216.73.216.133

T1007: T1007

View on MITRE ATT&CK The MITRE Corporation · Published 31/05/2017 23:30 · Modified 10/04/2026 12:07

Essential information

MITRE technique ID
T1007
Confidence
100/100
Revoked
No
Published
31/05/2017 23:30
Modified
10/04/2026 12:07
Author / Source
The MITRE Corporation

Aliases

System Service Discovery

Platforms

windows macos linux

Description

Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as `sc query`, `tasklist /svc`, `systemctl --type=service`, and `net start`. Adversaries may also gather information about schedule tasks via commands such as `schtasks` on Windows or `crontab -l` on Linux and macOS.(Citation: Elastic Security Labs GOSAR 2024)(Citation: SentinelLabs macOS Malware 2021)(Citation: Splunk Linux Gormir 2024)(Citation: Aquasec Kinsing 2020) Adversaries may use the information from [System Service Discovery](https://attack.mitre.org/techniques/T1007) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Kill chain phases

Kill chainPhase
mitre-attack discovery

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references