-933d-52e35d2581f4 which can be used as unique global reference for OptiTune in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of OptiTune RMM tool', 'Detects potential processes activity of OptiTune RMM tool']
domains ['.optitune.us', '.opti-tune.com']
installation_paths ['OTService.exe', 'OTPowerShell.exe']
last_modified 2024-08-02

Pandora RC (eHorus)

Pandora RC (eHorus) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 6abdba45-8626-5d8a-9d1a-6ff8b43c9bcd which can be used as unique global reference for Pandora RC (eHorus) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Pandora RC (eHorus) RMM tool', 'Detects potential processes activity of Pandora RC (eHorus) RMM tool']
domains ['portal.ehorus.com']
installation_paths ['ehorus standalone.exe', 'ehorus_agent.exe']
last_modified 2024-08-02

Panorama9

Panorama9 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 8a923ca3-804a-5bb5-bd4c-5b161135ce41 which can be used as unique global reference for Panorama9 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Panorama9 RMM tool', 'Detects potential processes activity of Panorama9 RMM tool']
domains ['trusted.panorama9.com', 'changes.panorama9.com', 'panorama9.com']
installation_paths ['p9agent*.exe']
last_modified 2024-08-02

Parallels Access

Parallels Access is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ec3bd8d5-52f1-5def-a0da-df38a16919bb which can be used as unique global reference for Parallels Access in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Parallels Access RMM tool', 'Detects potential processes activity of Parallels Access RMM tool']
domains ['*.parallels.com', 'parallels.com/products/ras/try']
installation_paths ['parallelsaccess-*.exe', 'TSClient.exe', 'prl_deskctl_agent.exe', 'prl_deskctl_wizard.exe', 'prl_pm_service.exe']
last_modified 2024-08-02

Parsec

Parsec is a remote desktop streaming tool for remote access and monitoring, mainly used for gaming and collaboration.

Remote desktop reimagined – a seamless 4k experience at up to 60 frames per second with near-zero latency. Secure, flexible, effortless access to whatever you do, at any time, from wherever you go.

Parsec focuses on real-time graphical interaction rather than system administration but can still be abused for lateral movement and initial access.

Internal MISP references

UUID a0167757-cb0f-5fa3-a26e-a87361ea524d which can be used as unique global reference for Parsec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Luca Di Bartolomeo (@LucaInfoSec)', 'Matt Green (@mgreen27)']
author Luca Di Bartolomeo & Matt Green
capabilities ['Remote Control', 'GUI Support']
category RAT
created 2025-03-16
detection_descriptions ['Detects potential network activity of Parsec RMM tool', 'Detects potential files activity of Parsec RMM tool', 'Detects potential processes activity of Parsec RMM tool']
domains ['parsec.app', 'parsec.gg', '*.parsec.app']
free true
installation_paths ['C:\Program Files\Parsec\*', 'parsecd.exe', 'pservice.exe']
last_modified 2025-03-16
ports ['443', '3478']
privileges Current User
supported_os ['Windows', 'Linux', 'macOS', 'Android']
verification false

pcAnywhere

pcAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 467936a0-5223-5f8f-8ac5-9fa17ab4ce25 which can be used as unique global reference for pcAnywhere in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of pcAnywhere RMM tool', 'Detects potential processes activity of pcAnywhere RMM tool']
domains ['user_managed']
installation_paths ['awhost32.exe', 'awrem32.exe', 'pcaquickconnect.exe', 'winaw32.exe']
last_modified 2024-08-02

PChelpware

PChelpware (also known as PCHelpWare) is a free and open-source remote support and remote desktop software developed by the UltraVNC team. Built on VNC technology and following the RFB protocol, PChelpware is designed specifically for remote technical support scenarios, virtual training, and helpdesk operations.

Internal MISP references

UUID 342595ff-c9c4-5c4c-affa-3be120a8cf3e which can be used as unique global reference for PChelpware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Daniel Koifman (KoifSec)
capabilities ['Remote Desktop Control', 'Remote Support', 'Screen Sharing', 'File Transfer']
category RMM
created 2025-11-12
detection_descriptions ['Splunk SPL query detecting PChelpware activity through Sysmon EventCode 1 (process creation).']
free true
installation_paths ['*\PcHelpWare_viewer.exe']
last_modified 2025-11-12
privileges User
supported_os ['Windows']
verification true

Pcnow

Pcnow is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID a77dc763-e2cc-5f54-88a5-19a1e524927c which can be used as unique global reference for Pcnow in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Pcnow RMM tool', 'Detects potential processes activity of Pcnow RMM tool']
domains ['au.pcmag.com/utilities/21470/webex-pcnow']
installation_paths ['mwcliun.exe', 'pcnmgr.exe', 'webexpcnow.exe']
last_modified 2024-08-02

Pcvisit

Pcvisit is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e56fafd6-d9c3-55fa-aadd-0fce2f6d80e0 which can be used as unique global reference for Pcvisit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Pcvisit RMM tool', 'Detects potential processes activity of Pcvisit RMM tool']
domains ['*.pcvisit.de', 'pcvisit.de']
installation_paths ['pcvisit.exe', 'pcvisit_client.exe', 'pcvisit-easysupport.exe', 'pcvisit_service_client.exe']
last_modified 2024-08-02

PDQ Connect

PDQ Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 52788544-2fa7-5fbd-aebc-9f75852a3d0f which can be used as unique global reference for PDQ Connect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of PDQ Connect RMM tool', 'Detects potential files activity of PDQ Connect RMM tool', 'Detects potential processes activity of PDQ Connect RMM tool']
domains ['app.pdq.com', 'cfcdn.pdq.com', 'pdqinstallers.*.r2.cloudflarestorage.com']
installation_paths ['pdq-connect.exe', 'PDQConnectUpdater-.msi']
last_modified 2024-08-02

Pilixo

Pilixo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 639a8fd8-b3cc-5603-9654-453fc8ff071a which can be used as unique global reference for Pilixo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Pilixo RMM tool', 'Detects potential processes activity of Pilixo RMM tool']
domains ['pilixo.com', 'download.pilixo.com', '*.pilixo.com']
installation_paths ['rdp.exe', 'Pilixo_Installer*.exe']
last_modified 2024-08-02

Pocket Cloud (Wyse)

Pocket Cloud (Wyse) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 5c83f6d6-80f0-5a45-a20c-2b4f774c7ec3 which can be used as unique global reference for Pocket Cloud (Wyse) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Pocket Cloud (Wyse) RMM tool']
installation_paths ['pocketcloud*.exe', 'pocketcloudservice.exe']
last_modified 2024-08-02

Pocket Controller

Pocket Controller is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID f0dbd250-b61b-5ff0-8400-1eb9e37b946d which can be used as unique global reference for Pocket Controller in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Pocket Controller RMM tool', 'Detects potential processes activity of Pocket Controller RMM tool']
domains ['soti.net/products/soti-pocket-controller']
installation_paths ['pocketcontroller.exe', 'pocketcloudservice.exe', 'wysebrowser.exe']
last_modified 2024-08-02
supported_os ['Windows']

Pocket Controller (Soti Xsight)

