Masquerading: Match Legitimate Resource Name or Location

Other sub-techniques of Masquerading (12)

ID	Name
ATAGS-T1100.001	Break Process Trees
ATAGS-T1100.002	Browser Fingerprint
ATAGS-T1100.003	Double File Extension
ATAGS-T1100.004	Invalid Code Signature
ATAGS-T1100.005	Masquerade Account Name
ATAGS-T1100.006	Masquerade File Type
ATAGS-T1100.007	Masquerade Task or Service
ATAGS-T1100.008	Match Legitimate Resource Name or Location
ATAGS-T1100.009	Overwrite Process Arguments
ATAGS-T1100.010	Rename Legitimate Utilities
ATAGS-T1100.011	Right-to-Left Override
ATAGS-T1100.012	Space after Filename

Threat Actors may match or approximate the name or location of legitimate files, Registry keys, or other resources when naming/placing them. This is done for the sake of evading defenses and observation.

ID: ATAGS-T1100.008

Sub-technique of: ATAGS-T1100

ⓘ

Tactic: Defense Evasion

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.