Common Information
| Type | Value |
|---|---|
| Value |
Code Signing Certificates - T1587.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may create self-signed code signing certificates that can be used during targeting. Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted. Code signing provides a level of authenticity for a program from the developer and a guarantee that the program has not been tampered with.(Citation: Wikipedia Code Signing) Users and/or security tools may trust a signed piece of code more than an unsigned piece of code even if they don't know who issued the certificate or who the author is. Prior to [Code Signing](https://attack.mitre.org/techniques/T1553/002), adversaries may develop self-signed code signing certificates for use in operations. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-13 | 2 | PKI and CLM Insights from 2024: Preparing for a Cyber Resilient 2025 | ||
| Details | Website | 2024-11-08 | 35 | Life on a crooked RedLine: Analyzing the infamous infostealer’s backend | ||
| Details | Website | 2024-10-31 | 1 | CompTIA Security + 701 1.4 Certificates | ||
| Details | Website | 2024-10-17 | 100 | Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage | ||
| Details | Website | 2024-10-17 | 75 | APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere | ||
| Details | Website | 2024-09-16 | 1 | Code Security | ||
| Details | Website | 2024-09-12 | 8 | Standing on the Windows platform, waiting for change | ||
| Details | Website | 2024-09-09 | 25 | Exploring an Experimental Windows Kernel Rootkit in Rust | ||
| Details | Website | 2024-08-29 | 18 | Exploring the VirusTotal Dataset | An Analyst's Guide to Effective Threat Research | ||
| Details | Website | 2024-08-28 | 1 | The EV Code Signature Market for eCrime | ||
| Details | Website | 2024-08-27 | 8 | Attack tool update impairs Windows computers | ||
| Details | Website | 2024-07-30 | 6 | Deep Sea Phishing Pt. 2 | ||
| Details | Website | 2024-07-25 | 59 | How APT groups operate in Southeast Asia | ||
| Details | Website | 2024-07-18 | 26 | HotPage: Story of a signed, vulnerable, ad-injecting driver | ||
| Details | Website | 2024-07-18 | 91 | APT41 Has Arisen From the DUST | Google Cloud Blog | ||
| Details | Website | 2024-07-02 | 5 | Exploiting Cloud Secrets Management Repositories: Adversary Tactics and Mitigation Strategies | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | ||
| Details | Website | 2024-02-21 | 0 | Trend Micro and INTERPOL Join Forces Again for Operation Synergia | ||
| Details | Website | 2024-02-21 | 0 | Trend Micro and INTERPOL Join Forces Again for Operation Synergia | ||
| Details | Website | 2024-02-05 | 4 | Risky Biz News: Two Iranian cyber groups get doxed in a week | ||
| Details | Website | 2023-11-22 | 70 | Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing | ||
| Details | Website | 2023-11-22 | 69 | Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing | ||
| Details | Website | 2023-11-09 | 6 | Red Canary Mac Monitor - An Advanced, Stand-Alone System Monitoring Tool Tailor-Made For macOS Security Research - RedPacket Security | ||
| Details | Website | 2023-10-30 | 6 | Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware - RedPacket Security |