Does anyone have any idea why GoToMeeting hashes are present in this list? It's not a remote access tool, of course you could go into a meeting with a threat actor where he asks that you share your screen and give control, still that does not make it a remote access tool.
Any idea?
The intent of that list is to drive awareness of tools that can and are abused for remote access. This tool unfortunately has been used for that purpose. Here is a recent example of the meetings app being used to load Remco.
https://www.gdatasoftware.com/blog/2024/05/37906-gotomeeting-loads-remcos
The intent is to provide a broad list of hashes that potentially could be utilized for Remote Access. There is a sample rule in the blogs and on our GitHub that demonstrates this, but with the caveat that tuning is needed because some of the hashes in that list are executables with legit purposes, but can be abused and may need to be allow listed for the environment they are operating in.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.