Common Information
| Type | Value |
|---|---|
| Value |
Code Signing - T1553.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) The certificates used during an operation may be created, acquired, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Unlike [Invalid Code Signature](https://attack.mitre.org/techniques/T1036/001), this activity will result in a valid signature. Code signing to verify software on first run can be used on modern Windows and macOS systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)(Citation: EclecticLightChecksonEXECodeSigning) Code signing certificates may be used to bypass security policies that require signed code to execute on a system. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-06-07 | 0 | How Customer Red Team Testing Improves Red Canary | ||
| Details | Website | 2022-06-02 | 99 | To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant | ||
| Details | Website | 2022-05-17 | 679 | Space Pirates: analyzing the tools and connections of a new hacker group | ||
| Details | Website | 2022-05-06 | 58 | 又見 REvil?!看駭客如何利用 REvil 同款加密勒索程式湮滅攻擊證據 - TeamT5 | ||
| Details | Website | 2022-04-12 | 57 | Demystifying iOS Code Signature | ||
| Details | Website | 2022-04-09 | 85 | New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns | ||
| Details | Website | 2022-04-06 | 0 | LAPSUS$ TTPs | ||
| Details | Website | 2022-03-25 | 4 | Purple Fox Uses New Arrival Vector and Improves Malware Arsenal | ||
| Details | Website | 2022-03-25 | 4 | Purple Fox Uses New Arrival Vector and Improves Malware Arsenal | ||
| Details | Website | 2022-03-17 | 6 | Jamf Threat Labs identifies Safari vulnerability (CVE-2022-22616) allowing for Gatekeeper bypass | ||
| Details | Website | 2022-02-24 | 0 | New Wiper Malware Targeting Ukraine Amid Russia's Military Operation | ||
| Details | Website | 2022-02-23 | 314 | (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware | Mandiant | ||
| Details | Website | 2022-02-23 | 40 | HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine | ||
| Details | Website | 2022-02-21 | 24 | Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network | ||
| Details | Website | 2022-02-01 | 96 | SEO Poisoning to Distribute BATLOADER and Atera Agent | ||
| Details | Website | 2022-01-13 | 34 | Threat Thursday: Jupyter Infostealer is a Master of Disguise | ||
| Details | Website | 2022-01-01 | 30 | Threat Report | ||
| Details | Website | 2021-12-24 | 3 | New BLISTER Malware Using Code Signing Certificates to Evade Detection | ||
| Details | Website | 2021-12-22 | 30 | BLISTER malware campaign discovered | ||
| Details | Website | 2021-12-10 | 3 | New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes | ||
| Details | Website | 2021-12-06 | 36 | 20+ Ways To Bypass Your Macos Privacy Mechanisms | ||
| Details | Website | 2021-11-19 | 43 | Corporate Loader "Emotet": History of "X" Project Return for Ransomware | ||
| Details | Website | 2021-10-19 | 12 | How a simple Linux kernel memory corruption bug can lead to complete system compromise | ||
| Details | Website | 2021-10-12 | 9 | Cobalt Strike | Defining Cobalt Strike Components & BEACON | ||
| Details | Website | 2021-10-11 | 0 | How Quantum Computers Can Impact Security |