Match Legitimate Name or Location
Once an adversary is in your environment they will try to evade your defenses. Renaming their code to look like a legitimate executable is a solid plan. How can you tell if that AcroRD32.exe file is malicious or benign? How can you stop this from happening in the first place? Get hands-on answering these questions today.
After an adversary takes the time to gain access to an environment they aren’t likely to give up their position by being completely obvious. Adversaries need to evade detection in order to have the time to find the information they’re really after. One technique to accomplish this is by hiding in plain sight. Adversaries may name their malicious payloads similarly to system files or commonly installed programs. They’ll even make sure to store these files in similar directories, all in service of avoiding detection.
Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by financially motivated threat group FIN7. Prevent adversaries from accomplishing the tactic of Defense Evasion in your environment now.
Complete this entire course to earn a Match Legitimate Name or Location Certificate of Completion