Add eliminate package with functions for removing suspicious artifacts (files, directories, processes, services, scheduled tasks) and enhance detection logic to include whitelist checks and multi-indicator scoring
This commit is contained in:
Evan Hosinski
@@ -0,0 +1,15 @@
|
||||
package common
|
||||
|
||||
// CommonRMMHashes contains known SHA256 hashes of RMM executables
|
||||
// These are high-confidence indicators - a hash match is a strong signal
|
||||
// Sources: VirusTotal, LOLRMM, threat intelligence reports
|
||||
var CommonRMMHashes = []string{
|
||||
// TODO: Add hashes here
|
||||
|
||||
}
|
||||
|
||||
// CommonRMMHashesSHA1 contains known SHA1 hashes of RMM executables
|
||||
var CommonRMMHashesSHA1 = []string{
|
||||
// TODO: Add hashes here
|
||||
// SHA256 is preferred for collision resistance
|
||||
}
|
||||
Reference in New Issue
Block a user