Home
ATT&CK Techniques
T1553 Subvert Trust Controls

T1553 Subvert Trust Controls Mappings

Adversaries may undermine security controls that will either warn users of untrusted activity or prevent execution of untrusted programs. Operating systems and security products may contain mechanisms to identify programs or websites as possessing some level of trust. Examples of such features would include a program being allowed to run because it is signed by a valid code signing certificate, a program prompting the user with a warning because it has an attribute set from being downloaded from the Internet, or getting an indication that you are about to connect to an untrusted site.

Adversaries may attempt to subvert these trust mechanisms. The method adversaries use will depend on the specific mechanism they seek to subvert. Adversaries may conduct File and Directory Permissions Modification or Modify Registry in support of subverting these controls.(Citation: SpectorOps Subverting Trust Sept 2017) Adversaries may also create or steal code signing certificates to acquire trust on target systems.(Citation: Securelist Digital Certificates)(Citation: Symantec Digital Certificates)

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-6	Least Privilege	Protects	T1553	Subvert Trust Controls
CA-8	Penetration Testing	Protects	T1553	Subvert Trust Controls
CM-10	Software Usage Restrictions	Protects	T1553	Subvert Trust Controls
CM-2	Baseline Configuration	Protects	T1553	Subvert Trust Controls
CM-3	Configuration Change Control	Protects	T1553	Subvert Trust Controls
CM-5	Access Restrictions for Change	Protects	T1553	Subvert Trust Controls
CM-6	Configuration Settings	Protects	T1553	Subvert Trust Controls
CM-7	Least Functionality	Protects	T1553	Subvert Trust Controls
CM-8	System Component Inventory	Protects	T1553	Subvert Trust Controls
IA-7	Cryptographic Module Authentication	Protects	T1553	Subvert Trust Controls
IA-9	Service Identification and Authentication	Protects	T1553	Subvert Trust Controls
RA-9	Criticality Analysis	Protects	T1553	Subvert Trust Controls
SA-10	Developer Configuration Management	Protects	T1553	Subvert Trust Controls
SA-11	Developer Testing and Evaluation	Protects	T1553	Subvert Trust Controls
SC-34	Non-modifiable Executable Programs	Protects	T1553	Subvert Trust Controls
SI-10	Information Input Validation	Protects	T1553	Subvert Trust Controls
SI-2	Flaw Remediation	Protects	T1553	Subvert Trust Controls
SI-4	System Monitoring	Protects	T1553	Subvert Trust Controls
SI-7	Software, Firmware, and Information Integrity	Protects	T1553	Subvert Trust Controls
action.hacking.variety.Evade Defenses	Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.	related-to	T1553	Subvert Trust Controls
action.malware.variety.Disable controls	Disable or interfere with security controls	related-to	T1553	Subvert Trust Controls
action.malware.variety.Evade Defenses	Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.	related-to	T1553	Subvert Trust Controls
action.social.variety.Evade Defenses	Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.	related-to	T1553	Subvert Trust Controls

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1553.001	Gatekeeper Bypass	7
T1553.002	Code Signing	1
T1553.003	SIP and Trust Provider Hijacking	11
T1553.006	Code Signing Policy Modification	14
T1553.005	Mark-of-the-Web Bypass	7
T1553.004	Install Root Certificate	7