Common Information
| Type | Value |
|---|---|
| Value |
Match Legitimate Name or Location - T1036.005 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may match or approximate the name or location of legitimate files or resources when naming/placing them. This is done for the sake of evading defenses and observation. This may be done by placing an executable in a commonly trusted directory (ex: under System32) or giving it the name of a legitimate, trusted program (ex: svchost.exe). In containerized environments, this may also be done by creating a resource in a namespace that matches the naming convention of a container pod or cluster. Alternatively, a file or container image name given may be a close approximation to legitimate programs/images or something innocuous. Adversaries may also use the same icon of the file they are trying to mimic. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-11 | 6 | Threat Hunting Case Study: Uncovering Turla | ||
| Details | Website | 2024-11-07 | 114 | Detailed Analysis of TheftCalls: Impersonating Frequently Used Korean Apps | ||
| Details | Website | 2024-11-06 | 44 | GodFather Malware Targets 500 Banking & Crypto Apps Worldwide | ||
| Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-10-30 | 154 | Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T. | ||
| Details | Website | 2024-10-28 | 21 | Malware Trends Report: Q3, 2024 | ||
| Details | Website | 2024-10-28 | 51 | CloudScout: Evasive Panda scouting cloud services | ||
| Details | Website | 2024-10-22 | 21 | Malware Trends Report: Q3, 2024 | ||
| Details | Website | 2024-10-22 | 21 | Malware Trends Report: Q3, 2024 - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-10-21 | 21 | Attackers Target Exposed Docker Remote API Servers With perfctl Malware | ||
| Details | Website | 2024-10-17 | 16 | Dark Web Profile: Evil Corp - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-10-17 | 16 | Dark Web Profile: Evil Corp | ||
| Details | Website | 2024-10-14 | 55 | Hidden In Plain Sight: How ErrorFather Deploys Cerberus To Amplify Cyber Threats | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium | ||
| Details | Website | 2024-10-10 | 182 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航 | ||
| Details | Website | 2024-10-07 | 141 | Mind the (air) gap: GoldenJackal gooses government guardrails | ||
| Details | Website | 2024-10-02 | 57 | Separating the bee from the panda: CeranaKeeper making a beeline for Thailand | ||
| Details | Website | 2024-10-01 | 27 | Silent Intrusion: Unraveling The Sophisticated Attack Leveraging VS Code For Unauthorized Access - Cyble | ||
| Details | Website | 2024-09-30 | 174 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | ||
| Details | Website | 2024-09-06 | 46 | Самые интересные киберинциденты в 2023 году: внутренние угрозы и многое другое | ||
| Details | Website | 2024-09-03 | 46 | Most interesting IR cases in 2023: insider threats and more | ||
| Details | Website | 2024-08-26 | 30 | Threat Intelligence Report 20th August – 26th August 2024 | ||
| Details | Website | 2024-08-08 | 7 | Exfiltration Tools - ReliaQuest | ||
| Details | Website | 2024-07-29 | 20 | Attackers (Crowd)Strike with Infostealer Malware - Perception Point |