enumerate services

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: enumerate services
    namespace: host-interaction/service/list
    authors:
      - moritz.raabe@mandiant.com
      - michael.hunhoff@mandiant.com
    scopes:
      static: function
      dynamic: call
    att&ck:
      - Discovery::System Service Discovery [T1007]
    examples:
      - Practical Malware Analysis Lab 05-01.dll_:0x1000B823
  features:
    - or:
      - api: advapi32.EnumServicesStatus
      - api: advapi32.EnumServicesStatusEx
      - api: advapi32.EnumDependentServices

last edited: 2023-11-24 10:34:28