Show in Graph
Common Information
Type Value
Value 
Code Signing - T1116
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) However, adversaries are known to use code signing certificates to masquerade malware and tools as legitimate binaries (Citation: Janicab). The certificates used during an operation may be created, forged, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Code signing to verify software on first run can be used on modern Windows and macOS/OS X systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing) Code signing certificates may be used to bypass security policies that require signed code to execute on a system. Detection: Collect and analyze signing certificate metadata on software that executes within the environment to look for unusual certificate characteristics and outliers. Platforms: Windows, macOS Data Sources: Binary file metadata Defense Bypassed: Windows User Account Control
Details Published Attributes CTI Title
Details Website 2024-11-16 6 Fake AI video generators infect Windows, macOS with infostealers
Details Website 2024-11-13 2 PKI and CLM Insights from 2024: Preparing for a Cyber Resilient 2025
Details Website 2024-11-08 35 Life on a crooked RedLine: Analyzing the infamous infostealer’s backend
Details Website 2024-11-07 86 BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence
Details Website 2024-11-07 66 European diplomats targeted by APT29 (Cozy Bear) with WINELOADER
Details Website 2024-11-07 0 Tech Analysis: CrowdStrike's Kernel Access and Security Architecture
Details Website 2024-10-31 0 CompTIA Security + 701 1.4 Public Key Infrastructure (PKI)
Details Website 2024-10-31 17 Building a Robust Windows Service for Malware and Ransomware Protection
Details Website 2024-10-30 15 Jumpy Pisces Engages in Play Ransomware | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-10-30 0 Apple Intelligence & Private Cloud Compute: Meet Unique Security
Details Website 2024-10-24 2 Securing Turbine Data Systems: The Latest in Cybersecurity Measures
Details Website 2024-10-22 1 Who is Jia Tan? What is a supply chain? Why?
Details Website 2024-10-21 0 Cybersecurity Awareness Month Quotes from Industry Experts in 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-10-18 8 ESET partner breached to send data wipers to Israeli orgs
Details Website 2024-10-17 100 Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage
Details Website 2024-10-17 75 APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
Details Website 2024-10-11 93 HijackLoader evolution: abusing genuine signing certificates
Details Website 2024-10-10 15 Jumpy Pisces Engages in Play Ransomware
Details Website 2024-10-08 72 Re-creating the Snake Rootkit Part 007: Rootkit Installation
Details Website 2024-10-08 7 EKUwu: Not just another AD CS ESC
Details Website 2024-09-30 1 Supply Chain Attacks: The Next Frontier in Cybersecurity Threats
Details Website 2024-09-23 120 Inside SnipBot: The Latest RomCom Malware Variant
Details Website 2024-09-11 23 Toneshell Backdoor Used to Target Attendees of the IISS Defence Summit
Details Website 2024-09-09 25 Exploring an Experimental Windows Kernel Rootkit in Rust
Details Website 2024-09-09 41 Earth Preta Evolves its Attacks with New Malware and Strategies