Home/ MITRE Matrix/ Defense Evasion/ T1036.004

T1036.004Masquerade Task or Service

T1036.004 — Masquerade Task or Service is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 3 detection use cases covering it and 2 threat-intel articles citing it.

Defense Evasion

View on the matrix → Filter Detection Library MITRE official spec ↗

3Use cases

2Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1036 · Masquerading

Use cases covering this technique (3)

Linux Kworker Process In Writable Process Path ESCU actions · hunting P [LLM] Stage-2 implant masquerading as node-health-check daemon (/tmp/.kh, /tmp/.ns) Bespoke install · alerting DSΣPDD [LLM] macOS Axios RAT daemon spoof + ad-hoc codesign of hidden /private/tmp binary Bespoke install · alerting DSΣPDDCS

Articles citing this technique (2)

high GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays art-367

high Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT art-420