From c541b4fa9343955bf06e76c16070df5c731b09f1 Mon Sep 17 00:00:00 2001 From: dfirtnt <12226521+dfirtnt@users.noreply.github.com> Date: Fri, 8 Sep 2023 14:57:29 -0400 Subject: [PATCH 1/2] Add files via upload new target for Xeox RMM --- Targets/Apps/Xeox.tkape | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Targets/Apps/Xeox.tkape diff --git a/Targets/Apps/Xeox.tkape b/Targets/Apps/Xeox.tkape new file mode 100644 index 000000000..d071d0fe5 --- /dev/null +++ b/Targets/Apps/Xeox.tkape @@ -0,0 +1,15 @@ +Description: Xeox Application Logs +Author: Andrew Skatoff @DFIR_TNT +Version: 1.0 +Id: 5e2c322f-616c-42e4-9cd7-4546cf2412e6 +RecreateDirectories: true +Targets: + - + Name: Xeox RMM Client Application logs + Category: ApplicationLogs + Path: C:\Program Files\Xeox + FileMask: '*.log' + Comment: "Contains Application Log entries such as service start and incomming connections." + +# Documentation +# https://dfirtnt.wordpress.com/2023/08/01/rmm-xeox-client-side-evidence/ From cd4856b1f8a4a38be07411651b73ccd48de4cecc Mon Sep 17 00:00:00 2001 From: dfirtnt <12226521+dfirtnt@users.noreply.github.com> Date: Fri, 8 Sep 2023 15:01:45 -0400 Subject: [PATCH 2/2] Update to compound target for RemotAdmin Now includes Action1, Level, and Xeox RMMs --- Targets/Compound/RemoteAdmin.tkape | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Targets/Compound/RemoteAdmin.tkape b/Targets/Compound/RemoteAdmin.tkape index ded068f2c..a54d93ae3 100644 --- a/Targets/Compound/RemoteAdmin.tkape +++ b/Targets/Compound/RemoteAdmin.tkape @@ -4,6 +4,10 @@ Version: 1.9 Id: 31cf5a4e-c44c-4457-b11f-74dca73e141b RecreateDirectories: true Targets: + - + Name: Action1 + Category: ApplicationLogs + Path: Action1.tkape - Name: Ammyy Category: ApplicationLogs @@ -24,6 +28,10 @@ Targets: Name: Kaseya Category: ApplicationLogs Path: Kaseya.tkape + - + Name: Level + Category: ApplicationLogs + Path: Level.tkape - Name: LogMeIn Category: ApplicationLogs @@ -81,6 +89,10 @@ Targets: Name: VNC Category: ApplicationLogs Path: VNCLogs.tkape + - + Name: Xeox + Category: ApplicationLogs + Path: Xeox.tkape - Name: ZohoAssist Category: ApplicationLogs