System Services
February 14, 2024 ยท View on GitHub
| ID | E1569 |
| Objective(s) | Execution |
| Related ATT&CK Techniques | System Services (T1569) |
| Version | 2.0 |
| Created | 8 November 2021 |
| Last Modified | 12 June 2023 |
System Services
Malware may manipulate, create, or interact with system services to achieve persistence, gain higher privileges, or execute malicious code. System services are background processes that are integral parts of an operating system's functionality. Malware can exploit these services by modifying their configurations, replacing legitimate service binaries with malicious ones, or creating new services that run malicious code.
See ATT&CK: System Services (T1569).
Methods
| Name | ID | Description |
|---|---|---|
| MSDTC | E1569.m01 | The Distributed Transaction Coordinator (MSDTC) coordinates transaction across multiple resource managers (databases, message queues and file systems). This legitimate Microsoft service is part of Windows 2000 and later and can be used to import and load DLLs. Malware may abuse MSDTC to import and load DLLs.[1] |
References
[1] https://cyware.com/news/catb-ransomware-exploits-msdtc-service-to-steal-data-3bb46fc0