Pocket Controller (Soti Xsight) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 5e6595a2-8366-52b5-b568-4954f02f0c7c which can be used as unique global reference for Pocket Controller (Soti Xsight) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Pocket Controller (Soti Xsight) RMM tool', 'Detects potential processes activity of Pocket Controller (Soti Xsight) RMM tool']
domains ['*soti.net']
installation_paths ['pocketcontroller.exe', 'wysebrowser.exe', 'XSightService.exe']
last_modified 2024-08-02
supported_os ['Windows']

PSEXEC

PSEXEC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2a36d988-a618-59a6-98b9-7fe528de66c2 which can be used as unique global reference for PSEXEC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of PSEXEC RMM tool', 'Detects potential processes activity of PSEXEC RMM tool']
domains ['user_managed']
installation_paths ['psexec.exe', 'psexecsvc.exe']
last_modified 2024-08-02

PSEXEC (Clone)

PSEXEC (Clone) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 9f87c0b9-3ad0-5f4d-8fc1-9cb720b6ac36 which can be used as unique global reference for PSEXEC (Clone) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of PSEXEC (Clone) RMM tool', 'Detects potential processes activity of PSEXEC (Clone) RMM tool']
domains ['user_managed']
installation_paths ['paexec.exe', 'PAExec-*.exe', 'csexec.exe', 'remcom.exe', 'remcomsvc.exe', 'xcmd.exe', 'xcmdsvc.exe']
last_modified 2024-08-02

Pulseway

Pulseway is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 20f7e6a0-aa46-5455-a34c-54f91a09536b which can be used as unique global reference for Pulseway in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Pulseway RMM tool', 'Detects potential processes activity of Pulseway RMM tool']
domains ['pulseway.com']
installation_paths ['PCMonitorManager.exe', 'pcmonitorsrv.exe']
last_modified 2024-08-02

PuTTY

PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 36e6844e-094c-5a34-a01a-a44c6d36ace6 which can be used as unique global reference for PuTTY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of PuTTY RMM tool']
installation_paths ['*\putty.exe']
last_modified 2024-08-02

PuTTY Tray

PuTTY Tray is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 3535c08b-cc4c-52bd-a54a-5a847c552d9c which can be used as unique global reference for PuTTY Tray in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of PuTTY Tray RMM tool']
installation_paths ['C:\\puttytray.exe', '\puttytray.exe']
last_modified 2024-08-02

QQ IM-remote assistance

QQ IM-remote assistance is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 442d3038-0ad3-545f-b20a-a6b93d6ed1ed which can be used as unique global reference for QQ IM-remote assistance in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of QQ IM-remote assistance RMM tool', 'Detects potential processes activity of QQ IM-remote assistance RMM tool']
domains ['.mdt.qq.com', '.desktop.qq.com', 'upload_data.qq.com', 'qq-messenger.en.softonic.com']
installation_paths ['qq.exe', 'QQProtect.exe', 'qqpcmgr.exe']
last_modified 2024-08-02

Quest KACE Agent (formerly Dell KACE)

Quest KACE Agent (formerly Dell KACE) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 749fc680-8b6e-53f9-b656-86dba4165f52 which can be used as unique global reference for Quest KACE Agent (formerly Dell KACE) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Quest KACE Agent (formerly Dell KACE) RMM tool', 'Detects potential processes activity of Quest KACE Agent (formerly Dell KACE) RMM tool']
domains ['*.kace.com', 'www.quest.com/kace/']
installation_paths ['konea.exe']
last_modified 2024-08-02

Quick Assist

Quick Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7146b3d8-cd1b-519a-b4d9-a98919c19af2 which can be used as unique global reference for Quick Assist in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['bittib010 (@bittib010)']
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Quick Assist RMM tool', 'Detects potential processes activity of Quick Assist RMM tool']
domains ['*.support.services.microsoft.com']
installation_paths ['quickassist.exe']
last_modified 2024-08-02

RAdmin

RAdmin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ab92e20d-84b1-5f3f-b313-4cbf1da06950 which can be used as unique global reference for RAdmin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Nasreddine Bencherchali (@nas_bench)']
author Nasreddine Bencherchali
category RMM
created 2024-08-05
detection_descriptions ['PUA - Radmin Viewer Utility Execution', 'Enumeration for 3rd Party Creds From CLI', 'Detects potential registry activity of RAdmin RMM tool', 'Detects potential network activity of RAdmin RMM tool', 'Detects potential files activity of RAdmin RMM tool', 'Detects potential processes activity of RAdmin RMM tool']
domains ['radmin.com']
installation_paths ['C:\Program Files (x86)\Radmin Viewer 3\Radmin.exe', 'C:\Windows\SysWOW64\rserver30\rserver3.exe', 'C:\Windows\SysWOW64\rserver30\FamItrfc', 'C:\Windows\SysWOW64\rserver30\FamItrf2']
last_modified 2024-08-05
ports ['443']
supported_os ['Windows']

Rapid7

Rapid7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 6792166e-7222-52b8-bcea-55eaefbd7e6e which can be used as unique global reference for Rapid7 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Rapid7 RMM tool', 'Detects potential processes activity of Rapid7 RMM tool']
domains ['.analytics.insight.rapid7.com', '.endpoint.ingress.rapid7.com']
installation_paths ['ir_agent.exe', 'rapid7_agent_core.exe', 'rapid7_endpoint_broker.exe']
last_modified 2024-08-02

RdClient

RdClient is a slim remote desktop client for the protocols RDP, VNC and Hyper-V. It manages remote desktops in a tree view similar to the Windows Explorer.

Internal MISP references

UUID 60d0f8fa-e41e-5c97-aa89-b59c5b44721a which can be used as unique global reference for RdClient in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Daniel Koifman (@KoifSec)']
author Daniel Koifman (KoifSec)
capabilities ['Remote Desktop Access', 'Multiple Protocol Support', 'Connection Management']
category RAT
created 2025-11-12
detection_descriptions ['QRadar AQL query detecting RdClient activity through process creation (EventID 4688) for rdclient.exe and supporttool.exe, and registry modifications (EventID 4657) to SOFTWARE\RdClient registry path']
free true
installation_paths ['C:\Program Files (x86)\RdClient\', 'C:\Program Files\RdClient\', 'rdclient.exe', 'RdClientInstaller.exe', 'SupportTool.exe']
last_modified 2025-11-12
privileges User
supported_os ['Windows']
verification true

RDCMan

Remote Desktop Connection Manager (RDCMan) is a free Microsoft tool developed by Julian Burger for managing multiple remote desktop connections from a single interface. Part of the Sysinternals suite, RDCMan enables IT administrators, system administrators, server lab managers, developers, and testers to organize, group, and control numerous RDP sessions efficiently.

