MITRE ATT&CK / T1553.002
T1553.002
Code Signing
Description
Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) The certificates used during an operation may be created, acquired, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Unlike [Invalid Code Signature](https://attack.mitre.org/techniques/T1036/001), this activity will result in a valid signature.Code signing to verify software on first run can be used on modern Windows and macOS systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)(Citation: EclecticLightChecksonEXECodeSigning)Code signing certificates may be used to bypass security policies that require signed code to execute on a system.
Platforms
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- TrustFall: AI Coding Agents Exploitable with One Enter Keypress
- SHA-1 Algorithm Explained: How It Works, Step by Step
- DAEMON Tools Supply Chain Attack: Official Installers Backdoored by Suspected Chinese APT
- EDR Vendor Breach Downstream Risk: Responding When Your Security Tool Is Compromised
- DigiCert Support Portal Hacked: Stolen EV Certificates Used to Sign Zhong Stealer Malware
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →