Stopping Services with net.exe¶

Detects when running services are stopped with the net.exe command.

id:	0b2ea078-b2ef-4cf7-aef1-564a63662e3b
categories:	enrich
confidence:	low
os:	windows
created:	7/26/2019
updated:	7/26/2019

MITRE ATT&CK™ Mapping¶

tactics:	Impact
techniques:	T1489 Service Stop

Query¶

process where subtype.create and
  process_name == "net.exe" and
  command_line == "* stop *"

Contributors¶

Endgame

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.