Skip to content

Hide Navigation Hide TOC

Suspicious Download Via Certutil.EXE (19b08b1c-861d-4e75-a1ef-ea0c1baf202b)

Detects the execution of certutil with certain flags that allow the utility to download files.

Cluster A Galaxy A Cluster B Galaxy B Level
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Suspicious Download Via Certutil.EXE (19b08b1c-861d-4e75-a1ef-ea0c1baf202b) Sigma-Rules 1
Suspicious Download Via Certutil.EXE (19b08b1c-861d-4e75-a1ef-ea0c1baf202b) Sigma-Rules Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1