Internal MISP references

UUID 63864f34-42e3-5fa1-be00-f48b93f35dc3 which can be used as unique global reference for RDCMan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Daniel Koifman (KoifSec)
capabilities ['Remote Desktop Management', 'Multiple RDP Sessions']
category RAT
created 2025-11-12
detection_descriptions ['KQL query for detecting RDCMan activity in Microsoft Sentinel']
free true
installation_paths ['\RDCMan.exe', '\RDCMan-x86.exe']
last_modified 2025-11-12
privileges User
supported_os ['Windows']
verification true

rdp2tcp

rdp2tcp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 800e7d1d-0e7c-59f8-b8fb-2cc6adc897e4 which can be used as unique global reference for rdp2tcp in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of rdp2tcp RMM tool', 'Detects potential processes activity of rdp2tcp RMM tool']
domains ['user_managed', 'github.com/V-E-O/rdp2tcp']
installation_paths ['tdp2tcp.exe', 'rdp2tcp.py']
last_modified 2024-08-02
supported_os ['Windows']

RDPView

RDPView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e779527c-209e-556b-9a7e-7ba643659a6a which can be used as unique global reference for RDPView in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of RDPView RMM tool', 'Detects potential processes activity of RDPView RMM tool']
domains ['user_managed', 'systemmanager.ru/dntu.en/rdp_view.htm']
installation_paths ['dwrcs.exe']
last_modified 2024-08-02

rdpwrap

rdpwrap is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID facfcec8-f369-5cf1-9360-7d83ca106714 which can be used as unique global reference for rdpwrap in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of rdpwrap RMM tool', 'Detects potential processes activity of rdpwrap RMM tool']
domains ['user_managed', 'github.com/stascorp/rdpwrap']
installation_paths ['RDPWInst.exe', 'RDPCheck.exe', 'RDPConf.exe']
last_modified 2024-08-02

RealVNC

RealVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7f4962da-5d4a-5cc5-8e8d-7f82c06f36bc which can be used as unique global reference for RealVNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

Remcos

Remcos is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0963992c-88b0-5322-af5a-4181f8a0ace1 which can be used as unique global reference for Remcos in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Remcos RMM tool']
installation_paths ['remcos*.exe']
last_modified 2024-08-02

Remmina

Remmina is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 68eb554a-bee1-5c69-bccd-f885500518c8 which can be used as unique global reference for Remmina in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

Remmon

Remote monitoring tool for Windows and Linux written in Go.

Internal MISP references

UUID 57774d32-07b8-56ac-9c66-154a5fef0786 which can be used as unique global reference for Remmon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Daniel Koifman (KoifSec)
capabilities ['Remote Monitoring']
category RMM
created 2025-11-12
detection_descriptions ['QRadar AQL query for detecting Remmon process execution via EventID 4688, tracking parent process name, process name, and command-line arguments']
free true
installation_paths ['*\\Remmon.exe']
last_modified 2025-11-12
privileges User
supported_os ['Windows', 'Linux']
verification false

Remobo

Remobo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 30084d29-1ea5-5632-a845-4778774d0f51 which can be used as unique global reference for Remobo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Remobo RMM tool', 'Detects potential processes activity of Remobo RMM tool']
domains ['user_managed', 'remobo.en.softonic.com']
installation_paths ['remobo.exe', 'remobo_client.exe', 'remobo_tracker.exe']
last_modified 2024-08-02

Remote Desktop Manager (Devolutions)

Remote Desktop Manager (Devolutions) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 066f82d4-3eb6-520b-a7da-763196092459 which can be used as unique global reference for Remote Desktop Manager (Devolutions) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

Remote Desktop Plus

Remote Desktop Plus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e813e803-5c0c-55f2-b933-01b820495dd6 which can be used as unique global reference for Remote Desktop Plus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Remote Desktop Plus RMM tool', 'Detects potential processes activity of Remote Desktop Plus RMM tool']
domains ['donkz.nl']
installation_paths ['rdp.exe']
last_modified 2024-08-02

Remote Manipulator System

Remote Manipulator System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 1f139d08-cb00-5d68-a888-4eeb06acc7b5 which can be used as unique global reference for Remote Manipulator System in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Remote Manipulator System RMM tool', 'Detects potential processes activity of Remote Manipulator System RMM tool']
domains ['*.internetid.ru', 'rmansys.ru']
installation_paths ['rfusclient.exe', 'rutserv.exe']
last_modified 2024-08-02

Remote Ripple

Remote Ripple is a free VNC viewer client developed by GlavSoft (the creators of TightVNC) for remote desktop access and control. It is a modern, lightweight viewer based on TightVNC technology that allows users to remotely access and control.

Internal MISP references

UUID d95f5edb-77a9-57c2-aff9-f82f3528ee9b which can be used as unique global reference for Remote Ripple in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Daniel Koifman (KoifSec)
capabilities ['Remote Control', 'Remote View', 'Clipboard Exchange', 'File Transfer', 'Screen Capture']
category RMM
created 2025-11-12
detection_descriptions ['QRadar AQL query for detecting Remote Ripple RMM activity']
free true
installation_paths ['C:\Program Files\Remote Ripple\', 'C:\Program Files (x86)\Remote Ripple\', 'RemoteRipple.exe']
last_modified 2025-11-12
privileges User
supported_os ['Windows', 'Mac', 'Android', 'iOS']
verification false

Remote Utilities

Remote Utilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e644fcd7-b896-5046-b75c-7fc5a4f02e68 which can be used as unique global reference for Remote Utilities in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Remote Utilities RMM tool', 'Detects potential processes activity of Remote Utilities RMM tool']
domains ['*.internetid.ru']
installation_paths ['rutview.exe', 'rutserv.exe']
last_modified 2024-08-02

Remote.it

Remote.it is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7a9aba08-ae9d-5d1a-baa4-c4a027e963cf which can be used as unique global reference for Remote.it in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Remote.it RMM tool', 'Detects potential processes activity of Remote.it RMM tool']
domains ['auth.api.remote.it', 'api.remote.it', 'remote.it']
installation_paths ['remote-it-installer.exe', 'remote.it.exe', 'remoteit.exe']
last_modified 2024-08-02
supported_os ['Windows']

RemoteCall

RemoteCall is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 16ebc14f-aafb-5c0f-8ca8-3139dba0db53 which can be used as unique global reference for RemoteCall in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RemoteCall RMM tool', 'Detects potential processes activity of RemoteCall RMM tool']
domains ['.remotecall.com', '.startsupport.com', 'remotecall.com']
installation_paths ['rcengmgru.exe', 'rcmgrsvc.exe', 'rxstartsupport.exe', 'rcstartsupport.exe', 'raautoup.exe', 'agentu.exe', 'remotesupportplayeru.exe']
last_modified 2024-08-02
supported_os ['Windows']

RemotePass

RemotePass is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 07933e2b-4d4b-59dc-8f10-a0dcb09862d6 which can be used as unique global reference for RemotePass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RemotePass RMM tool', 'Detects potential processes activity of RemotePass RMM tool']
domains ['remotepass.com']
installation_paths ['remotepass-access.exe', 'rpaccess.exe', 'rpwhostscr.exe']
last_modified 2024-08-02
supported_os ['Windows']

RemotePC

RemotePC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 11955fa0-a739-552c-8c5c-4e232005d581 which can be used as unique global reference for RemotePC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RemotePC RMM tool', 'Detects potential processes activity of RemotePC RMM tool']
domains ['.remotedesktop.com', '.remotepc.com', 'www.remotepc.com', 'remotepc.com']
installation_paths ['C:\Program Files (x86)\RemotePC\', 'Idrive.File-Transfer', '\RemotePC\', 'remotepcservice.exe', 'RemotePC.exe', 'remotepchost.exe', 'idrive.RemotePCAgent', 'rpcsuite.exe', '\RemotePCService.exe', 'RemotePCService.exe']
last_modified 2024-08-02
supported_os ['Windows']

