Suspicious File Encoded To Base64 Via Certutil.EXE (ea0cdc3e-2239-4f26-a947-4e8f8224e464)
Detects the execution of certutil with the "encode" flag to encode a file to base64 where the extensions of the file is suspicious
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) | Attack Pattern | Suspicious File Encoded To Base64 Via Certutil.EXE (ea0cdc3e-2239-4f26-a947-4e8f8224e464) | Sigma-Rules | 1 |