Install Root Certificate

[mr-tz]

https://attack.mitre.org/techniques/T1553/004/

williballenthin: https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-2.html

certmgr.exe localMachine localMachineTrustedPublisher

[recvfrom]

It might make sense to cover the Windows API equivalents as part of this as well...

and:

• CertOpenSystemStore or CertOpenStore
• "ROOT" or L"ROOT"
• CertAddCertificateContextToStore or CertAddSerializedElementToStore
• (optional) CertFreeCertificateContext and/or CertCloseStore

references:

• https://github.com/Insomnihack/Insomnihack-2018/blob/master/StrikeBack/Malware/malware/malware.cpp#L38-L43
• https://github.com/jjzhang166/antivirus/blob/3752a3b20e1a8390f0889f6192ee6b851e99e8a4/Mail/Interceptors/TrafficMonitor2/wincript/AddCertificate.cpp#L21-L46
• https://github.com/Grukz/Malware-Samples-1/blob/156228f3e5682cc88d9c30074f4e866ed3168ad9/Carberp%20Botnet/source%20-%20absource/pro/all%20source/sert/sert.cpp#L121-L124