Remote File Download Via Desktopimgdownldr Utility (214641c2-c579-4ecb-8427-0cf19df6842e)
Detects the desktopimgdownldr utility being used to download a remote file. An adversary may use desktopimgdownldr to download arbitrary files as an alternative to certutil.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Remote File Download Via Desktopimgdownldr Utility (214641c2-c579-4ecb-8427-0cf19df6842e) | Sigma-Rules | Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) | Attack Pattern | 1 |