Tasklist

The Tasklist utility displays a list of applications and services with their Process IDs (PID) for all tasks running on either a local or a remote computer. It is packaged with Windows operating systems and can be executed from the command-line interface. [1]

ID: S0057
Type: TOOL
Version: 1.0
Created: 31 May 2017
Last Modified: 17 October 2018

Techniques Used

Domain ID Name Use
Enterprise T1057 Process Discovery

Tasklist can be used to discover processes running on a system.[1]

Enterprise T1518 .001 Software Discovery: Security Software Discovery

Tasklist can be used to enumerate security software currently running on a system by process name of known products.[1]

Enterprise T1007 System Service Discovery

Tasklist can be used to discover services running on a system.[1]

Groups That Use This Software

ID Name References
G0049 OilRig

[2][3]

G0072 Honeybee

[4]

G0019 Naikon

[5]

G0006 APT1

[6]

G0009 Deep Panda

[7]

G0004 Ke3chang

[8]

G0016 APT29

[9]

G0010 Turla

[10]

G0027 Threat Group-3390

[11]

References