Trusted Design

T1036.005 - Match Legitimate Resource Name or Location

概要

Adversaries may match or approximate the name or location of legitimate files, Registry keys, or other resources when naming/placing them. This is done for the sake of evading defenses and observation. This may be done by placing an executable in a commonly trusted directory (ex: under System32) or giving it the name of a legitimate, trusted program (ex: `svchost.exe`). Alternatively, a Windows Registry key may be given a close approximation to a key used by a legitimate program. In containerized environments, a threat actor may create a resource in a trusted namespace or one that matches the naming convention of a container pod or cluster.(Citation: Aquasec Kubernetes Backdoor 2023)

この攻撃手法を利用する脅威アクター

• TeamTNT
• Gamaredon Group
• Volt Typhoon
• BRONZE BUTLER
• TA2541
• APT41
• APT42
• Storm-1811
• Indrik Spider
• FIN7
• Mustard Tempest
• MuddyWater
• WIRTE
• Patchwork
• Transparent Tribe
• admin@338
• Earth Lusca
• BackdoorDiplomacy
• Akira
• Ferocious Kitten
• RedCurl
• APT29
• APT28
• Naikon
• Chimera
• Aquatic Panda
• APT32
• Ke3chang
• Tropic Trooper
• Magic Hound
• PROMETHIUM
• INC Ransom
• LuminousMoth
• Whitefly
• OilRig
• Machete
• Carbanak
• Lazarus Group
• Darkhotel
• APT1
• Blue Mockingbird
• Sidewinder
• menuPass
• Sowbug
• Ember Bear
• APT39
• Velvet Ant
• Kimsuky
• APT5
• Poseidon Group
• Silence
• Fox Kitten
• ToddyCat
• SideCopy
• Turla
• Mustang Panda
• FIN13
• Sandworm Team
• Rocke

関連する CVE

この攻撃手法に関連する CVE は登録されていません。

攻撃手法 – 脅威アクター Graph

---

← Technique一覧に戻る