Common Information
| Type | Value |
|---|---|
| Value |
Rename System Utilities - T1036.003 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may rename legitimate system utilities to try to evade security mechanisms concerning the usage of those utilities. Security monitoring and control mechanisms may be in place for system utilities adversaries are capable of abusing. (Citation: LOLBAS Main Site) It may be possible to bypass those security mechanisms by renaming the utility prior to utilization (ex: rename <code>rundll32.exe</code>). (Citation: Elastic Masquerade Ball) An alternative case occurs when a legitimate utility is copied or moved to a different directory and renamed to avoid detections based on system utilities executing from non-standard paths. (Citation: F-Secure CozyDuke) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-16 | 90 | From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-28 | 21 | Malware Trends Report: Q3, 2024 | ||
| Details | Website | 2024-10-22 | 21 | Malware Trends Report: Q3, 2024 | ||
| Details | Website | 2024-10-22 | 21 | Malware Trends Report: Q3, 2024 - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-09-12 | 13 | Emulating the Persistent and Stealthy Ebury Linux Malware | ||
| Details | Website | 2024-07-29 | 20 | Attackers (Crowd)Strike with Infostealer Malware - Perception Point | ||
| Details | Website | 2023-09-15 | 816 | UNC3944: SMS Phishing, SIM Swapping, and Ransomware Attacks | ||
| Details | Website | 2023-05-22 | 141 | IcedID Macro Ends in Nokoyawa Ransomware - The DFIR Report | ||
| Details | Website | 2023-05-10 | 4 | SafeBreach Coverage for US-CERT Alert (AA23-129A) – Snake Malware | ||
| Details | Website | 2023-04-27 | 18 | SIEM Korelasyon Kuralları, Çapraz Korelasyonlar ve İleri Korelasyon | ||
| Details | Website | 2023-03-28 | 7 | Hacker’s Playbook Threat Coverage Roundup: March 28, 2023 | ||
| Details | Website | 2023-03-21 | 16 | SIEM Gerçekten Öldü mü? | ||
| Details | Website | 2023-02-27 | 49 | Kaseya ransomware attack: a cyber kill chain analysis | ||
| Details | Website | 2022-11-18 | 22 | Securonix Threat Labs Security Advisory: Qbot/QakBot Malware’s New Initial Execution Uses Grifted Regsvr32 Binary to Run DLL Payload | ||
| Details | Website | 2022-09-30 | 98 | A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion | ||
| Details | Website | 2022-06-10 | 76 | Threat Attribution — Chimera “Under the Radar” | ||
| Details | Website | 2022-02-08 | 36 | LolZarus: Lazarus Group Incorporating Lolbins into Campaigns | Qualys Security Blog | ||
| Details | Website | 2021-04-22 | 33 | CISA Identifies SUPERNOVA Malware During Incident Response | CISA | ||
| Details | Website | 2021-02-25 | 161 | Lazarus targets defense industry with ThreatNeedle | ||
| Details | Website | 2021-02-04 | 25 | Connecting the dots inside the Italian APT Landscape - Yoroi | ||
| Details | Website | 2021-01-12 | 216 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2021-01-12 | 215 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2020-12-21 | 28 | How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise | McAfee Blog |