T1218 Signed Binary Proxy Execution Mappings

Adversaries may bypass process and/or signature-based defenses by proxying execution of malicious content with signed binaries. Binaries signed with trusted digital certificates can execute on Windows systems protected by digital signature validation. Several Microsoft signed binaries that are default on Windows installations can be used to proxy execution of other files.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
chronicle Chronicle technique_scores T1218 Signed Binary Proxy Execution

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1218.003 CMSTP 1
T1218.005 Mshta 1
T1218.010 Regsvr32 1