#T1036.005 Match Legitimate Resource Name or Location

Technique

  • Tactics: Defense Evasion
  • Description:

    Adversaries may match or approximate the name or location of legitimate files, Registry keys, or other resources when naming/placing them. This is done for the sake of evading defenses and observation.

    This may be done by placing an executable in a commonly trusted directory (ex: under System32) or giving it the name of a legitimate, trusted program (ex: `svchost.exe`). Alternatively, a Windows Registry key may be given a close approximation to a key used by a legitimate program. In containerized environments, a threat actor may create a resource in a trusted namespace or one that matches the naming convention of a container pod or cluster.(Citation: Aquasec Kubernetes Backdoor 2023)

  • First Seen: Phishing Emails Used to Deploy KONNI Malware • 2020-08-14
MITRE ATT&CK

Tagged Reports

2023-01-05
Attack IQ
#Trend #DreamJob #Inception #MagicRAT #Sharpshooter #ThreatNeedle #T1025 #T1047 #T1012 #T1016 #T1543.003 #T1057 #T1082 #T1552.002 #T1074.001 #T1572 #T1218.011 #T1547.001 #T1049 #T1003.002 #T1053.005 #T1041 #T1048.001 #T1105 #T1071.001 #T1220 #T1046 #T1218.010 #T1055 #T1112 #T1083 #T1007 #T1033 #T1036.005 #T1003
2022-12-22
Attack IQ
#Andariel #T1012 #T1016 #T1057 #T1082 #T1074.001 #T1016.001 #T1120 #T1218.011 #T1547.001 #T1197 #T1049 #T1041 #T1053.005 #T1105 #T1071.001 #T1218.010 #T1083 #T1486 #T1033 #T1036.005 #T1217
2021-12-22
Threatray
#Andariel #TigerRAT #T1059.007 #T1566.001 #T1041 #T1113 #T1486 #T1189 #T1027.003 #T1204.002 #T1036.005 #T1049 #T1056.001 #T1573.001 #T1497.001 #T1584.006 #T1095 #T1583.003 #T1071.001 #T1057
2021-12-02
SOCRadar
#Lazarus #T1090.001 #T1134.002 #T0865 #T1562.001 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1485 #T1614.001 #T1591 #T1218.011 #T1620 #T1078 #T1587.001 #T1027.007 #T1010 #T1571 #T1090.002 #T1542.003 #T1583.001 #T1033 #T1497.001 #T1560.002 #T1203 #T1036 #T1012 #T1016 #T1059.005 #T1106 #T1027 #T1566.003 #T1027.002 #T1562.004 #T1529 #T1049 #T1140 #T1585.001 #T1005 #T1053.005 #T1564.001 #T1608.001 #T1105 #T1046 #T1491.001 #T1055.001 #T1070 #T1589.002 #T1036.005 #T1110 #T1547.009 #T1489 #T1110.003 #T1534 #T1047 #T1588.004 #T1104 #T1036.003 #T1591.004 #T1001.003 #T1057 #T1082 #T1561.002 #T1566.001 #T1561.001 #T1574.013 #T1573.001 #T1608.002 #T1585.002 #T1218 #T1588.002 #T1036.004 #T1204.001 #T1041 #T1560 #T1202 #T1071.001 #T1218.005 #T1059.001 #T1593.001 #T1189 #T1124 #T1056.001 #T1070.006 #T1008 #T1102.002 #T1048.003 #T1583.006 #T1221 #T1557.001 #T1098 #T1547.001 #T1567.002 #T1584.004 #T1087.002 #T1070.004 #T1560.003 #T1070.003 #T1583.004 #T1132.001 #T1588.003 #T1021.002 #T1204.002 #T1220 #T1574.002 #T1083 #T1566.002 #T1021.001 #T1021.004 #T1584.001
2021-11-29
Kaspersky
#Scarcruft #Chinotto #T1071.001 #T1566.001 #T1041 #T1059.001 #T1113 #T1059.005 #T1584.006 #T1033 #T1036.005 #T1573.001 #T1547.001 #T1560.002 #T1140 #T1082
2021-06-15
Kaspersky
#Andariel #Ransomware #Manuscrypt #T1059.007 #T1566.001 #T1041 #T1113 #T1486 #T1027.003 #T1204.002 #T1036.005 #T1049 #T1573.001 #T1497.001 #T1584.006 #T1095 #T1583.003 #T1071.001 #T1057
2021-05-21
Macnica
#Trend #CloudDragon #T1055.012 #T1047 #T1027 #T1560.001 #T1543.003 #T1071 #T1482 #T1518.001 #T1566.001 #T1053.002 #T1218.011 #T1547.001 #T1140 #T1087.002 #T1003.002 #T1053.005 #T1204.002 #T1070.001 #T1071.001 #T1574.001 #T1574.002 #T1003.003 #T1059.001 #T1036.005 #T1133 #T1021.001
2021-03-23
Sygnia
#MATA #TFlower #Lazarus #T1055.001 #T1112 #T1070.004 #T1547.005 #T1562 #T1053.005 #T1070.003 #T1113 #T1572 #T1486 #T1021.002 #T1036.005 #T1573.001 #T1552.001 #T1021.001 #T1021.004 #T1070.001 #T1008
2020-08-14
USCISA
#Phishing #Konni #T1134.002 #T1016 #T1048.003 #T1057 #T1082 #T1548.002 #T1059.003 #T1566.001 #T1218.011 #T1547.001 #T1140 #T1070.004 #T1113 #T1132.001 #T1105 #T1071.001 #T1112 #T1115 #T1083 #T1059.001 #T1033 #T1036.005 #T1056.001 #T1555.003 #T1547.009 #T1546.015
« Back