HackTool - Certify Execution (762f2482-ff21-4970-8939-0aa317a886bb)
Detects Certify a tool for Active Directory certificate abuse based on PE metadata characteristics and common command line arguments.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) | Attack Pattern | HackTool - Certify Execution (762f2482-ff21-4970-8939-0aa317a886bb) | Sigma-Rules | 1 |