ioc[.]one - OSINT Cyber Threat Intelligence Database

LetsDefend SA Event ID: 113, SOC163 — Suspicious Certutil.exe Usage

Tags

attack-pattern:

Data Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Ip Addresses - T1590.005 Malicious File - T1204.002 Powershell - T1059.001 Python - T1059.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	a576d261-ad47-4dbb-b5e5-3eff7aa612e7
Fingerprint	16a4b9cb0a37ab02
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 30, 2024, 5:37 a.m.
Added to db	Sept. 30, 2024, 7:47 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	LetsDefend SA Event ID: 113, SOC163 — Suspicious Certutil.exe Usage
Title	LetsDefend SA Event ID: 113, SOC163 — Suspicious Certutil.exe Usage
Detected Hints/Tags/Attributes	37/1/17

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@abalonpsalmer/letsdefend-sa-event-id-113-soc163-suspicious-certutil-exe-usage-33b2a65ee0b2?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	3		windows-exploit-suggester.py
Details	Domain	258		nmap.org
Details	Domain	4		nmap.zip
Details	Domain	5		check.py
Details	File	226		certutil.exe
Details	File	1		92-setup.exe
Details	File	4		windows-exploit-suggester.py
Details	File	3		nmap.zip
Details	File	4		check.py
Details	File	1208		powershell.exe
Details	Github username	2		aoncyberlabs
Details	IPv4	3		172.16.17.22
Details	IPv4	124		192.168.0.0
Details	IPv4	2		185.199.109.133
Details	IPv4	2		45.33.49.119
Details	Url	1		https://nmap.org/dist/nmap-7.92-setup.exe
Details	Url	2		https://raw.githubusercontent.com/aoncyberlabs/windows-exploit-suggester/master/windows-exploit-suggester.py