Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as <code>sc query</code>, <code>tasklist /svc</code>, <code>systemctl –type=service</code>, and <code>net start</code>.
Adversaries may use the information from System Service Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| action.hacking.variety.Profile host | Enumerating the state of the current host | related-to | T1007 | System Service Discovery |
| action.malware.variety.Profile host | Enumerating the state of the current host | related-to | T1007 | System Service Discovery |