Show in Graph
Common Information
Type Value
Value 
Code Signing - T1116
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) However, adversaries are known to use code signing certificates to masquerade malware and tools as legitimate binaries (Citation: Janicab). The certificates used during an operation may be created, forged, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Code signing to verify software on first run can be used on modern Windows and macOS/OS X systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing) Code signing certificates may be used to bypass security policies that require signed code to execute on a system. Detection: Collect and analyze signing certificate metadata on software that executes within the environment to look for unusual certificate characteristics and outliers. Platforms: Windows, macOS Data Sources: Binary file metadata Defense Bypassed: Windows User Account Control
Details Published Attributes CTI Title
Details Website 2023-04-19 11 MacOS Targeted by LockBit Ransomware
Details Website 2023-04-16 51 The LockBit ransomware (kinda) comes for macOS
Details Website 2023-04-13 14 These Are The Drivers You Are Looking For: Detect and Prevent Malicious Drivers
Details Website 2023-04-07 1 Cyber Security Today, Week in Review for the week ending Friday, April 7, 2023 | IT World Canada News
Details Website 2023-04-06 32 Gatekeeping in macOS: Keeping adversaries off our Apples
Details Website 2023-04-03 1 Step -By-Step Procedure To Set Up An Enterprise Root CA On Windows Server
Details Website 2023-04-02 22 Apk.Sh - Makes Reverse Engineering Android Apps Easier, Automating Some Repetitive Tasks Like Pulling, Decoding, Rebuilding And Patching An APK - RedPacket Security
Details Website 2023-04-01 10 Ironing out (the macOS) details of a Smooth Operator (Part II)
Details Website 2023-03-31 4 10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack
Details Website 2023-03-30 0 3CX Supply Chain Compromise - Security Intelligence | Field Effect
Details Website 2023-03-30 24 SmoothOperator Supply Chain Attack Targeting 3CX VOIP Desktop Client
Details Website 2023-03-30 0 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component 
Details Website 2023-03-29 55 SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
Details Website 2023-03-23 1 The Brass Tacks of AI and Cybersecurity
Details Website 2023-03-23 1 China-Aligned
Details Website 2023-03-23 60 New loader on the bloc - AresLoader
Details Website 2023-03-23 3 Russian hacktivists deploy new AresLoader malware via decoy installers
Details Website 2023-03-23 21 Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
Details Website 2023-03-22 19 JSAC2023 -Day 2- - JPCERT/CC Eyes
Details Website 2023-03-14 15 CertVerify - A Scanner That Files With Compromised Or Untrusted Code Signing Certificates - RedPacket Security
Details Website 2023-03-09 0 New Apple Vulnerabilities Identified: Top Takeaways from Recent Discovery - Zimperium
Details Website 2023-03-08 0 Why software transparency is critical: Understanding supply chain security in a software-driven society
Details Website 2023-03-06 3 Your Guide to Secure Code Signing: Four Steps to Get Started
Details Website 2023-03-01 138 Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding
Details Website 2023-02-28 19 Investigating MacOS with Osquery