T1569Techniqueexecutionagent-callable

T1569System Services

Platforms: Windows · macOS · Linux

ATT&CK version: 14.1

What it is

Adversaries may abuse system services or daemons to execute commands or programs. Adversaries can execute malicious content by interacting with or creating services either locally or remotely. Many services are set to run at boot, which can aid in achieving persistence ([Create or Modify System Process](https://attack.mitre.org/techniques/T1543)), but adversaries can also abuse services for one-time or temporary execution.

ATT&CK tactics· 1

Execution

References

  1. https://attack.mitre.org/techniques/T1569
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.