LetsDefend Monitoring Alert

Suspicious Certutil.exe Usage

Mar, 01, 2022, 11:06 AM

Event ID: 113

Event Time: Mar, 01, 2022, 11:06 AM

Rule Name: SOC163 - Suspicious Certutil.exe Usage

Alert Type: LOLBin

MITRE Technique:
T1595 - Discovery - Active Scanning,
T1059 - Execution - Command and Scripting Interpreter,
T1105 - Command and Control - Ingress Tool Transfer,

Severity: Medium

Security Analyst

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166