Tag
This rule identifies unusual Windows processes connecting to domains using known free SSL certificates such as Let's Encrypt, which adversaries may use to conceal command and control traffic.