RemoteUtilities

RemoteUtilities is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 759093d6-f7c7-556d-9b5f-86b962c377f6 which can be used as unique global reference for RemoteUtilities in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RemoteUtilities RMM tool', 'Detects potential processes activity of RemoteUtilities RMM tool']
domains ['remoteutilities.com']
installation_paths ['rutview.exe', '\Remote Manipulator System - Server\', 'C:\Program Files\Remote Utilities\', '\Remote Utilities\', 'rutserv.exe', '\rutserv.exe']
last_modified 2024-08-02

RemoteView

RemoteView is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 60bb55df-d2a7-5069-bb80-dc4f5016ca80 which can be used as unique global reference for RemoteView in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RemoteView RMM tool', 'Detects potential processes activity of RemoteView RMM tool']
domains ['content.rview.com', '.rview.com', 'content.rview.com']
installation_paths ['remoteview.exe', 'rv.exe', 'rvagent.exe', 'rvagtray.exe']
last_modified 2024-08-02

RES Automation Manager

RES Automation Manager is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 4899c341-c90d-5012-9d5e-3f73ff7a4a83 which can be used as unique global reference for RES Automation Manager in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RES Automation Manager RMM tool', 'Detects potential processes activity of RES Automation Manager RMM tool']
domains ['user_managed', 'ivanti.com/']
installation_paths ['wisshell*.exe', 'wmc.exe', 'wmc_deployer.exe', 'wmcsvc.exe']
last_modified 2024-08-02

Rocket Remote Desktop

Rocket Remote Desktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 1ded259d-9cee-5146-b1b1-2fe25454a2ed which can be used as unique global reference for Rocket Remote Desktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Rocket Remote Desktop RMM tool']
installation_paths ['RDConsole.exe', 'RocketRemoteDesktop_Setup.exe']
last_modified 2024-08-02
supported_os ['Windows']

Royal Apps

Royal Apps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 81c84432-3e79-542e-8432-8dc9bd3d7b81 which can be used as unique global reference for Royal Apps in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Royal Apps RMM tool', 'Detects potential processes activity of Royal Apps RMM tool']
domains ['user_managed']
installation_paths ['royalserver.exe', 'royalts.exe']
last_modified 2024-08-02
supported_os ['Windows']

Royal Server

Royal Server is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID b6d4e1db-e8e6-547f-bc6c-cf9dd7fe9993 which can be used as unique global reference for Royal Server in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Royal Server RMM tool']
domains ['royalapps.com']
last_modified 2024-08-02

Royal TS

Royal TS is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2ceefa9b-6b36-572d-9023-e07cb7a84df2 which can be used as unique global reference for Royal TS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Royal TS RMM tool', 'Detects potential processes activity of Royal TS RMM tool']
domains ['royalapps.com']
installation_paths ['royalts.exe']
last_modified 2024-08-02

RPort

RPort is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID caaf9138-68c7-5037-b2de-53769c2326e4 which can be used as unique global reference for RPort in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RPort RMM tool', 'Detects potential processes activity of RPort RMM tool']
domains ['user_managed', 'rport.io']
installation_paths ['rport.exe']
last_modified 2024-08-02

RuDesktop

RuDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID d5667b3e-28e1-5c7e-b3bb-b2c72bdd4909 which can be used as unique global reference for RuDesktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RuDesktop RMM tool', 'Detects potential processes activity of RuDesktop RMM tool']
domains ['*.rudesktop.ru', 'rudesktop.ru']
installation_paths ['rd.exe', 'rudesktop*.exe']
last_modified 2024-08-02

RunSmart

RunSmart is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2762bf73-92ed-581a-9633-c36545cad8db which can be used as unique global reference for RunSmart in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RunSmart RMM tool']
domains ['runsmart.io']
last_modified 2024-08-02

RustDesk

RustDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 58afdb7e-d8d9-5c28-8fc5-7d5b981185d6 which can be used as unique global reference for RustDesk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of RustDesk RMM tool', 'Detects potential files activity of RustDesk RMM tool', 'Detects potential processes activity of RustDesk RMM tool']
domains ['rustdesk.com', 'user_managed', 'web.rustdesk.com', 'api.rustdesk.com', 'rs-ny.rustdesk.com']
free Yes
installation_paths ['rustdesk.exe', 'rustdesk.exe', 'C:\Users\\AppData\Local\rustdesk\rustdesk.exe', 'C:\Users\\AppData\Local\rustdesk\', 'C:\Program Files\RustDesk']
last_modified 2024-08-02
ports ['443', '21115', '21116']
supported_os ['Windows', 'Linux', 'MacOS']

S3 Browser

S3 Browser is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 05f5215d-8dc5-51d6-916e-dd142950371f which can be used as unique global reference for S3 Browser in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of S3 Browser RMM tool']
installation_paths ['C:\Program Files (x86)\S3 Browser\', '\S3 Browser\', '\s3browser*.exe']
last_modified 2024-08-02

ScreenConnect

ScreenConnect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7de195d3-e70a-5b47-aa52-47b0cf87d748 which can be used as unique global reference for ScreenConnect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Ali Alwashali, Nasreddine Bencherchali
capabilities ['Command Line Support', 'File Transfer', 'Install Windows updates', 'Receive notification when user performs a predefined event', 'Remote Command Line', 'Remote Control', 'Sound Capture', 'Start / Stop services', 'View event logs']
category RMM
created 2023-10-01
detection_descriptions ['Detects potential network activity of ScreenConnect RMM tool', 'Detects potential files activity of ScreenConnect RMM tool', 'Detects potential processes activity of ScreenConnect RMM tool']
domains ['control.connectwise.com', '.connectwise.com', '.screenconnect.com']
free 14-Days Free Trial
installation_paths ['C:\Program Files (x86)\ScreenConnect Client (Random)\ScreenConnect.ClientService.exe', 'Remote Workforce Client.exe', '\\ScreenConnect.ClientService.exe', 'C:\Program Files (x86)\ScreenConnect Client ()\', '\ScreenConnect Client\', '\\ScreenConnect.WindowsClient.exe', 'screenconnect.exe', 'screenconnect.windowsclient.exe', 'ConnectWiseControl.exe', 'connectwise*.exe', 'screenconnect.clientservice.exe']
last_modified 2023-10-01
supported_os ['Android', 'IOS', 'Linux', 'Mac', 'Windows']

ScreenMeet

ScreenMeet is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID c273afcc-3240-515f-abcf-88403c742e55 which can be used as unique global reference for ScreenMeet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ScreenMeet RMM tool', 'Detects potential processes activity of ScreenMeet RMM tool']
domains ['.screenmeet.com', '.scrn.mt']
installation_paths ['ScreenMeetSupport.exe', 'ScreenMeet.Support.exe']
last_modified 2024-08-02

