EXPLORE

← Back to Explore

T1007

System Service Discovery

Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as <code>sc query</code>, <code>tasklist /svc</code>, <code>systemctl --type=service</code>, and <code>net start</code>. Adversaries may also gather information about schedule tasks via commands such as `schtasks` on Windows or `crontab -l` on Linux and macOS.(Citation: Elastic Security Labs GOSAR 2024)(Citation: Senti...

LinuxmacOSWindows

15

Detections

3

Sources

15

Threat Actors

BY SOURCE

11sigma2elastic2splunk_escu

PROCEDURES (9)

Process Creation Monitoring8 detections

Auto-extracted: 8 detections for process creation monitoring

Privilege1 detections

Auto-extracted: 1 detections for privilege

Service1 detections

Auto-extracted: 1 detections for service

Credential1 detections

Auto-extracted: 1 detections for credential

Powershell1 detections

Auto-extracted: 1 detections for powershell

Service1 detections

Auto-extracted: 1 detections for service

Service1 detections

Auto-extracted: 1 detections for service

Credential1 detections

Auto-extracted: 1 detections for credential

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

THREAT ACTORS (15)

admin@338 APT1 Aquatic Panda BRONZE BUTLER Chimera Earth Lusca Indrik Spider Ke3chang Kimsuky MirrorFace OilRig Poseidon Group TeamTNT Turla Volt Typhoon

DETECTIONS (15)

Crontab Enumeration

Enumeration Command Spawned via WMIPrvSE

ESXi Network Configuration Discovery Via ESXCLI

ESXi Storage Information Discovery Via ESXCLI

ESXi System Information Discovery Via ESXCLI

ESXi VM List Discovery Via ESXCLI

ESXi VSAN Information Discovery Via ESXCLI

HackTool - PCHunter Execution

Net.EXE Execution

Potential Configuration And Service Reconnaissance Via Reg.EXE

Potential Registry Reconnaissance Via PowerShell Script

PowerShell Suspicious Discovery Related Windows API Functions

SC.EXE Query Execution

Windows Net System Service Discovery

Windows WinPEAS PowerShell Script Execution