Home
ATT&CK Techniques
T1218 Signed Binary Proxy Execution

T1218 Signed Binary Proxy Execution Mappings

Adversaries may bypass process and/or signature-based defenses by proxying execution of malicious content with signed binaries. Binaries signed with trusted digital certificates can execute on Windows systems protected by digital signature validation. Several Microsoft signed binaries that are default on Windows installations can be used to proxy execution of other files.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
chronicle	Chronicle	technique_scores	T1218	Signed Binary Proxy Execution

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1218.003	CMSTP	1
T1218.005	Mshta	1
T1218.010	Regsvr32	1