Adversaries may use masquerading to disguise a malicious application or executable as another file. Possible disguises include commonly found programs, expected vendor executables and configuration files. This can be as simple as renaming a file to effectively disguise it in the ICS environment. By impersonating expected and vendor-relevant files and applications, operators and engineers may not notice the presence of the underlying malicious content and possibly end up running the malicious programs masqueraded as legitimate functions. Use tools that restrict program execution via application control by attributes other than file name for common system and application utilities.”]
Source: https://collaborate.mitre.org/attackics/index.php/Technique/T0849