Common Information
| Type | Value |
|---|---|
| Value |
Code Signing - T1553.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) The certificates used during an operation may be created, acquired, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Unlike [Invalid Code Signature](https://attack.mitre.org/techniques/T1036/001), this activity will result in a valid signature. Code signing to verify software on first run can be used on modern Windows and macOS systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)(Citation: EclecticLightChecksonEXECodeSigning) Code signing certificates may be used to bypass security policies that require signed code to execute on a system. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-09-26 | 2 | Free Code Signing Certificate – Where to Find One? | ||
| Details | Website | 2022-09-23 | 950 | Microsoft recommended driver block rules (Windows) - Windows security | ||
| Details | Website | 2022-09-21 | 1 | Identifying file manipulation in system files | ||
| Details | Website | 2022-09-21 | 81 | Iranian State Actors Conduct Cyber Operations Against the Government of Albania | CISA | ||
| Details | Website | 2022-09-15 | 41 | Erbium Stealer, a new Infostealer enters the scene | ||
| Details | Website | 2022-09-13 | 1 | What is Ransomware Detection? How to Detect Ransomware - SOC Prime | ||
| Details | Website | 2022-09-09 | 2 | How Do Ransomware Attacks Work? | ||
| Details | Website | 2022-09-07 | 7 | FAQ - Let's Encrypt | ||
| Details | Website | 2022-08-29 | 2 | How Cybersecurity Policy Has Changed Since the SolarWinds Attack | ||
| Details | Website | 2022-08-29 | 0 | Continuity Central | ||
| Details | Website | 2022-08-29 | 11 | Ankura CTIX FLASH Update - August 26, 2022 - Security - United States | ||
| Details | Website | 2022-08-29 | 20 | Part 1 – SingPass RASP Analysis | Romain Thomas | ||
| Details | Website | 2022-08-27 | 1 | 77% of security leaders fear we’re in perpetual cyberwar | ||
| Details | Website | 2022-08-24 | 11 | Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus | ||
| Details | Website | 2022-08-24 | 13 | Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus | ||
| Details | Website | 2022-08-23 | 3 | North Korea Cyber Threat Group ‘Lazarus’ Targets M1 Mac with Signed Executables | ||
| Details | Website | 2022-08-19 | 183 | State of the Remote Access Tools, Part 1 | ||
| Details | Website | 2022-08-10 | 138 | Cisco Talos shares insights related to recent cyber attack on Cisco | ||
| Details | Website | 2022-08-03 | 53 | Elastic Security uncovers BLISTER malware campaign — Elastic Security Labs | ||
| Details | Website | 2022-07-27 | 14 | Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits | Microsoft Security Blog | ||
| Details | Website | 2022-07-26 | 60 | Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers | Mandiant | ||
| Details | Website | 2022-07-25 | 16 | How to Inject Code into Mach-O Apps. Part II. | ||
| Details | Website | 2022-07-16 | 9 | Rootkit - Wikipedia | ||
| Details | Website | 2022-06-23 | 38 | Spyware vendor targets users in Italy and Kazakhstan | ||
| Details | Website | 2022-06-11 | 146 | Exposing HelloXD Ransomware and x4k |