Rule Info
Name
Potentially Suspicious Child Process Of WinRAR.EXE
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects potentially suspicious child processes of WinRAR.exe.
Date
2023-08-31 00:00:00
Modified
None
Id
146aace8-9bd6-42ba-be7a-0070d8027b76
Tags
attack.execution attack.t1203 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
github-actions[bot]
Merge PR #4891 from @nasbench - Promote older rules status from `experimental` to `test`
2024-07-01
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
Nasreddine Bencherchali
Merge PR #4406 from @nasbench - Multiple Updates & Additions
2023-09-07