Rule Info
Name
Suspicious Non-Browser Network Communication With Telegram API
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects an a non-browser process interacting with the Telegram API which could indicate use of a covert C2
Date
2023-05-19 00:00:00
Modified
None
Id
c3dbbc9f-ef1d-470a-a90a-d343448d5875
Tags
attack.command_and_control attack.t1102 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
Merge PR #4791 from @nasbench - Promote older rules status from `experimental` to `test`
2024-04-01
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
Gavin Knapp
Rename net_connection_win_notion.yml to net_connection_win_notion.yaml
2023-05-04