Show in Graph
Common Information
Type Value
Value 
Code Signing - T1553.002
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) The certificates used during an operation may be created, acquired, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Unlike [Invalid Code Signature](https://attack.mitre.org/techniques/T1036/001), this activity will result in a valid signature. Code signing to verify software on first run can be used on modern Windows and macOS systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)(Citation: EclecticLightChecksonEXECodeSigning) Code signing certificates may be used to bypass security policies that require signed code to execute on a system.
Details Published Attributes CTI Title
Details Website 2011-10-20 4 Does Anyone Want the Source Code to Stuxnet? Come and Get It!!! (update 1)
Details Website 2011-08-23 0 Hasta La Vista, Bootkit: Exploiting the VBR | WeLiveSecurity
Details Website 2011-05-27 14 Recent Developments in Java Signed Applets | Rapid7 Blog
Details Website 2011-01-15 2 A Different Approach to ICS Security Controls and Stuxnet Mitigation Strategies
Details Website 2010-11-17 0 TDL AKA Alureon Rootkit Now Infecting 64-Bit Windows 7 Platform - Darknet - Hacking Tools, Hacker News & Cyber Security
Details Website 2010-09-23 10 BruCON 2010 : Day 0x1 | Corelan Cybersecurity Research
Details Website 2010-07-15 2 Myrtus and Guava, Episode 2
Details Website 2006-08-11 0 Windows Vista x64 Security – Pt 2 – Patchguard - Microsoft Security Blog