Masquerading: Masquerade Task or Service

Created the Friday 10 February 2023. Updated 6 months, 2 weeks ago.

Adversaries may attempt to manipulate the name of a task or service to make it appear legitimate or benign. Tasks/services executed by the Task Scheduler or systemd will typically be given a name and/or description. Windows services will have a service name as well as a display name. Many benign tasks and services exist that have commonly associated names. Adversaries may give tasks or services names that are similar or identical to those of legitimate ones.

Tasks or services contain other fields, such as a description, that adversaries may attempt to make appear legitimate.

Technique Identifier

T1036.004

Technique Tags

Defense Evasion scheduled tasks scheduled tasks mimic legitimate task mimic legitimate service APT-C-36 APT29 APT32 APT41

Additional Resources

External Links

The resources provided below are associated links that will give you even more detailed information and research on current evasion technique. It is important to note that, while these resources may be helpful, it is important to exercise caution when following external links. As always, be careful when clicking on links from unknown sources, as they may lead to malicious content.

Masquerading: Masquerade Task or Service, Sub-technique T1036.004 - Enterprise | MITRE ATT&CK®