View on MITRE ATT&CK

T1036.004 - Masquerade Task or Service

Sub-technique
Tactics:
Defense Evasion
Platforms:
Linux macOS Windows
Detection:
Not specified
Description:
Adversaries may attempt to manipulate the name of a task or service to make it appear legitimate or benign. Tasks/services executed by the Task Scheduler or systemd will typically be given a name and/or description.(Citation: TechNet Schtasks)(Citation: Systemd Service Units) Windows services will have a service name as well as a display name. Many benign tasks and services exist that have commonly associated names. Adversaries may give tasks or services names that are similar or identical to those of legitimate ones.

Tasks or services contain other fields, such as a description, that adversaries may attempt to make appear legitimate.(Citation: Palo Alto Shamoon Nov 2016)(Citation: Fysbis Dr Web Analysis)
Used by Actors (20)
Naikon
Nation-state
FIN7
Criminal
Lazarus Group
Nation-state
FIN6
Unknown
PROMETHIUM
Unknown
APT32
Nation-state
Kimsuky
Nation-state
WIZARD SPIDER
Nation-state
APT-C-36
Nation-state
APT41
Nation-state
Higaisa
Nation-state
Fox Kitten
Unknown
BackdoorDiplomacy
Unknown
FIN13
Unknown
Winter Vivern
Unknown
UNC3886
Unknown
Storm-0501
Unknown
Aquatic Panda
Unknown
Magic Hound
Unknown
BITTER
Unknown
Malware (20)
Exaramel for Windows other StrongPity other Nebulae other TONESHELL other RainyDay other TinyTurla other BOOKWORM other Emotet other Turian other Machete other PingPull other Hildegard other InvisiMole other Volgmer other RDAT other Okrum other Raspberry Robin other Fysbis other DCSrv other ShimRat other
Metadata
MITRE ID: T1036.004
STIX ID: attack-pattern--7bdca9d5-d500-...
Platforms: Linux, macOS, Windows
Created: 13/01/2026 17:48
Updated: 06/03/2026 16:00