SecureCRT

SecureCRT is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 6d9b3e8c-1e08-55b5-9190-cda01b6b3b87 which can be used as unique global reference for SecureCRT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of SecureCRT RMM tool']
installation_paths ['C:\\SecureCRT.EXE', '\SecureCRT.EXE', '\VanDyke Software\ClientPack\']
last_modified 2024-08-02

Seetrol

Seetrol is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID a84de35b-3ad8-5c64-ab77-1662ac148b67 which can be used as unique global reference for Seetrol in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Seetrol RMM tool', 'Detects potential processes activity of Seetrol RMM tool']
domains ['seetrol.co.kr']
installation_paths ['seetrolcenter.exe', 'seetrolclient.exe', 'seetrolmyservice.exe', 'seetrolremote.exe', 'seetrolsetting.exe']
last_modified 2024-08-02

Senso.cloud

Senso.cloud is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID bf971c85-aec8-50f4-9e43-04435711f85e which can be used as unique global reference for Senso.cloud in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Senso.cloud RMM tool', 'Detects potential processes activity of Senso.cloud RMM tool']
domains ['*.senso.cloud', 'senso.cloud']
installation_paths ['SensoClient.exe', 'SensoService.exe', 'aadg.exe']
last_modified 2024-08-02

ServerEye

ServerEye is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 07d0476d-3390-54cb-a1be-35de4bdefe5a which can be used as unique global reference for ServerEye in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ServerEye RMM tool', 'Detects potential processes activity of ServerEye RMM tool']
domains ['*.server-eye.de']
installation_paths ['servereye*.exe', 'ServiceProxyLocalSys.exe']
last_modified 2024-08-02

ShowMyPC

ShowMyPC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID de7f1153-9d24-5564-980d-eb9dd679140e which can be used as unique global reference for ShowMyPC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ShowMyPC RMM tool', 'Detects potential processes activity of ShowMyPC RMM tool']
domains ['*.showmypc.com', 'showmypc.com']
installation_paths ['SMPCSetup.exe', 'showmypc*.exe', 'showmypc.exe', 'smpcsetup.exe']
last_modified 2024-08-02

SimpleHelp

SimpleHelp is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID c315bd0f-fe30-5d42-88f0-810e6d5032a4 which can be used as unique global reference for SimpleHelp in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of SimpleHelp RMM tool', 'Detects potential processes activity of SimpleHelp RMM tool']
domains ['user_managed', 'simple-help.com']
installation_paths ['simplehelpcustomer.exe', 'simpleservice.exe', 'simplegatewayservice.exe', 'remote access.exe', 'windowslauncher.exe']
last_modified 2024-08-02

Site24x7

Site24x7 is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID f75d321c-184a-5bb2-8e7d-298202775111 which can be used as unique global reference for Site24x7 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Site24x7 RMM tool', 'Detects potential processes activity of Site24x7 RMM tool']
domains ['plus.site24x7.com', 'plus.site24x7.eu', 'plus.site24x7.in', 'plus.site24x7.cn', 'plus*.site24x7.net.au', 'site24x7.com/msp']
installation_paths ['MEAgentHelper.exe', 'MonitoringAgent.exe', 'Site24x7WindowsAgentTrayIcon.exe', 'Site24x7PluginAgent.exe']
last_modified 2024-08-02

SkyFex

SkyFex is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7d4a3e31-c8c0-5551-adb0-5503177efed4 which can be used as unique global reference for SkyFex in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of SkyFex RMM tool', 'Detects potential processes activity of SkyFex RMM tool']
domains ['skyfex.com', 'deskroll.com', '*.deskroll.com']
installation_paths ['Deskroll.exe', 'DeskRollUA.exe']
last_modified 2024-08-02

SmartCode Web VNC

SmartCode Web VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2ba6e086-0bb8-5969-b4ba-8bea7064843f which can be used as unique global reference for SmartCode Web VNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
installation_paths ['C:\Program Files\TightVNC\', '\TightVNC\*']
last_modified 2024-08-02

SmartFTP

SmartFTP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 3e81dbdf-ba1c-525c-b0e7-290519096710 which can be used as unique global reference for SmartFTP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
installation_paths ['C:\Program Files (x86)\SmartFTP Client\en-US\', '\SmartFTP Client\', '*\SfShellTools.dll.mui']
last_modified 2024-08-02

SmarTTY

SmarTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID bfdd8b97-4207-5fff-9f26-7c3bf48b716d which can be used as unique global reference for SmarTTY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of SmarTTY RMM tool']
installation_paths ['c:\Program Files (x86)\Sysprogs\SmarTTY\', '\Sysprogs\SmarTTY\', '\SmarTTY.exe']
last_modified 2024-08-02

Solar-PuTTY

Solar-PuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7788661d-8340-547b-9a7d-db933e65da0c which can be used as unique global reference for Solar-PuTTY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Solar-PuTTY RMM tool']
installation_paths ['C:\Program Files\Solar-Putty-v4\', '\Solar-Putty-v4\', '\Solar-PuTTY.exe']
last_modified 2024-08-02

Sophos-Remote Management System

Sophos-Remote Management System is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 25dfe19a-f982-5baa-9440-d0497defa5bf which can be used as unique global reference for Sophos-Remote Management System in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Sophos-Remote Management System RMM tool', 'Detects potential processes activity of Sophos-Remote Management System RMM tool']
domains ['.sophos.com', '.sophosupd.com', '*.sophosupd.net', 'community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system']
installation_paths ['clientmrinit.exe', 'mgntsvc.exe', 'routernt.exe']
last_modified 2024-08-02

Sorillus

Sorillus is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 5e0989f3-33e3-5305-89f3-00e5fa23c7c8 which can be used as unique global reference for Sorillus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Sorillus RMM tool', 'Detects potential processes activity of Sorillus RMM tool']
domains ['*.sorillus.com', 'sorillus.com']
installation_paths ['Sorillus-Launcher*.exe', 'Sorillus Launcher.exe']
last_modified 2024-08-02

Splashtop

Splashtop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID fe4c9c2e-4633-5b3a-9e0a-d315eaec9adc which can be used as unique global reference for Splashtop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Théo Letailleur (in/theosyn)']
author Nasreddine Bencherchali
category RMM
created 2024-08-02
detection_descriptions ['Detects potential registry activity of Splashtop RMM tool', 'Detects potential network activity of Splashtop RMM tool', 'Detects potential files activity of Splashtop RMM tool', 'Detects potential processes activity of Splashtop RMM tool']
domains ['*.splashtop.com']
installation_paths ['C:\Program Files (x86)\Splashtop\', '\Splashtop\Splashtop Remote\Client for RMM\*', 'strwinclt.exe']
last_modified 2024-08-02
ports ['N/A']

Splashtop (Beta)

Splashtop (Beta) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 93984695-672b-5ad0-aecb-c4ca38bbbe34 which can be used as unique global reference for Splashtop (Beta) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Splashtop (Beta) RMM tool', 'Detects potential processes activity of Splashtop (Beta) RMM tool']
domains ['splashtop.com']
installation_paths ['SRServer.exe', 'SplashtopSOS.exe', 'Splashtop_Streamer_Windows*.exe', 'SRManager.exe']
last_modified 2024-08-02

