
Rule Info
Name
Potentially Suspicious Electron Application CommandLine
Author
frack113, Nasreddine Bencherchali (Nextron Systems)
Description
Detects potentially suspicious CommandLine of electron apps (teams, discord, slack, etc.). This could be a sign of abuse to proxy execution through a signed binary.
Date
2023-09-05 00:00:00
Modified
None
Id
378a05d8-963c-46c9-bcce-13c7657eac99
Tags
attack.execution DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
frack113
Merge PR #4309 from @frack113 - New Rules & Update Related To Electron Apps Abuse
2023-09-06