T1007 | lazarus.day

#T1007 System Service Discovery

Technique

Tactics: Discovery
Description:
Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as sc query, tasklist /svc, systemctl --type=service, and net start. Adversaries may also gather information about schedule tasks via commands such as schtasks on Windows or crontab -l on Linux and macOS.(Citation: Elastic Security Labs GOSAR 2024)(Citation: SentinelLabs macOS Malware 2021)(Citation: Splunk Linux Gormir 2024)(Citation: Aquasec Kinsing 2020)

Adversaries may use the information from System Service Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
First Seen: Kimsuky • 2019-08-26

MITRE ATT&CK

8

Tagged Reports
6

Unique Authors
2,069

Active Days

Tagged Reports

2025-04-24

Kaspersky

Lazarus APT updates its toolset in watering hole attacks

#Innorix #LPEClient #Lazarus #SIGNBT #SyncHole #ThreatNeedle #AGAMEMNON #CrossEX #T1190 #T1027.013 #T1016 #T1570 #T1543.003 #T1583.003 #T1057 #T1082 #T1573.001 #T1218.011 #T1087.001 #T1620 #T1135 #T1049 #T1140 #T1087.002 #T1027.009 #T1608.004 #T1105 #T1071.001 #T1574.001 #T1574.002 #T1547.005 #T1083 #T1583.001 #T1007 #T1564.004 #T1573.002 #T1189 #T1584.001 #T1569.002

2025-02-12

Cyfirma

APT PROFILE – APT43

#APT43 #T1055.012 #T1562.001 #T1190 #T1587 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1591 #T1218.011 #T1587.001 #T1588.005 #T1598.003 #T1594 #T1218.010 #T1557 #T1007 #T1583.001 #T1555.003 #T1036 #T1012 #T1016 #T1059.005 #T1027 #T1071.002 #T1027.002 #T1562.004 #T1111 #T1003.001 #T1140 #T1585.001 #T1005 #T1114.003 #T1053.005 #T1608.001 #T1105 #T1114.002 #T1589.002 #T1036.005 #T1534 #T1078.003 #T1552.001 #T1560.001 #T1136.001 #T1057 #T1082 #T1550.002 #T1518.001 #T1176 #T1566.001 #T1071.003 #T1585.002 #T1588.002 #T1036.004 #T1204.001 #T1586.002 #T1041 #T1219 #T1589.003 #T1071.001 #T1564.002 #T1112 #T1218.005 #T1059.001 #T1593.001 #T1040 #T1546.001 #T1056.001 #T1070.006 #T1102.002 #T1583.006 #T1564.003 #T1098 #T1593.002 #T1547.001 #T1567.002 #T1059.007 #T1070.004 #T1560.003 #T1505.003 #T1583.004 #T1204.002 #T1055 #T1059.006 #T1083 #T1133 #T1566.002 #T1021.001 #T1584.001

2024-09-12

Cyfirma

APT PROFILE – KIMSUKY

#Kimsuky #T1055.012 #T1562.001 #T1190 #T1587 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1591 #T1218.011 #T1587.001 #T1588.005 #T1598.003 #T1594 #T1218.010 #T1557 #T1007 #T1583.001 #T1555.003 #T1036 #T1012 #T1016 #T1059.005 #T1027 #T1071.002 #T1027.002 #T1562.004 #T1111 #T1003.001 #T1140 #T1585.001 #T1005 #T1114.003 #T1053.005 #T1608.001 #T1105 #T1114.002 #T1589.002 #T1036.005 #T1534 #T1078.003 #T1552.001 #T1560.001 #T1136.001 #T1057 #T1082 #T1550.002 #T1518.001 #T1176 #T1566.001 #T1071.003 #T1585.002 #T1588.002 #T1036.004 #T1204.001 #T1586.002 #T1041 #T1219 #T1589.003 #T1071.001 #T1564.002 #T1112 #T1218.005 #T1059.001 #T1593.001 #T1040 #T1546.001 #T1056.001 #T1070.006 #T1102.002 #T1583.006 #T1564.003 #T1098 #T1593.002 #T1547.001 #T1567.002 #T1059.007 #T1070.004 #T1560.003 #T1505.003 #T1583.004 #T1204.002 #T1055 #T1059.006 #T1083 #T1133 #T1566.002 #T1021.001 #T1584.001

2023-01-05

Attack IQ

Emulating the Highly Sophisticated North Korean Adversary Lazarus Group

#Trend #DreamJob #Inception #MagicRAT #Sharpshooter #ThreatNeedle #T1025 #T1047 #T1012 #T1016 #T1543.003 #T1057 #T1082 #T1552.002 #T1074.001 #T1572 #T1218.011 #T1547.001 #T1049 #T1003.002 #T1053.005 #T1041 #T1048.001 #T1105 #T1071.001 #T1220 #T1046 #T1218.010 #T1055 #T1112 #T1083 #T1007 #T1033 #T1036.005 #T1003

2022-07-20

Securonix

STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea)

#Konni #StiffBizon #T1059.005 #T1543.003 #T1057 #T1082 #T1134.001 #T1119 #T1548.002 #T1059.003 #T1566.001 #T1027.005 #T1070.004 #T1053.005 #T1539 #T1560.003 #T1113 #T1132.001 #T1020 #T1041 #T1204.002 #T1105 #T1071.001 #T1606.001 #T1007 #T1059.001 #T1053 #T1555.003 #T1033 #T1569.002

2021-02-25

Kaspersky

Lazarus targets defense industry with ThreatNeedle

#ThreatNeedle #Defense #Lazarus #T1090.001 #T1016 #T1104 #T1036.003 #T1560.001 #T1543.003 #T1132.002 #T1057 #T1082 #T1059.003 #T1070.002 #T1557.001 #T1572 #T1547.001 #T1135 #T1049 #T1140 #T1036.004 #T1070.004 #T1041 #T1070.003 #T1021.002 #T1204.002 #T1071.001 #T1112 #T1083 #T1007 #T1033 #T1566.002 #T1569.002

2020-04-23

Strangereal Intel

APT 37 strike again ?

#APT37 #T1112 #T1140 #T1007 #T1012 #T1031 #T1024 #T1106 #T1050 #T1059

2019-08-26

MITRE

Kimsuky

#Kimsuky #G0094 #T1136 #T1589 #T1562 #T1534 #T1190 #T1593 #T1036 #T1012 #T1608 #T1587 #T1550 #T1543 #T1016 #T1027 #T1114 #T1567 #T1102 #T1071 #T1057 #T1056 #T1082 #T1176 #T1566 #T1111 #T1591 #T1098 #T1585 #T1021 #T1553 #T1584 #T1140 #T1218 #T1598 #T1546 #T1583 #T1005 #T1552 #T1078 #T1518 #T1505 #T1041 #T1219 #T1560 #T1555 #T1564 #T1105 #T1588 #T1547 #T1070 #T1112 #T1557 #T1083 #T1055 #T1594 #T1007 #T1053 #T1040 #T1133 #T1586 #T1074 #T1204 #T1059 #T1003

« Back