Splashtop Remote

Splashtop Remote is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 54d21793-3e79-5e3d-b401-41b2bc1c334f which can be used as unique global reference for Splashtop Remote in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Splashtop Remote RMM tool', 'Detects potential processes activity of Splashtop Remote RMM tool']
domains ['splashtop.com', '.api.splashtop.com', '.relay.splashtop.com', '*.api.splashtop.eu']
installation_paths ['strwinclt.exe', 'Splashtop_Streamer_Windows*.exe', 'SplashtopSOS.exe', 'sragent.exe', 'srmanager.exe', 'srserver.exe', 'srservice.exe']
last_modified 2024-08-02

SpyAnywhere

SpyAnywhere is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 16715836-409b-5da6-9ab4-3364c9cdd967 which can be used as unique global reference for SpyAnywhere in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of SpyAnywhere RMM tool', 'Detects potential processes activity of SpyAnywhere RMM tool']
domains ['*.spytech-web.com', 'spyanywhere.com']
installation_paths ['sysdiag.exe']
last_modified 2024-08-02

SunLogin

SunLogin is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 13afb9a2-6656-5e98-a360-c55e7271f132 which can be used as unique global reference for SunLogin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of SunLogin RMM tool', 'Detects potential processes activity of SunLogin RMM tool']
domains ['sunlogin.oray.com', 'client.oray.net']
installation_paths ['OrayRemoteShell.exe', 'OrayRemoteService.exe', 'sunlogin*.exe']
last_modified 2024-08-02

SuperOps

SuperOps is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID f50a98c0-c0e3-5303-82ef-887d151a96bc which can be used as unique global reference for SuperOps in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of SuperOps RMM tool', 'Detects potential processes activity of SuperOps RMM tool']
domains ['.superopsbeta.com', 'superops.ai', 'serv.superopsalpha.com', '.superops.ai', '*.superopsalpha.com']
installation_paths ['superopsticket.exe', 'superops.exe']
last_modified 2024-08-02

SuperPuTTY

SuperPuTTY is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 6e768067-9aaf-54a9-8f58-65fc016d0297 which can be used as unique global reference for SuperPuTTY in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of SuperPuTTY RMM tool']
installation_paths ['C:\Downloads\SuperPuTTY\', 'Downloads\SuperPuTTY\', '\superputty.exe', '\SuperPuTTY\']
last_modified 2024-08-02

Supremo

Supremo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 8947ec50-a1bb-55f7-b396-c22b6ae2c06f which can be used as unique global reference for Supremo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author @KyawPyiytHtet
capabilities ['Remote Management session']
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Supremo RMM tool', 'Detects potential processes activity of Supremo RMM tool']
domains ['*.supremocontrol.com']
installation_paths ['*\\supremoremotedesktop\\supremosystem.exe', '%USERPROFILE%\\AppData\\Local\\Temp\\SupremoRemoteDesktop\\', 'C:\\ProgramData\\SupremoRemoteDesktop\\', 'supremo.exe', 'supremohelper.exe', 'supremoservice.exe', 'SupremoSystem.exe']
last_modified 2024-12-02
privileges Current User
supported_os ['Windows', 'Linux', 'MacOS']
verification None

Syncro

Syncro is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 287e082d-6acd-50e9-a32b-ede892f59e9b which can be used as unique global reference for Syncro in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Syncro RMM tool', 'Detects potential processes activity of Syncro RMM tool']
domains ['kabuto.io', '.syncromsp.com', '.syncroapi.com', 'syncromsp.com', 'servably.com', 'ld.aurelius.host', 'app.kabuto.io', '*.kabutoservices.com', 'repairshopr.com', 'kabutoservices.com', 'attachments.servably.com']
installation_paths ['Syncro.Installer.exe', 'Kabuto.App.Runner.exe', 'Syncro.Overmind.Service.exe', 'Kabuto.Installer.exe', 'KabutoSetup.exe', 'Syncro.Service.exe', 'Kabuto.Service.Runner.exe', 'Syncro.App.Runner.exe', 'SyncroLive.Service.exe', 'SyncroLive.Agent.exe']
last_modified 2024-08-02

Syncthing

Syncthing is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 1324438b-65b4-5f09-9d26-437d3d966d5b which can be used as unique global reference for Syncthing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Syncthing RMM tool']
installation_paths ['C:\Users\\AppData\Roaming\SyncTrayzor\', 'Users\\AppData\Roaming\SyncTrayzor\', '\Syncthing.exe']
last_modified 2024-08-02
supported_os ['Windows']

Synergy

Synergy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 17dd2f60-a4c2-5e39-a0fb-ee4f4ae8a28c which can be used as unique global reference for Synergy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Synergy RMM tool']
domains ['user_managed']
last_modified 2024-08-02

SysAid

SysAid is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 3c1d6647-98b8-5cb4-822a-8185b51912f7 which can be used as unique global reference for SysAid in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of SysAid RMM tool']
installation_paths ['C:\Program Files\SysAidServer\', '\SysAidServer\', '\SysAid\', '\IliAS.exe']
last_modified 2024-08-02

Syspectr

Syspectr is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 84a6105b-6238-5106-84ab-301b46117656 which can be used as unique global reference for Syspectr in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Syspectr RMM tool', 'Detects potential processes activity of Syspectr RMM tool']
domains ['atled.syspectr.com', 'app.syspectr.com']
installation_paths ['oo-syspectr*.exe', 'OOSysAgent.exe']
last_modified 2024-08-02

Tactical RMM

Tactical RMM is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 68d1400b-eefa-5510-bb76-1635c0dfd518 which can be used as unique global reference for Tactical RMM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Tactical RMM RMM tool', 'Detects potential processes activity of Tactical RMM RMM tool']
domains ['login.tailscale.com', 'docs.tacticalrmm.com']
installation_paths ['tacticalrmm.exe']
last_modified 2024-08-02

Tailscale

Tailscale is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 837398b3-6d2e-5e1c-bc07-43158994d4e8 which can be used as unique global reference for Tailscale in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Tailscale RMM tool', 'Detects potential processes activity of Tailscale RMM tool']
domains ['.tailscale.com', '.tailscale.io', 'tailscale.com']
installation_paths ['tailscale-*.exe', 'tailscaled.exe', 'tailscale-ipn.exe']
last_modified 2024-08-02

Tanium

Tanium is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID fa6120be-ff49-51a6-baa7-e63c1063d742 which can be used as unique global reference for Tanium in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Tanium RMM tool', 'Detects potential processes activity of Tanium RMM tool']
domains ['cloud.tanium.com', '*.cloud.tanium.com']
installation_paths ['TaniumClient.exe', 'TaniumCX.exe', 'TaniumExecWrapper.exe', 'TaniumFileInfo.exe', 'TPowerShell.exe']
last_modified 2024-08-02

Tanium Deploy

Tanium Deploy is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 1651e588-6753-5c5d-b6a9-00edfafe56a1 which can be used as unique global reference for Tanium Deploy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Tanium Deploy RMM tool']
domains ['tanium.com/products/tanium-deploy']
last_modified 2024-08-02

TeamViewer

TeamViewer is a remote monitoring and management (RMM) tool.

