Skip to content

S0057 Tasklist

The Tasklist utility displays a list of applications and services with their Process IDs (PID) for all tasks running on either a local or a remote computer. It is packaged with Windows operating systems and can be executed from the command-line interface. 1

Item Value
ID S0057
Type TOOL
Version 1.0
Created 31 May 2017
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1057 Process Discovery Tasklist can be used to discover processes running on a system.1
enterprise T1518 Software Discovery -
enterprise T1518.001 Security Software Discovery Tasklist can be used to enumerate security software currently running on a system by process name of known products.1
enterprise T1007 System Service Discovery Tasklist can be used to discover services running on a system.1

Groups That Use This Software

ID Name References
G0049 OilRig 23
G0072 Honeybee 4
G0019 Naikon 5
G0006 APT1 6
G0009 Deep Panda 7
G0004 Ke3chang 8
G0016 APT29 9
G0010 Turla 10
G0027 Threat Group-3390 11

References

Back to top