1. Home
  2. Software
  3. Tasklist

Tasklist

The Tasklist utility displays a list of applications and services with their Process IDs (PID) for all tasks running on either a local or a remote computer. It is packaged with Windows operating systems and can be executed from the command-line interface. [1]

ID: S0057
Type: TOOL
Version: 1.0
Created: 31 May 2017
Last Modified: 17 October 2018
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1057 Process Discovery

Tasklist can be used to discover processes running on a system.[1]
Enterprise T1518 .001 Software Discovery: Security Software Discovery

Tasklist can be used to enumerate security software currently running on a system by process name of known products.[1]
Enterprise T1007 System Service Discovery

Tasklist can be used to discover services running on a system.[1]

Groups That Use This Software

ID Name References
G0049 OilRig

[2][3]
G0072 Honeybee

[4]
G0019 Naikon

[5]
G0006 APT1

[6]
G0009 Deep Panda

[7]
G0004 Ke3chang

[8]
G0016 APT29

[9]
G0010 Turla

[10]
G0027 Threat Group-3390

[11]

References

  1. Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.
  2. Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.
  3. Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.
  4. Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
  5. Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019.
  6. Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
  1. Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.
  2. Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.
  3. CISA. (2020, July 16). MAR-10296782-1.v1 – SOREFANG. Retrieved September 29, 2020.
  4. Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
  5. Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.