EXPLORE
Sign In
← Back to Explore
T1553.002

Code Signing

Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) The certificates used during an operation may be created, acquired, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Unlike [Invalid Code Signature](https://attack.mi...

macOSWindows
3
Detections
2
Sources
26
Threat Actors

BY SOURCE

2elastic1sigma

PROCEDURES (2)

General Monitoring2 detections

Auto-extracted: 2 detections for general monitoring

Kernel Monitoring1 detections

Auto-extracted: 1 detections for kernel monitoring

THREAT ACTORS (26)

APT41CopyKittensDaggerflyDarkhotelFIN6FIN7GALLIUMKimsukyLazarus GroupLeviathanLuminousMothMedusa GroupmenuPassMoleratsMoses StaffMustang PandaOilRigPatchworkPROMETHIUMSaint BearScattered SpiderSilenceSuckflyTA505Winnti GroupWizard Spider

DETECTIONS (3)

Expired or Revoked Driver Loaded
elasticmedium
Potential Secure Deletion with SDelete
sigmamedium
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601 - CurveBall)
elasticlow