Common third-party software name masquerading

Cortex XSIAM Analytics Alert Reference by Alert name

Product

Cortex XSIAM

Last date published

2025-12-08

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	1 Day
Required Data	Requires: XDR Agent
Detection Modules
Detector Tags	EDR Windows Disguised Processes
ATT&CK Tactic	Defense Evasion (TA0005)
ATT&CK Technique	Masquerading (T1036)
Severity	Informational

An attacker might leverage common third-party Software image names to run malicious processes without being caught.

An attacker is attempting to masquerade as a common third-party software image to execute malicious code.

Investigate the executed process image and check if it is malicious.
Investigate the actor process which executed the process and check if it is malicious.

An attacker might leverage common third-party Software image names to run malicious processes without being caught.

An attacker is attempting to masquerade as a common third-party software image to execute malicious code.

Investigate the executed process image and check if it is malicious.
Investigate the actor process which executed the process and check if it is malicious.

An attacker might leverage common third-party Software image names to run malicious processes without being caught.

An attacker is attempting to masquerade as a common third-party software image to execute malicious code.

Investigate the executed process image and check if it is malicious.
Investigate the actor process which executed the process and check if it is malicious.