Internal MISP references

UUID cebc625c-f469-5552-ae84-8f7f88b1f0cc which can be used as unique global reference for TeamViewer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Théo Letailleur (in/theosyn)']
author Nasreddine Bencherchali, Michael Haag
category RMM
created 2024-08-02
detection_descriptions ['Detects potential registry activity of TeamViewer RMM tool', 'Detects potential network activity of TeamViewer RMM tool', 'Detects potential files activity of TeamViewer RMM tool', 'Detects potential processes activity of TeamViewer RMM tool']
domains ['*.teamviewer.com', 'router15.teamviewer.com', 'client.teamviewer.com', 'taf.teamviewer.com']
free true
installation_paths ['C:\Program Files\TeamViewer\', 'teamviewer_desktop.exe', 'teamviewer_service.exe', 'teamviewerhost']
last_modified 2024-08-02
ports ['443']
privileges user
supported_os ['Android', 'ChromeOS', 'IOS', 'Linux', 'Mac', 'Windows']
verification false

TeleDesktop

TeleDesktop is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 2756b9e6-22c6-57db-b4d2-fe6a288f159e which can be used as unique global reference for TeleDesktop in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of TeleDesktop RMM tool', 'Detects potential processes activity of TeleDesktop RMM tool']
domains ['user_managed', 'tele-desk.com']
installation_paths ['pstlaunch.exe', 'ptdskclient.exe', 'ptdskhost.exe']
last_modified 2024-08-02

Terminals

Terminals is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0fd8a442-5770-5cdc-9ab9-58a11d3027a8 which can be used as unique global reference for Terminals in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

TigerVNC

TigerVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e92b4ac8-c697-5871-b50b-f039e0b29d32 which can be used as unique global reference for TigerVNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of TigerVNC RMM tool', 'Detects potential processes activity of TigerVNC RMM tool']
domains ['user_managed']
installation_paths ['tigervnc.exe', 'winvnc4.exe', 'C:\Program Files\TightVNC\', '\TightVNC\', '*\tvnserver.exe']
last_modified 2024-08-02

TightVNC

TightVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 4ef895bf-ea62-5d58-8d9f-36b4c8c8f737 which can be used as unique global reference for TightVNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of TightVNC RMM tool', 'Detects potential processes activity of TightVNC RMM tool']
domains ['user_managed', 'tightvnc.com']
installation_paths ['tvnviewer.exe', 'TightVNCViewerPortable*.exe', 'tvnserver.exe']
last_modified 2024-08-02

tmate

tmate is an open-source terminal sharing tool for Linux and Unix-like systems, built on tmux. It enables instant terminal sharing over SSH, allowing remote terminal access and collaboration. The tool creates a unique session that can be shared with others for remote access, making it a legitimate tool for system administration but also potentially useful for unauthorized remote access.

Internal MISP references

UUID 5139b4ea-aa77-5ff6-84be-94e3fb8c34e7 which can be used as unique global reference for tmate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['rcKillam (@rcKillam)']
author Michael Haag
capabilities ['Remote Terminal Access', 'Terminal Sharing', 'SSH-based Connection', 'Session Collaboration']
category RAT
created 2026-01-15
domains ['tmate.io', '*.tmate.io']
free Open Source
installation_paths ['/usr/bin/tmate', '/usr/local/bin/tmate', 'tmate', 'tmate.sock', 'tmate-ready', 'tmate.bashrc']
last_modified 2026-01-15
ports ['22', '443']
privileges User
supported_os ['Linux', 'Mac', 'FreeBSD']
verification Open source project

ToDesk

ToDesk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 8b94757d-5058-5455-a619-85780eec9a1b which can be used as unique global reference for ToDesk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of ToDesk RMM tool', 'Detects potential processes activity of ToDesk RMM tool']
domains ['todesk.com', '*.todesk.com', 'todesktop.com']
installation_paths ['todesk.exe', 'ToDesk_Service.exe', 'ToDesk_Setup.exe']
last_modified 2024-08-02

Total Software Deployment

Total Software Deployment is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7e0284e9-21cf-5109-bff9-62d7fce6daa0 which can be used as unique global reference for Total Software Deployment in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Total Software Deployment RMM tool']
installation_paths ['C:\ProgramData\Total Software Deployment\', '\Total Software Deployment\', '\tniwinagent.exe', '*\Tsdservice.exe']
last_modified 2024-08-02

TurboMeeting

TurboMeeting is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID c19073f3-62d5-5ca1-80e2-51b385a82db0 which can be used as unique global reference for TurboMeeting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of TurboMeeting RMM tool', 'Detects potential processes activity of TurboMeeting RMM tool']
domains ['user_managed', 'acceo.com/turbomeeting/']
installation_paths ['pcstarter.exe', 'turbomeeting.exe', 'turbomeetingstarter.exe']
last_modified 2024-08-02

Ultra VNC

Ultra VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID dcc566fb-bad1-5250-9db9-ed1844a689fe which can be used as unique global reference for Ultra VNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Ultra VNC RMM tool']
installation_paths ['C:\Program Files\uvnc bvba\UltraVNC\', '\uvnc bvba\UltraVNC\', '\UVNC_Launch.exe', '\winvnc.exe', '\vncviewer.exe']
last_modified 2024-08-02

UltraViewer

UltraViewer is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 9b08c105-7664-545c-8d44-7f062bb9ae15 which can be used as unique global reference for UltraViewer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of UltraViewer RMM tool', 'Detects potential processes activity of UltraViewer RMM tool']
domains ['*.ultraviewer.net', 'ultraviewer.net']
installation_paths ['UltraViewer_Service.exe', 'UltraViewer_setup', 'UltraViewer_Desktop.exe', 'ultraviewer.exe', 'C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe', '\UltraViewer\', '*\UltraViewer_Desktop.exe', 'ultraviewer_desktop.exe', 'ultraviewer_service.exe']
last_modified 2024-08-02

UltraVNC

UltraVNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID e912626e-a881-5f87-b5c8-fd4abe592386 which can be used as unique global reference for UltraVNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of UltraVNC RMM tool', 'Detects potential processes activity of UltraVNC RMM tool']
domains ['ultravnc.com', 'user_managed']
installation_paths ['UltraVNC*.exe']
last_modified 2024-08-02

Veyon

Veyon (Virtual Eye On Networks) is a free and open-source remote monitoring and classroom management software designed for educational environments and remote support scenarios. It enables monitoring and controlling computers across multiple platforms, allowing administrators and teachers to view and control computer labs, interact with students, and provide remote technical support.

