MITRE ATT&CK Technique
Execution
T1569
Description
Adversaries may abuse system services or daemons to execute commands or programs. Adversaries can execute malicious content by interacting with or creating services either locally or remotely. Many services are set to run at boot, which can aid in achieving persistence ([Create or Modify System Process](https://attack.mitre.org/techniques/T1543)), but adversaries can also abuse services for one-time or temporary execution.
Supported Platforms
Windows
macOS
Linux
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2020-03-10T18:23:06.482Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may abuse system services or daemons to execute '
'commands or programs. Adversaries can execute malicious '
'content by interacting with or creating services either '
'locally or remotely. Many services are set to run at boot, '
'which can aid in achieving persistence ([Create or Modify '
'System Process](https://attack.mitre.org/techniques/T1543)), '
'but adversaries can also abuse services for one-time or '
'temporary execution.',
'external_references': [{'external_id': 'T1569',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1569'}],
'id': 'attack-pattern--d157f9d2-d09a-4efa-bb2a-64963f94e253',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'execution'}],
'modified': '2025-10-24T17:49:25.548Z',
'name': 'System Services',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': False,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['Windows', 'macOS', 'Linux'],
'x_mitre_version': '1.4'}