:py:mod:`dissect.target.plugins.apps.remoteaccess.splashtop` ============================================================ .. py:module:: dissect.target.plugins.apps.remoteaccess.splashtop Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.apps.remoteaccess.splashtop.SplashtopPlugin Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.apps.remoteaccess.splashtop.RE_TS .. py:data:: RE_TS .. py:class:: SplashtopPlugin(target: dissect.target.target.Target) Bases: :py:obj:`dissect.target.plugins.apps.remoteaccess.remoteaccess.RemoteAccessPlugin` Splashtop plugin. .. py:attribute:: __namespace__ :value: 'splashtop' Defines the plugin namespace. .. py:attribute:: RemoteAccessLogRecord .. py:attribute:: RemoteAccessFileTransferRecord .. py:attribute:: LOG_PATHS :value: ('sysvol/Program Files (x86)/Splashtop/Splashtop Remote/Server/log/SPLog.txt',) .. py:attribute:: log_files :type: set[dissect.target.helpers.fsutil.TargetPath] .. py:method:: check_compatible() -> None Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an :class:`UnsupportedPluginError`. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: logs() -> collections.abc.Iterator[RemoteAccessLogRecord] Parse Splashtop log files. Splashtop is a remote desktop application that can be used to get (persistent) access to a machine. It might be used in combination with Atera Management Agent. .. rubric:: References - https://www.synacktiv.com/en/publications/legitimate-rats-a-comprehensive-forensic-analysis-of-the-usual-suspects#atera-and-splashtop .. py:method:: filetransfer() -> collections.abc.Iterator[RemoteAccessFileTransferRecord] Parse Splashtop filetransfers. Splashtop is a remote desktop application and can be used by adversaries to get (persistent) access to a machine. File transfers as logged in the generic logfile (``SPLog.txt``) show what files are downloaded to a system.