MITRE ATT&CK / T1569
T1569
System Services
Execution
Description
Adversaries may abuse system services or daemons to execute commands or programs. Adversaries can execute malicious content by interacting with or creating services either locally or remotely. Many services are set to run at boot, which can aid in achieving persistence ([Create or Modify System Process](https://attack.mitre.org/techniques/T1543)), but adversaries can also abuse services for one-time or temporary execution.
Platforms
WindowsmacOSLinux
Mitigations
- M1026 — Privileged Account Management
- M1018 — User Account Management
- M1040 — Behavior Prevention on Endpoint
- M1022 — Restrict File and Directory Permissions
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- PamDOORa: New Linux Backdoor Sells for $900 on Russian Forum, Harvests SSH Credentials via PAM
- Fast16 Malware Reverse-Engineering: State-Sponsored Computation Sabotage Analysis
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →