I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware
Soon after the initial discovery, Mandiant observed a POORTRY driver sample signed with a Microsoft Windows Hardware Compatibility Authenticode signature. ... The connection between the POORTRY sample, the attestation certificate, and the numerous legitimate samples signed with this certificate led Mandiant to assess with high confidence that this malware was verified via the Windows Hardware Compatibility process. Malware: SOGU, POORTRY, TEMPLESHOT, STONESTOP [View Article](https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware)