Prohibited Service Detected

Description

Alerts when a service in the prohibited service list is detected.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Endpoint Compromise, Unauthorized Software

Alert Volume

Alerts when a service in the prohibited service list is detected.

SPL Difficulty

Medium

Journey

Stage 4

MITRE ATT&CK Tactics

Execution
Persistence
Privilege Escalation

MITRE ATT&CK Techniques

Service Execution
Modify Existing Service
New Service

Windows Service
Service Execution

MITRE Threat Groups

APT19
APT3
APT32
APT39
APT41
Blue Mockingbird
Carbanak
Cobalt Group
DarkVishnya
FIN6
FIN7
Honeybee
Ke3chang
Kimsuky
Lazarus Group
PROMETHIUM
Silence
Threat Group-3390
Tropic Trooper
Wizard Spider

Data Sources

Endpoint Detection and Response