Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as <code>sc query</code>, <code>tasklist /svc</code>, <code>systemctl –type=service</code>, and <code>net start</code>.
Adversaries may use the information from System Service Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2019-1653 | Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability | secondary_impact | T1007 | System Service Discovery |
Comments
CVE-2019-1653 is a critical information disclosure vulnerability affecting Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers. This vulnerability allows unauthenticated, remote attackers to access sensitive information from affected devices.
References
|
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| action.hacking.variety.Profile host | Enumerating the state of the current host | related-to | T1007 | System Service Discovery | |
| action.hacking.variety.Scan network | Enumerating the state of the network | related-to | T1007 | System Service Discovery | |
| action.malware.variety.Packet sniffer | Packet sniffer (capture data from network) | related-to | T1007 | System Service Discovery | |
| action.malware.variety.Profile host | Enumerating the state of the current host | related-to | T1007 | System Service Discovery | |
| action.malware.variety.Scan network | Enumerating the state of the network | related-to | T1007 | System Service Discovery |