
Rule Info
Name
Potentially Suspicious Electron Application CommandLine
Author
frack113, Nasreddine Bencherchali (Nextron Systems)
Description
Detects potentially suspicious CommandLine of electron apps (teams, discord, slack, etc.). This could be a sign of abuse to proxy execution through a signed binary.
Date
2023-09-05 00:00:00
Modified
2023-11-09 00:00:00
Id
378a05d8-963c-46c9-bcce-13c7657eac99
Tags
attack.execution
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
Merge PR #5027 from @nasbench - Promote older rules status from `experimental` to `test`
2024-10-01
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Nasreddine Bencherchali
Merge PR #4783 from @nasbench - Update registry rules logic and fix some false positives
2024-03-26
Swachchhanda Shrawan Poudel
Merge PR #4557 from @swachchhanda000 - Multiple Rule Updates & New Rules
2023-11-14
frack113
Merge PR #4309 from @frack113 - New Rules & Update Related To Electron Apps Abuse
2023-09-06