“prove that a trusted certificate authority could never be abused. no single data source can. what censys does is prevent analysts from mistaking the presence of a legitimate trust anchor for proof of compromise. the hard part of security operations is not that every alert is an i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.003Code Signing Certificates
56%
“. by may 3, admins were reporting widespread false positives. microsoft ’ s remediation followed quickly : update defender security intelligence to version 1. 449. 430. 0 or later. microsoft q & a moderators told affected users the detection was no longer occurring after that upd…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1553.004Install Root Certificate
54%
“microsoft : digicert root certificates are malware? censys in soc triage when a certificate looks like malware on may 3, 2026, windows admins and soc analysts started seeing a scary defender alert : trojan : win32 / cerdigent. a! dha. the alert kept coming back. quick scans did n…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.004Digital Certificates
52%
“microsoft : digicert root certificates are malware? censys in soc triage when a certificate looks like malware on may 3, 2026, windows admins and soc analysts started seeing a scary defender alert : trojan : win32 / cerdigent. a! dha. the alert kept coming back. quick scans did n…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1649Steal or Forge Authentication Certificates
41%
“microsoft : digicert root certificates are malware? censys in soc triage when a certificate looks like malware on may 3, 2026, windows admins and soc analysts started seeing a scary defender alert : trojan : win32 / cerdigent. a! dha. the alert kept coming back. quick scans did n…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.004Digital Certificates
36%
“and scan - observation data. for this incident, a soc could use censys to quickly answer : what are these hashes? legitimate digicert root certificates. are they revoked? no. are they ca certificates? yes. do major trust stores recognize them? yes, with some store - specific nuan…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.003Code Signing Certificates
35%
“and scan - observation data. for this incident, a soc could use censys to quickly answer : what are these hashes? legitimate digicert root certificates. are they revoked? no. are they ca certificates? yes. do major trust stores recognize them? yes, with some store - specific nuan…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.004Digital Certificates
33%
“. by may 3, admins were reporting widespread false positives. microsoft ’ s remediation followed quickly : update defender security intelligence to version 1. 449. 430. 0 or later. microsoft q & a moderators told affected users the detection was no longer occurring after that upd…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
When a Certificate Looks Like Malware On May 3, 2026, Windows admins and SOC analysts started seeing a scary Defender alert: Trojan:Win32/Cerdigent.A!dha. The alert kept coming back. Quick scans did not clear it. Offline scans did not provide answers. Some users saw the same detection across multiple machines at nearly the same time. Others reported […]