Certificate Exported Via Certutil.EXE (3ffd6f51-e6c1-47b7-94b4-c1e61d4117c5)
Detects the execution of the certutil with the "exportPFX" flag which allows the utility to export certificates.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) | Attack Pattern | Certificate Exported Via Certutil.EXE (3ffd6f51-e6c1-47b7-94b4-c1e61d4117c5) | Sigma-Rules | 1 |