Common Information
| Type | Value |
|---|---|
| Value |
Code Signing - T1553.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) The certificates used during an operation may be created, acquired, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Unlike [Invalid Code Signature](https://attack.mitre.org/techniques/T1036/001), this activity will result in a valid signature. Code signing to verify software on first run can be used on modern Windows and macOS systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)(Citation: EclecticLightChecksonEXECodeSigning) Code signing certificates may be used to bypass security policies that require signed code to execute on a system. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-16 | 6 | Fake AI video generators infect Windows, macOS with infostealers | ||
| Details | Website | 2024-11-13 | 2 | PKI and CLM Insights from 2024: Preparing for a Cyber Resilient 2025 | ||
| Details | Website | 2024-11-08 | 35 | Life on a crooked RedLine: Analyzing the infamous infostealer’s backend | ||
| Details | Website | 2024-11-07 | 86 | BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence | ||
| Details | Website | 2024-11-07 | 66 | European diplomats targeted by APT29 (Cozy Bear) with WINELOADER | ||
| Details | Website | 2024-11-07 | 0 | Tech Analysis: CrowdStrike's Kernel Access and Security Architecture | ||
| Details | Website | 2024-11-03 | 54 | Coinminer - Malware Analysis | ||
| Details | Website | 2024-10-31 | 0 | CompTIA Security + 701 1.4 Public Key Infrastructure (PKI) | ||
| Details | Website | 2024-10-31 | 17 | Building a Robust Windows Service for Malware and Ransomware Protection | ||
| Details | Website | 2024-10-30 | 15 | Jumpy Pisces Engages in Play Ransomware | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-30 | 0 | Apple Intelligence & Private Cloud Compute: Meet Unique Security | ||
| Details | Website | 2024-10-24 | 2 | Securing Turbine Data Systems: The Latest in Cybersecurity Measures | ||
| Details | Website | 2024-10-22 | 1 | Who is Jia Tan? What is a supply chain? Why? | ||
| Details | Website | 2024-10-21 | 0 | Cybersecurity Awareness Month Quotes from Industry Experts in 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-18 | 8 | ESET partner breached to send data wipers to Israeli orgs | ||
| Details | Website | 2024-10-17 | 100 | Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage | ||
| Details | Website | 2024-10-17 | 75 | APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere | ||
| Details | Website | 2024-10-11 | 93 | HijackLoader evolution: abusing genuine signing certificates | ||
| Details | Website | 2024-10-10 | 15 | Jumpy Pisces Engages in Play Ransomware | ||
| Details | Website | 2024-10-08 | 72 | Re-creating the Snake Rootkit Part 007: Rootkit Installation | ||
| Details | Website | 2024-10-08 | 7 | EKUwu: Not just another AD CS ESC | ||
| Details | Website | 2024-09-30 | 1 | Supply Chain Attacks: The Next Frontier in Cybersecurity Threats | ||
| Details | Website | 2024-09-23 | 7 | HP Wolf Security Threat Insights Report: September 2024 | HP Wolf Security | ||
| Details | Website | 2024-09-23 | 120 | Inside SnipBot: The Latest RomCom Malware Variant | ||
| Details | Website | 2024-09-11 | 23 | Toneshell Backdoor Used to Target Attendees of the IISS Defence Summit |