Skip to content

Hide Navigation Hide TOC

Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE (42a5f1e7-9603-4f6d-97ae-3f37d130d794)

Detects the execution of certutil with certain flags that allow the utility to download files from file-sharing websites.

Cluster A Galaxy A Cluster B Galaxy B Level
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE (42a5f1e7-9603-4f6d-97ae-3f37d130d794) Sigma-Rules 1