Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_certutil_encode/
File Encoded To Base64 Via Certutil.EXE | Detection.FYI
Detects the execution of certutil with the
via certutil exedetection fyifileencodedbase64
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_certutil_encode_susp_location/
File In Suspicious Location Encoded To Base64 Via Certutil.EXE | Detection.FYI
Detects the execution of certutil with the
via certutil exesuspicious locationdetection fyifileencoded
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_certutil_download_direct_ip/
Suspicious File Downloaded From Direct IP Via Certutil.EXE | Detection.FYI
Detects the execution of certutil with certain flags that allow the utility to download files from direct IPs.
via certutil exesuspicious filedetection fyidownloadeddirect