Suspicious CertReq Command to Download (4480827a-9799-4232-b2c4-ccc6c4e9e12b)
Detects a suspicious CertReq execution downloading a file. This behavior is often used by attackers to download additional payloads or configuration files. Certreq is a built-in Windows utility used to request and retrieve certificates from a certification authority (CA). However, it can be abused by threat actors for malicious purposes.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) | Attack Pattern | Suspicious CertReq Command to Download (4480827a-9799-4232-b2c4-ccc6c4e9e12b) | Sigma-Rules | 1 |