Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
30 Days |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Attackers may use signed executables by less known vendors to bypass security features.
Attacker's Goals
Adversaries may use signed binaries to bypass security features.
Investigative actions
Check if this is legitimate software installed by a legitimate user and intentionally.
Variations
Rare signature signed forensic tool remotely executed in the networkRare signature signed forensic tool executed in the network