Find sigma rule
Attack: System Service Discovery
Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as sc query
, tasklist /svc
, systemctl --type=service
, and net start
.
Adversaries may use the information from System Service Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
MITRE
Tactic
- discovery
technique
- T1007
Test : System Service Discovery
OS
- windows
Description:
Identify system services.
Upon successful execution, cmd.exe will execute service commands with expected result to stdout.
Executor
command_prompt
Sigma Rule
-
proc_creation_win_sc_query.yml (id: 57712d7a-679c-4a41-a913-87e7175ae429)
-
proc_creation_win_tasklist_basic_execution.yml (id: 63332011-f057-496c-ad8d-d2b6afb27f96)