Uncommon Network Connection Initiated By Certutil.EXE (0dba975d-a193-4ed1-a067-424df57570d1)
Detects a network connection initiated by the certutil.exe utility. Attackers can abuse the utility in order to download malware or additional payloads.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Uncommon Network Connection Initiated By Certutil.EXE (0dba975d-a193-4ed1-a067-424df57570d1) | Sigma-Rules | Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) | Attack Pattern | 1 |