Internal MISP references

UUID 889dbf53-cde6-5695-bc96-bd16216b06d2 which can be used as unique global reference for Veyon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
author Daniel Koifman (KoifSec)
capabilities ['Remote Control', 'Screen Monitoring', 'Screen Broadcasting (Demo Mode)', 'Remote Command Execution', 'File Transfer', 'Power Management', 'Screen Lock', 'User Messaging', 'Application Launching', 'Screenshot Capture', 'Clipboard Synchronization']
category RAT
created 2025-11-12
detection_descriptions ['Detects Veyon RMM activity through registry modifications (EventCode 13), process creation (EventCode 1), and service installation (EventCode 4697)']
free true
installation_paths ['C:\Program Files\Veyon\', 'C:\Program Files (x86)\Veyon\', 'veyon-wcli.exe', 'veyon-worker.exe', 'veyon-server.exe', 'veyon-service.exe', 'veyon-master.exe']
last_modified 2025-11-12
privileges User
supported_os ['Linux', 'Windows']
verification false

Visual Studio Dev Tunnel

Visual Studio Dev Tunnel is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0d5a0ee0-2e78-5240-8e4d-6f301d162f3f which can be used as unique global reference for Visual Studio Dev Tunnel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of Visual Studio Dev Tunnel RMM tool']
domains ['global.rel.tunnels.api.visualstudio.com', '.rel.tunnels.api.visualstudio.com', '.devtunnels.ms']
last_modified 2024-08-02

VNC

VNC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 0088de28-204a-5448-a162-b4b8b61bbb39 which can be used as unique global reference for VNC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of VNC RMM tool', 'Detects potential processes activity of VNC RMM tool']
domains ['user_managed', 'realvnc.com/en/connect/download/vnc']
installation_paths ['winvnc*.exe', 'vncserver.exe', 'winwvc.exe', 'winvncsc.exe', 'vncserverui.exe', 'vncviewer.exe', 'winvnc.exe']
last_modified 2024-08-02

VNC Connect

VNC Connect is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 08318829-89ea-5d33-b1da-6a0e78c5007a which can be used as unique global reference for VNC Connect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
installation_paths ['C:\Program Files\RealVNC\VNC Server\', '\RealVNC\VNC Server\*']
last_modified 2024-08-02

WebEx (Remote Access)

WebEx (Remote Access) is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID d94199ec-a13c-5058-aebf-c5d85b5f86df which can be used as unique global reference for WebEx (Remote Access) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
last_modified 2024-08-02

WebRDP

WebRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 4bf93ca3-9516-568b-99cf-d199d6cf99e4 which can be used as unique global reference for WebRDP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of WebRDP RMM tool', 'Detects potential processes activity of WebRDP RMM tool']
domains ['user_managed', 'github.com/Mikej81/WebRDP']
installation_paths ['webrdp.exe']
last_modified 2024-08-02

Weezo

Weezo is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 4c2ebe43-c739-598c-b2a6-dd77c7f4fb4b which can be used as unique global reference for Weezo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Weezo RMM tool', 'Detects potential processes activity of Weezo RMM tool']
domains ['.weezo.me', 'weezo.net', '.weezo.net', 'weezo.en.softonic.com']
installation_paths ['weezohttpd.exe', 'weezo.exe', 'weezo setup*.exe']
last_modified 2024-08-02

WinSCP

WinSCP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID a3646172-fae0-5022-a282-a4df3063a7df which can be used as unique global reference for WinSCP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of WinSCP RMM tool']
installation_paths ['C:\Users\IEUser\Downloads\WinSCP-5.21.6-Portable\', '\WinSCPPortable\', '\WinSCP.exe', '\WinSCP\*']
last_modified 2024-08-02

X2Go

X2Go is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID dc4febf9-3e01-5e03-8cee-0eda0be1b808 which can be used as unique global reference for X2Go in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

Xeox

Xeox is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ba81675b-1929-52a8-b631-0c93ba9d944d which can be used as unique global reference for Xeox in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Xeox RMM tool', 'Detects potential processes activity of Xeox RMM tool']
domains ['*.xeox.com', 'xeox.com']
installation_paths ['xeox-agent_x64.exe', 'xeox_service_windows.exe', 'xeox-agent_*.exe', 'xeox-agent_x86.exe']
last_modified 2024-08-02
supported_os ['Windows']

Xpra

Xpra is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID b20905a1-0532-5af0-a744-cd3c9026a88a which can be used as unique global reference for Xpra in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Xpra RMM tool']
installation_paths ['C:\Program Files (x86)\Xpra\', '\Xpra\', '\Xpra-Launcher.exe', '*\Xpra-x86_64_Setup.exe']
last_modified 2024-08-02
supported_os ['Windows']

XRDP

XRDP is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 69676a99-b385-5f86-ac62-ca264d06f2ea which can be used as unique global reference for XRDP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
last_modified 2024-08-02

Xshell

Xshell is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 00dc5ff2-1498-5435-9b74-322a6f2eda71 which can be used as unique global reference for Xshell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Xshell RMM tool']
installation_paths ['C:\Program Files (x86)\NetSarang\xShell\', '\NetSarang\xShell\', '\xShell.exe']
last_modified 2024-08-02

Yandex.Disk

Yandex.Disk is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 6e83ab53-53d9-57e9-976d-919d15f80fb7 which can be used as unique global reference for Yandex.Disk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of Yandex.Disk RMM tool']
installation_paths ['C:\Program Files (x86)\Yandex\', '\Yandex\', '\YandexDisk2.exe']
last_modified 2024-08-02

Zabbix Agent

Zabbix Agent is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID ad3c40e3-60a7-59f1-a596-19700bc2cb59 which can be used as unique global reference for Zabbix Agent in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Zabbix Agent RMM tool', 'Detects potential processes activity of Zabbix Agent RMM tool']
domains ['user_managed', 'zabbix.com']
installation_paths ['zabbix_agent*.exe']
last_modified 2024-08-02

ZeroTier

ZeroTier is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 5d8d80cc-eab0-52b1-951b-e5153a17898d which can be used as unique global reference for ZeroTier in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential network activity of ZeroTier RMM tool', 'Detects potential processes activity of ZeroTier RMM tool']
domains ['zerotier.com', '*.zerotier.com']
installation_paths ['zerotier.msi', 'zerotier.exe', 'zero-powershell.exe']
last_modified 2024-08-02

ZOC

ZOC is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 16707eea-33a3-5b77-96ad-c42373e4ba36 which can be used as unique global reference for ZOC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
category RAT
created 2024-08-02
detection_descriptions ['Detects potential processes activity of ZOC RMM tool']
installation_paths ['C:\Program Files\ZOC8\', '\ZOC?\', '\zoc.exe']
last_modified 2024-08-02

Zoho Assist

Zoho Assist is a remote monitoring and management (RMM) tool. More information will be added as it becomes available.

Internal MISP references

UUID 7ddf66a9-e431-5e50-830b-c0955e2352a8 which can be used as unique global reference for Zoho Assist in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
acknowledgements ['Daniel Koifman (@koifsec)']
category RMM
created 2024-08-02
detection_descriptions ['Detects potential network activity of Zoho Assist RMM tool', 'Detects potential processes activity of Zoho Assist RMM tool']
domains ['.zoho.com.au', '.zohoassist.jp', 'assist.zoho.com', 'zoho.com/assist/', '.zoho.in', 'downloads.zohodl.com.cn', '.zohoassist.com', 'downloads.zohocdn.com', 'gateway.zohoassist.com', '.zohoassist.com.cn', '.zoho.com.cn', '.zoho.com', '.zoho.eu']
installation_paths ['toolsiq.exe', 'zaservice.exe', 'ZMAgent.exe', 'ZohoMeeting.exe', 'Zohours.exe', 'zohotray.exe', 'ZohoURSService.exe', '*\ZA_Access.exe', 'za_connect.exe', 'connect.exe']
last_modified 2026-02-09
supported_os ['Windows']