MITRE ATT&CK / T1036
T1036
Masquerading
Description
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.Renaming abusable system utilities to evade security monitoring is also a form of [Masquerading](https://attack.mitre.org/techniques/T1036).(Citation: LOLBAS Main Site)
Platforms
Mitigations
- M1047 — Audit
- M1018 — User Account Management
- M1017 — User Training
- M1045 — Code Signing
- M1040 — Behavior Prevention on Endpoint
- M1022 — Restrict File and Directory Permissions
- M1049 — Antivirus/Antimalware
- M1038 — Execution Prevention
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- JDownloader Site Hacked, Installers Swapped with Python RAT Malware
- MuddyWater Uses Chaos Ransomware as False Flag in Microsoft Teams Espionage Campaign
- VENOMOUS#HELPER RMM Detection: Stop SimpleHelp and ScreenConnect Backdoors
- Ruby Gem Supply Chain Attack Detection: CI Checklist for Sleeper Packages
- Fast16 Malware Reverse-Engineering: State-Sponsored Computation Sabotage Analysis
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →