File Encoded To Base64 Via Certutil.EXE (e62a9f0c-ca1e-46b2-85d5-a6da77f86d1a)
Detects the execution of certutil with the "encode" flag to encode a file to base64. This can be abused by threat actors and attackers for data exfiltration
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) | Attack Pattern | File Encoded To Base64 Via Certutil.EXE (e62a9f0c-ca1e-46b2-85d5-a6da77f86d1a) | Sigma-Rules | 1 |