Show in Graph
Common Information
Type Value
Value 
Code Signing - T1553.002
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) The certificates used during an operation may be created, acquired, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Unlike [Invalid Code Signature](https://attack.mitre.org/techniques/T1036/001), this activity will result in a valid signature. Code signing to verify software on first run can be used on modern Windows and macOS systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)(Citation: EclecticLightChecksonEXECodeSigning) Code signing certificates may be used to bypass security policies that require signed code to execute on a system.
Details Published Attributes CTI Title
Details Website 2023-04-20 72 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant
Details Website 2023-04-19 2 How to use "bring your own vulnerable driver" (BYOVD) technique to kill/evade Antivirus or EDR
Details Website 2023-04-19 11 MacOS Targeted by LockBit Ransomware
Details Website 2023-04-16 51 The LockBit ransomware (kinda) comes for macOS
Details Website 2023-04-13 14 These Are The Drivers You Are Looking For: Detect and Prevent Malicious Drivers
Details Website 2023-04-07 1 Cyber Security Today, Week in Review for the week ending Friday, April 7, 2023 | IT World Canada News
Details Website 2023-04-06 32 Gatekeeping in macOS: Keeping adversaries off our Apples
Details Website 2023-04-03 1 Step -By-Step Procedure To Set Up An Enterprise Root CA On Windows Server
Details Website 2023-04-02 22 Apk.Sh - Makes Reverse Engineering Android Apps Easier, Automating Some Repetitive Tasks Like Pulling, Decoding, Rebuilding And Patching An APK - RedPacket Security
Details Website 2023-04-01 10 Ironing out (the macOS) details of a Smooth Operator (Part II)
Details Website 2023-03-31 4 10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack
Details Website 2023-03-30 0 3CX Supply Chain Compromise - Security Intelligence | Field Effect
Details Website 2023-03-30 24 SmoothOperator Supply Chain Attack Targeting 3CX VOIP Desktop Client
Details Website 2023-03-30 0 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component 
Details Website 2023-03-29 55 SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
Details Website 2023-03-23 1 The Brass Tacks of AI and Cybersecurity
Details Website 2023-03-23 1 China-Aligned
Details Website 2023-03-23 60 New loader on the bloc - AresLoader
Details Website 2023-03-23 3 Russian hacktivists deploy new AresLoader malware via decoy installers
Details Website 2023-03-23 21 Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
Details Website 2023-03-22 19 JSAC2023 -Day 2- - JPCERT/CC Eyes
Details Website 2023-03-14 15 CertVerify - A Scanner That Files With Compromised Or Untrusted Code Signing Certificates - RedPacket Security
Details Website 2023-03-09 0 New Apple Vulnerabilities Identified: Top Takeaways from Recent Discovery - Zimperium
Details Website 2023-03-08 0 Why software transparency is critical: Understanding supply chain security in a software-driven society
Details Website 2023-03-06 3 Your Guide to Secure Code Signing: Four Steps to Get Started