1. Home
  2. Techniques
  3. Enterprise
  4. Masquerading

Masquerading

ID Name
ATAGS-T1100.001 Break Process Trees
ATAGS-T1100.002 Browser Fingerprint
ATAGS-T1100.003 Double File Extension
ATAGS-T1100.004 Invalid Code Signature
ATAGS-T1100.005 Masquerade Account Name
ATAGS-T1100.006 Masquerade File Type
ATAGS-T1100.007 Masquerade Task or Service
ATAGS-T1100.008 Match Legitimate Resource Name or Location
ATAGS-T1100.009 Overwrite Process Arguments
ATAGS-T1100.010 Rename Legitimate Utilities
ATAGS-T1100.011 Right-to-Left Override
ATAGS-T1100.012 Space after Filename

Threat actors may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.

ID: ATAGS-T1100
Sub-techniques:  ATAGS-T1100.001, ATAGS-T1100.002, ATAGS-T1100.003, ATAGS-T1100.004, ATAGS-T1100.005, ATAGS-T1100.006, ATAGS-T1100.007, ATAGS-T1100.008, ATAGS-T1100.009, ATAGS-T1100.010, ATAGS-T1100.011, ATAGS-T1100.012
Tactic: Defense Evasion
Targeted Components: Software
Responsibility: Provider
Created: 18 April 2026
Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.