Home/ MITRE Matrix/ Defense Evasion/ T1036.008

T1036.008Masquerade File Type

T1036.008 — Masquerade File Type is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 7 detection use cases covering it and 3 threat-intel articles citing it.

Defense Evasion

View on the matrix → Filter Detection Library MITRE official spec ↗

7Use cases

3Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1036 · Masquerading

Use cases covering this technique (7)

Email Attachments With Lots Of Spaces ESCU actions · hunting P Suspicious Process Executed From Container File ESCU actions · alerting P Windows Executable Masquerading as Benign File Types ESCU actions · hunting P [LLM] Webserver process writes PHP-executable file to public web-root or upload directory (CVE-2026-48062) Bespoke install · alerting DSΣPDDCS [LLM] HTTP multipart upload: image Content-Type with PHP/executable filename extension (CVE-2026-48062 exploit shape) Bespoke delivery · alerting SΣPDD [LLM] SAM/SECURITY registry hives copied from VSS shadow to Public\Documents as .pdf Bespoke actions · alerting DSΣPDDCS [LLM] DaemonicLogistics fake-Tencent payload drop (logo.gif at %PROGRAMDATA%\Tencent\QQUpdateMgr\UpdateFiles) Bespoke install · alerting DSΣP

Articles citing this technique (3)

crit [GHSA / CRITICAL] CVE-2026-48062: CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule art-43

crit Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload art-219

crit PlushDaemon compromises network devices for adversary-in-the-middle attacks art-695