Hide Navigation Hide TOC

Suspicious File Downloaded From Direct IP Via Certutil.EXE (13e6fe51-d478-4c7e-b0f2-6da9b400a829)

Detects the execution of certutil with certain flags that allow the utility to download files from direct IPs.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious File Downloaded From Direct IP Via Certutil.EXE (13e6fe51-d478-4c7e-b0f2-6da9b400a829)	Sigma-Rules	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	1