Common Information
| Type | Value |
|---|---|
| Value |
Code Signing - T1116 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) However, adversaries are known to use code signing certificates to masquerade malware and tools as legitimate binaries (Citation: Janicab). The certificates used during an operation may be created, forged, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Code signing to verify software on first run can be used on modern Windows and macOS/OS X systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing) Code signing certificates may be used to bypass security policies that require signed code to execute on a system. Detection: Collect and analyze signing certificate metadata on software that executes within the environment to look for unusual certificate characteristics and outliers. Platforms: Windows, macOS Data Sources: Binary file metadata Defense Bypassed: Windows User Account Control |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-08-09 | 1 | China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign | ||
| Details | Website | 2023-08-08 | 1 | RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale | Recorded Future | ||
| Details | Website | 2023-08-06 | 0 | Supply Chain Attacks in OT Environments: Safeguarding Against Hidden Threats | ||
| Details | Website | 2023-08-04 | 2 | 8 Black Hat sessions you don’t want to miss | ||
| Details | Website | 2023-08-03 | 0 | What are the top LLM security risks of AI? | ||
| Details | Website | 2023-08-02 | 31 | Investigating Intrusions From Intriguing Exploits | ||
| Details | Website | 2023-08-01 | 0 | Securing IoT Devices from Cybersecurity Threats: Securing the Internet of Things. | ||
| Details | Website | 2023-07-31 | 4 | Rewterz Threat Alert – Bitter APT Group – Active IOCs | ||
| Details | Website | 2023-07-30 | 4 | Analysis on DarkSide Ransomware — Part 1 | ||
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector | ||
| Details | Website | 2023-07-25 | 6 | APT Profile: Kimsuky - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2023-07-23 | 4 | Create and Deploy Signed WDAC Windows Defender Policy | ||
| Details | Website | 2023-07-23 | 6 | WDAC policy for BYOVD Kernel mode only protection | ||
| Details | Website | 2023-07-19 | 434 | Want to make sure inherited laptop is clean of viruses, malware - Virus, Trojan, Spyware, and Malware Removal Help | ||
| Details | Website | 2023-07-18 | 12 | What Are LOLBins? - SOC Prime | ||
| Details | Website | 2023-07-18 | 1 | Identify Suspicious or Tampered Files Faster with Digital Signatures | ||
| Details | Website | 2023-07-13 | 1 | Malicious Microsoft Drivers Could Number in the Thousands: Cisco Talos | ||
| Details | Website | 2023-07-12 | 0 | Hackers exploit Windows policy to load malicious kernel drivers - RedPacket Security | ||
| Details | Website | 2023-07-12 | 0 | AWS Security Pillar: A Well-Architected Cloud Environment | ||
| Details | Website | 2023-07-11 | 2 | Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures | ||
| Details | Website | 2023-07-11 | 2 | Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures - RedPacket Security | ||
| Details | Website | 2023-07-11 | 3 | Protecting Digital Signatures | ||
| Details | Website | 2023-07-11 | 0 | Hackers exploit Windows policy to load malicious kernel drivers | ||
| Details | Website | 2023-07-11 | 0 | Hackers exploit Windows policy to load malicious kernel drivers | ||
| Details | Website | 2023-07-11 | 19 | Hunting for A New Stealthy Universal Rootkit Loader |