Common Information
| Type | Value |
|---|---|
| Value |
Match Legitimate Name or Location - T1036.005 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may match or approximate the name or location of legitimate files or resources when naming/placing them. This is done for the sake of evading defenses and observation. This may be done by placing an executable in a commonly trusted directory (ex: under System32) or giving it the name of a legitimate, trusted program (ex: svchost.exe). In containerized environments, this may also be done by creating a resource in a namespace that matches the naming convention of a container pod or cluster. Alternatively, a file or container image name given may be a close approximation to legitimate programs/images or something innocuous. Adversaries may also use the same icon of the file they are trying to mimic. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-06-01 | 50 | Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage | ||
| Details | Website | 2022-05-17 | 679 | Space Pirates: analyzing the tools and connections of a new hacker group | ||
| Details | Website | 2022-04-27 | 202 | A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity | WeLiveSecurity | ||
| Details | Website | 2022-04-27 | 57 | UNC2452 Merged into APT29 | Russia-Based Espionage Group | ||
| Details | Website | 2022-03-25 | 121 | Mustang Panda’s Hodur : Vieux trucs, nouvelle variante de Korplug | WeLiveSecurity | ||
| Details | Website | 2022-02-24 | 123 | Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA | ||
| Details | Website | 2022-02-21 | 24 | Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network | ||
| Details | Website | 2022-01-18 | 158 | DoNot Go! Do not respawn! | WeLiveSecurity | ||
| Details | Website | 2021-12-14 | 56 | Tropic Trooper Targets Transportation and Government Organizations | ||
| Details | Website | 2021-12-09 | 16 | The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs | ||
| Details | Website | 2021-11-29 | 92 | ScarCruft surveilling North Korean defectors and human rights activists | ||
| Details | Website | 2021-11-15 | 93 | Exchange Exploit Leads to Domain Wide Ransomware | ||
| Details | Website | 2021-09-23 | 30 | HCRootkit / Sutersu Linux Rootkit Analysis | ||
| Details | Website | 2021-08-01 | 506 | Lazarus Group’s Mata Framework Leveraged To Deploy TFlower Ransomware | ||
| Details | Website | 2021-07-16 | 12 | REvil Ransomware Uses DLL Sideloading | McAfee Blog | ||
| Details | Website | 2021-07-05 | 79 | Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt | ||
| Details | Website | 2021-06-24 | 60 | Demystifying the full attack chain of MineBridge RAT | Zscaler | ||
| Details | Website | 2021-06-15 | 126 | Andariel evolves to target South Korea with ransomware | ||
| Details | Website | 2021-04-22 | 33 | CISA Identifies SUPERNOVA Malware During Incident Response | CISA | ||
| Details | Website | 2021-04-21 | 36 | Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03) | ||
| Details | Website | 2021-04-20 | 102 | Authentication Bypass Techniques and Pulse Secure Zero-Day | ||
| Details | Website | 2021-01-21 | 43 | Vadokrist: A wolf in sheep’s clothing | WeLiveSecurity | ||
| Details | Website | 2021-01-12 | 216 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2021-01-12 | 215 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2020-12-22 | 66 | Spicy Hot Pot Rootkit: Finding, Hunting, and Eradicating It |