Common Information
| Type | Value |
|---|---|
| Value |
Code Signing - T1553.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) The certificates used during an operation may be created, acquired, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Unlike [Invalid Code Signature](https://attack.mitre.org/techniques/T1036/001), this activity will result in a valid signature. Code signing to verify software on first run can be used on modern Windows and macOS systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)(Citation: EclecticLightChecksonEXECodeSigning) Code signing certificates may be used to bypass security policies that require signed code to execute on a system. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2018-05-18 | 8 | RSA NetWitness Endpoint Content - Dashboards, Meta Groups, ESA Rules | ||
| Details | Website | 2018-05-18 | 8 | RSA NetWitness Endpoint Insights - Scan Data Reports (Now in RSA Live!) | ||
| Details | Website | 2018-05-15 | 12 | Most Important Security Tools and Resources For Security Researcher, Malware Analyst, Reverse Engineer | ||
| Details | Website | 2018-05-03 | 10 | Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers | ||
| Details | Website | 2018-04-12 | 7 | Windows IIS 6.0 CVE-2017-7269 is Targeted Again to Mine Electroneum | F5 Labs | ||
| Details | Website | 2018-04-05 | 2 | Understanding Code Signing Abuse in Malware Campaigns | ||
| Details | Website | 2018-03-02 | 70 | McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups | McAfee Blog | ||
| Details | Website | 2018-02-22 | 1 | The Use of Counterfeit Code Signing Certificates Is on the Rise | ||
| Details | Website | 2018-02-21 | 0 | Rambus talks IoT security with Semiconductor Engineering | ||
| Details | Website | 2018-02-20 | 2 | Security Alert: Attackers Using Script Injection to Spread Bitcoin-Mining Malware | ||
| Details | Website | 2017-12-07 | 4 | The Jailbreaking Community Is Bracing for Google to Publicly Drop an iPhone Exploit | ||
| Details | Website | 2017-11-14 | 3 | APT Trends report Q3 2017 | Securelist | ||
| Details | Website | 2017-10-20 | 0 | Wi-Fi is hacked and so are your IoT devices? | ||
| Details | Website | 2017-10-10 | 10 | Tracking a stolen code-signing certificate with osquery | ||
| Details | Website | 2017-08-30 | 31 | Introducing WhiteBear | ||
| Details | Website | 2017-08-23 | 16 | Bypassing VirtualBox Process Hardening on Windows | ||
| Details | Website | 2017-08-08 | 21 | WTF is Mughthesec!? Poking on a Piece of Undetected Adware | ||
| Details | Website | 2017-07-24 | 24 | Real News, Fake Flash: Mac OS X Users Targeted | Volexity | ||
| Details | Website | 2017-07-19 | 0 | Break your own product, and break it hard - F-Secure Blog | ||
| Details | Website | 2017-07-12 | 0 | Could ‘Right to Repair’ heighten the risk for IoT and smart devices? | Pen Test Partners | ||
| Details | Website | 2017-06-29 | 26 | NotPetya Ransomware Attack [Technical Analysis] | ||
| Details | Website | 2017-06-02 | 12 | Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads | Mandiant | ||
| Details | Website | 2017-05-01 | 6 | Another OSX.Dok dropper found installing new backdoor | Malwarebytes Labs | ||
| Details | Website | 2017-04-03 | 6 | Defeating Device Guard: A look into CVE-2017-0007 | ||
| Details | Website | 2017-03-24 | 4 | Deconstructing Code Signing: how to get the certificate, sign a code and verify signatures? | CQURE Academy |