Acquire or compromise 3rd party signing certificates

Code signing is the process of digitally signing executables or scripts to confirm the software author and guarantee that the code has not been altered or corrupted. Users may trust a signed piece of code more than an unsigned piece of code even if they don't know who issued the certificate or who the author is. [1]

ID: T1310
Sub-techniques:  No sub-techniques
Tactic: Adversary Opsec
Version: 1.0
Created: 14 December 2017
Last Modified: 19 February 2019

Similar Techniques by Tactic

Tactic Technique
Establish & Maintain Infrastructure Acquire or compromise 3rd party signing certificates


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defender will not know what certificates an adversary acquires from a 3rd party. Defender will not know prior to public disclosure if a 3rd party has had their certificate compromised.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: It is trivial to purchase code signing certificates within an organization; many exist and are available at reasonable cost. It is complex to factor or steal 3rd party code signing certificates for use in malicious mechanisms


  1. Brad Arkin. (2012, September 27). Inappropriate Use of Adobe Code Signing Certificate. Retrieved March 28, 2017.