Built off the open source project Osquery
Description: This query looks for service names associated with the most common remote control tools that can be leveraged by attackers to maintain remote access to IT infrastructure.
What The Data Shows: Indicates if AmmyAdmin, *VNC, Teamviewer or LogMein remote control tools has its service currently installed or had been operational prior.
SQL:
SELECT * from services WHERE name = 'AmmyyAdmin' OR name LIKE '%vnc%' OR name = 'TeamViewer' OR name like '%LogMeIn%';
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.