Show in Graph
Common Information
Type Value
Value 
Service Execution - T1569.002
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager (<code>services.exe</code>) is an interface to manage and manipulate services.(Citation: Microsoft Service Control Manager) The service control manager is accessible to users via GUI components as well as system utilities such as <code>sc.exe</code> and [Net](https://attack.mitre.org/software/S0039). [PsExec](https://attack.mitre.org/software/S0029) can also be used to execute commands or payloads via a temporary Windows service created through the service control manager API.(Citation: Russinovich Sysinternals) Tools such as [PsExec](https://attack.mitre.org/software/S0029) and <code>sc.exe</code> can accept remote servers as arguments and may be used to conduct remote execution. Adversaries may leverage these mechanisms to execute malicious content. This can be done by either executing a new or modified service. This technique is the execution used in conjunction with [Windows Service](https://attack.mitre.org/techniques/T1543/003) during service persistence or privilege escalation.
Details Published Attributes CTI Title
Details Website 2024-11-16 90 From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-11-11 35 Threat Intelligence Report 5th November - 11th November
Details Website 2024-11-07 63 Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-11-03 54 Coinminer - Malware Analysis
Details Website 2024-11-01 39 Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc.
Details Website 2024-10-28 21 Malware Trends Report: Q3, 2024
Details Website 2024-10-28 51 CloudScout: Evasive Panda scouting cloud services
Details Website 2024-10-23 76 Embargo ransomware: Rock’n’Rust
Details Website 2024-10-22 21 Malware Trends Report: Q3, 2024
Details Website 2024-10-22 21 Malware Trends Report: Q3, 2024 - ANY.RUN's Cybersecurity Blog
Details Website 2024-10-15 62 Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
Details Website 2024-10-10 182 Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航
Details Website 2024-10-07 141 Mind the (air) gap: GoldenJackal gooses government guardrails
Details Website 2024-09-30 174 Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
Details Website 2024-09-26 22 Avaddon Ransomware Analysis (EN)
Details Website 2024-09-25 21 HackTheBox Sherlock Writeup: Hunter
Details Website 2024-09-20 29 How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections
Details Website 2024-09-09 22 Dive into Sigma Correlation Rules
Details Website 2024-09-09 33 Threat Intelligence Report 3rd September – 9th September 2024
Details Website 2024-09-08 114 深入剖析针对中国用户的攻击活动(判断为Hvv样本被捕获了,红队速来认领) | CTF导航
Details Website 2024-09-06 46 Самые интересные киберинциденты в 2023 году: внутренние угрозы и многое другое
Details Website 2024-09-03 46 Most interesting IR cases in 2023: insider threats and more
Details Website 2024-09-02 48 Dark Web Profile: Abyss Ransomware - SOCRadar® Cyber Intelligence Inc.
Details Website 2024-09-02 28 Threat Intelligence Report 27th August – 2nd September 2024
Details Website 2024-08-30 97 From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users