Masquerading: Masquerade Task or Service

Other sub-techniques of Masquerading (12)

ID	Name
ATAGS-T1100.001	Break Process Trees
ATAGS-T1100.002	Browser Fingerprint
ATAGS-T1100.003	Double File Extension
ATAGS-T1100.004	Invalid Code Signature
ATAGS-T1100.005	Masquerade Account Name
ATAGS-T1100.006	Masquerade File Type
ATAGS-T1100.007	Masquerade Task or Service
ATAGS-T1100.008	Match Legitimate Resource Name or Location
ATAGS-T1100.009	Overwrite Process Arguments
ATAGS-T1100.010	Rename Legitimate Utilities
ATAGS-T1100.011	Right-to-Left Override
ATAGS-T1100.012	Space after Filename

Threat Actors may attempt to manipulate the name of a task or service to make it appear legitimate or benign. Tasks/services executed by the Task Scheduler or systemd will typically be given a name and/or description. Windows services will have a service name as well as a display name. Many benign tasks and services exist that have commonly associated names. Threat Actors may give tasks or services names that are similar or identical to those of legitimate ones.

ID: ATAGS-T1100.007

Sub-technique of: ATAGS-T1100

ⓘ

Tactic: Defense Evasion

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.