LetsDefend Monitoring Alert
Suspicious Certutil.exe Usage
Mar, 01, 2022, 11:06 AM
Event ID: 113
Event Time: Mar, 01, 2022, 11:06 AM
Rule Name: SOC163 - Suspicious Certutil.exe Usage
Alert Type: LOLBin
MITRE Technique:
T1595 - Discovery - Active Scanning,
T1059 - Execution - Command and Scripting Interpreter,
T1105 - Command and Control - Ingress Tool Transfer,
Severity: Medium
Security Analyst