T1036.004: T1036.004
Essential information
- MITRE technique ID
T1036.004- Confidence
- 100/100
- Revoked
- No
- Published
- 10/02/2020 21:30
- Modified
- 27/03/2026 01:10
- Author / Source
- The MITRE Corporation
Aliases
Masquerade Task or Service
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (54)
-
The MITRE Corporation Confidence 100
[APT-C-36](https://attack.mitre.org/groups/G0099) is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Andromeda/Gamarue relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Aquabot relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BackdoorDiplomacy relatedThe MITRE Corporation Confidence 100
[BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) is a cyber espionage threat group that has been active since at least 2017. [BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has targeted government, energy, and engineering organizations in Pakistan,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CL-CRI-1014 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CL-STA-1087 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Carbanak](https://attack.mitre.org/groups/G0008) is a cybercriminal group that has used [Carbanak](https://attack.mitre.org/software/S0030) malware to target financial institutions since at least 2013. [Carbanak](https://attack.mitre.org/groups/G0008) may be linked to groups tracked separately as [Cobalt…
First seen 01/01/1970 · Last seen 16/11/5138 · -
ClickFix relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (74)
-
MedusaLocker usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
MiniJunk V2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 19 MITREs 2 Malwares 13 IOCs 4 Observables 1 APT
-
AlienVault Confidence 100 25 CVEs 21 MITREs 7 Malwares 30 IOCs 10 Observables
-
AlienVault Confidence 100 13 CVEs 20 MITREs 4 Malwares 6 IOCs 5 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 1 Malware 3 IOCs 1 APT
-
20 MITREs 1 Malware 6 Observables
-
1 CVE 12 MITREs 2 Malwares 2 Observables 1 APT
-
19 MITREs 5 Malwares 1 Observable 1 APT
-
20 MITREs 6 Malwares 10 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 4 Malwares 13 IOCs 13 Observables 1 APT
-
1 CVE 18 MITREs 2 Malwares 8 Observables
-
15 MITREs 9 Observables
-
AlienVault Confidence 100 19 MITREs 1 Malware 2 IOCs 2 Observables
Vulnerabilities (CVE) (65)
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing …
- Attack vector
- NETWORK
- Published
- 13/04/2024
- Modified
- 21/12/2025
A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and …
- Published
- 16/05/2022
- Modified
- 20/12/2025
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious …
- Attack vector
- Network
- Published
- 13/08/2024
- Modified
- 21/12/2025
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via …
- Attack vector
- Network
- Published
- 17/01/2023
- Modified
- 15/07/2026
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …
- Attack vector
- NETWORK
- Published
- 21/07/2025
- Modified
- 21/12/2025
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the …
- Attack vector
- NETWORK
- Published
- 10/03/2022
- Modified
- 20/12/2025
Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the …
- EPSS
- 0.0805 (P92.1%)
- Published
- 29/10/2007
- Modified
- 15/07/2026
Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
- Published
- 04/04/2022
- Modified
- 20/12/2025
WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files …
- Published
- 03/11/2021
- Modified
- 13/07/2026
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including …
- Attack vector
- NETWORK
- Published
- 11/12/2025
- Modified
- 21/12/2025
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file …
- Attack vector
- Network
- Published
- 19/11/2025
- Modified
- 13/07/2026
Tool (2)
-
CSPY Downloader usesThe MITRE Corporation Confidence 100
[CSPY Downloader](https://attack.mitre.org/software/S0527) is a tool designed to evade analysis and download additional payloads used by [Kimsuky](https://attack.mitre.org/groups/G0094).(Citation: Cybereason Kimsuky November 2020)
-
IronNetInjector usesThe MITRE Corporation Confidence 100
[IronNetInjector](https://attack.mitre.org/software/S0581) is a [Turla](https://attack.mitre.org/groups/G0010) toolchain that utilizes scripts from the open-source IronPython implementation of Python with a .NET injector to drop one or more payloads including [ComRAT](https://attack.mitre.org/software/S0126).(Citation: Unit…
Campaign (1)
-
KV Botnet Activity uses