T1553.002 - Code Signing
Sub-technique
Tattiche:
Defense Evasion
Defense Evasion
Piattaforme:
macOS Windows
macOS Windows
Rilevamento:
Not specified
Not specified
Description:
Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. (Citation: Wikipedia Code Signing) The certificates used during an operation may be created, acquired, or stolen by the adversary. (Citation: Securelist Digital Certificates) (Citation: Symantec Digital Certificates) Unlike [Invalid Code Signature](https://attack.mitre.org/techniques/T1036/001), this activity will result in a valid signature.
Code signing to verify software on first run can be used on modern Windows and macOS systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)(Citation: EclecticLightChecksonEXECodeSigning)
Code signing certificates may be used to bypass security policies that require signed code to execute on a system.
Code signing to verify software on first run can be used on modern Windows and macOS systems. It is not used on Linux due to the decentralized nature of the platform. (Citation: Wikipedia Code Signing)(Citation: EclecticLightChecksonEXECodeSigning)
Code signing certificates may be used to bypass security policies that require signed code to execute on a system.
Usato da Attori (20)
DarkHotel
Nation-state
Nation-state
FIN7
Criminal
Criminal
Lazarus Group
Nation-state
Nation-state
FIN6
Unknown
Unknown
OilRig
Nation-state
Nation-state
Molerats
Nation-state
Nation-state
PROMETHIUM
Unknown
Unknown
CopyKittens
Nation-state
Nation-state
Kimsuky
Nation-state
Nation-state
MUSTANG PANDA
Nation-state
Nation-state
TA505
Unknown
Unknown
WIZARD SPIDER
Nation-state
Nation-state
APT41
Nation-state
Nation-state
GALLIUM
Unknown
Unknown
Scattered Spider
Unknown
Unknown
LuminousMoth
Unknown
Unknown
Medusa Group
Unknown
Unknown
Daggerfly
Unknown
Unknown
Suckfly
Unknown
Unknown
Silence
Unknown
Unknown
Malware (20)
TrickBot other
BLINDINGCAN other
Stuxnet other
PAKLOG other
StrongPity other
Janicab other
TONESHELL other
Ecipekac other
BOOKWORM other
STATICPLUGIN other
GreyEnergy other
PUBLOAD other
CHIMNEYSWEEP other
BOOSTWRITE other
SpicyOmelette other
LockerGoga other
Anchor other
SplatDropper other
Lumma Stealer other
Epic other
Metadata
| MITRE ID: | T1553.002 |
| STIX ID: | attack-pattern--32901740-b42c-... |
| Piattaforme: | macOS, Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |