Masquerading: Space after Filename

Other sub-techniques of Masquerading (12)

ID	Name
ATAGS-T1100.001	Break Process Trees
ATAGS-T1100.002	Browser Fingerprint
ATAGS-T1100.003	Double File Extension
ATAGS-T1100.004	Invalid Code Signature
ATAGS-T1100.005	Masquerade Account Name
ATAGS-T1100.006	Masquerade File Type
ATAGS-T1100.007	Masquerade Task or Service
ATAGS-T1100.008	Match Legitimate Resource Name or Location
ATAGS-T1100.009	Overwrite Process Arguments
ATAGS-T1100.010	Rename Legitimate Utilities
ATAGS-T1100.011	Right-to-Left Override
ATAGS-T1100.012	Space after Filename

Threat Actors can hide a program's true filetype by changing the extension of a file. With certain file types (specifically this does not work with .app extensions), appending a space to the end of a filename will change how the file is processed by the operating system.

ID: ATAGS-T1100.012

Sub-technique of: ATAGS-T1100

ⓘ

Tactic: Defense Evasion

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.