Skip to content

Hide Navigation Hide TOC

Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312)

Enforce binary and application integrity with digital signature verification to prevent untrusted code from executing.

Cluster A Galaxy A Cluster B Galaxy B Level
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern 1
Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) Attack Pattern 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) Attack Pattern 1
Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action Implant Internal Image - T1525 (4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f) Attack Pattern 1
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Code Signing - M1045 (590777b3-b475-4c7c-aaf8-f4a73b140312) Course of Action 1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 2
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern 2
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) Attack Pattern 2
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) Attack Pattern 2
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern 2