Common Information
| Type | Value |
|---|---|
| Value |
Service Execution - T1569.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager (<code>services.exe</code>) is an interface to manage and manipulate services.(Citation: Microsoft Service Control Manager) The service control manager is accessible to users via GUI components as well as system utilities such as <code>sc.exe</code> and [Net](https://attack.mitre.org/software/S0039). [PsExec](https://attack.mitre.org/software/S0029) can also be used to execute commands or payloads via a temporary Windows service created through the service control manager API.(Citation: Russinovich Sysinternals) Tools such as [PsExec](https://attack.mitre.org/software/S0029) and <code>sc.exe</code> can accept remote servers as arguments and may be used to conduct remote execution. Adversaries may leverage these mechanisms to execute malicious content. This can be done by either executing a new or modified service. This technique is the execution used in conjunction with [Windows Service](https://attack.mitre.org/techniques/T1543/003) during service persistence or privilege escalation. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector | ||
| Details | Website | 2023-07-25 | 47 | Decoding RomCom: Behaviors and Opportunities for Detection | ||
| Details | Website | 2023-07-09 | 6 | Série: Ransomwares e suas artimanhas #1 | ||
| Details | Website | 2023-07-07 | 84 | [REL] A Journey Into Hacking Google Search Appliance | DEVCORE 戴夫寇爾 | ||
| Details | Website | 2023-06-14 | 23 | Understanding Ransomware Threat Actors: LockBit – Cyber Safe NV | ||
| Details | Website | 2023-05-30 | 112 | Russia/Ukraine Update - May 2023 | ||
| Details | Website | 2023-05-20 | 1 | Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks - RedPacket Security | ||
| Details | Website | 2023-05-19 | 98 | Understanding the Russian-Speaking Threat Actor | Infoblox | ||
| Details | Website | 2023-05-09 | 19 | Hunting Russian Intelligence “Snake” Malware | CISA | ||
| Details | Website | 2023-05-02 | 78 | Attack on Security Titans: Earth Longzhi Returns With New Tricks | ||
| Details | Website | 2023-05-01 | 11 | 2023 Ransomware: Detection and Prevention - ReliaQuest | ||
| Details | Website | 2023-04-30 | 6 | Malware Trends Report: Q1, 2023 - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2023-04-25 | 12 | Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders | ||
| Details | Website | 2023-04-10 | 86 | Threat Actor Spotlight: RagnarLocker Ransomware | ||
| Details | Website | 2023-04-03 | 228 | Malicious ISO File Leads to Domain Wide Ransomware - The DFIR Report | ||
| Details | Website | 2023-04-03 | 26 | ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access | Mandiant | ||
| Details | Website | 2023-03-06 | 58 | 2022 Year in Review - The DFIR Report | ||
| Details | Website | 2023-03-02 | 199 | Russia/Ukraine Update - February 2023 | ||
| Details | Website | 2023-02-06 | 45 | Kiedy nawet dobry EDR nie wystarcza – case study prawie udanego ataku z polskiej firmy | Zaufana Trzecia Strona | ||
| Details | Website | 2023-01-23 | 63 | Black Basta – Technical Analysis | Kroll | ||
| Details | Website | 2022-12-20 | 133 | Russia/Ukraine Update - December 2022 | ||
| Details | Website | 2022-11-29 | 132 | Russia/Ukraine Update - November 2022 | ||
| Details | Website | 2022-11-28 | 140 | Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware - The DFIR Report | ||
| Details | Website | 2022-11-16 | 63 | ARCrypter Ransomware Expands Its Operations From Latin America to the World | ||
| Details | Website | 2022-11-14 | 107 | BumbleBee Zeros in on Meterpreter |