Common Information
| Type | Value |
|---|---|
| Value |
Code Signing - T1116 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) However, adversaries are known to use code signing certificates to masquerade malware and tools as legitimate binaries (Citation: Janicab). The certificates used during an operation may be created, forged, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Code signing to verify software on first run can be used on modern Windows and macOS/OS X systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing) Code signing certificates may be used to bypass security policies that require signed code to execute on a system. Detection: Collect and analyze signing certificate metadata on software that executes within the environment to look for unusual certificate characteristics and outliers. Platforms: Windows, macOS Data Sources: Binary file metadata Defense Bypassed: Windows User Account Control |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-11-22 | 70 | Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing | ||
| Details | Website | 2023-11-22 | 69 | Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing | ||
| Details | Website | 2023-11-20 | 0 | Kaspersky's Advanced Persistent Threats Predictions for 2024 | ||
| Details | Website | 2023-11-15 | 44 | GPT vs Malware Analysis: Challenges and Mitigations - Check Point Research | ||
| Details | Website | 2023-11-13 | 9 | Rewterz Threat Alert – Bitter APT Group – Active IOCs | ||
| Details | Website | 2023-11-09 | 6 | Red Canary Mac Monitor - An Advanced, Stand-Alone System Monitoring Tool Tailor-Made For macOS Security Research - RedPacket Security | ||
| Details | Website | 2023-11-01 | 2 | 8 ANY.RUN Features you Need to Know About - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2023-10-26 | 0 | Increasing transparency in AI security | ||
| Details | Website | 2023-10-25 | 6 | Rewterz Threat Alert – Bitter APT Group – Active IOCs | ||
| Details | Website | 2023-10-23 | 273 | Red Team Tools | ||
| Details | Website | 2023-10-13 | 24 | An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit | ||
| Details | Website | 2023-10-02 | 3 | swampUP 2023 Sessions Spotlight | ||
| Details | Website | 2023-09-27 | 1 | macOS Threat Hunting: Unraveling RustBucket Malware Tactics | ||
| Details | Website | 2023-09-27 | 27 | FakeBat Impersonates Midjourney, ChatGPT in Drive-by Cyberattacks | ||
| Details | Website | 2023-09-20 | 2 | LUCR-3: Scattered Spider Getting SaaS-y in the Cloud | ||
| Details | Website | 2023-09-13 | 31 | RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware | ||
| Details | Website | 2023-09-13 | 37 | RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware | ||
| Details | Website | 2023-09-08 | 2 | Secure Software Implementation in OWASP SAMM | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-20 | 70 | Bluepurple Pulse: week ending August 20th | ||
| Details | Website | 2023-08-17 | 84 | Scattered Spider: The Modus Operandi | ||
| Details | Website | 2023-08-15 | 4 | From Direct to Distant: The Challenge of Third and Fourth-Party Digital Risk Management | ||
| Details | Website | 2023-08-11 | 39 | Stealthy Malicious MSI Loader - Overlapping Technique and Infrastructure with BatLoader - CYFIRMA | ||
| Details | Website | 2023-08-10 | 0 | The CIA Triad & The Triple-A Model | ||
| Details | Website | 2023-08-09 | 1 | China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign |