VOOZH about

URL: https://attack.mitre.org/software/S0057/

⇱ Tasklist, Software S0057 | MITRE ATT&CK®

ATT&CKcon 7.0 is coming October 27-28, 2026. Learn more about ATT&CKcon 7.0 and submit your proposal.
  1. Home
  2. Software
  3. Tasklist

Tasklist

The Tasklist utility displays a list of applications and services with their Process IDs (PID) for all tasks running on either a local or a remote computer. It is packaged with Windows operating systems and can be executed from the command-line interface. [1]

ID: S0057
Type: TOOL
Version: 1.3
Created: 31 May 2017
Last Modified: 12 May 2026
Enterprise Layer
download view 👁 Image

Techniques Used

Domain ID Name Use
Enterprise T1057 Process Discovery

Tasklist can be used to discover processes running on a system.[1]
Enterprise T1518 .001 Software Discovery: Security Software Discovery

Tasklist can be used to enumerate security software currently running on a system by process name of known products.[1]
Enterprise T1007 System Service Discovery

Tasklist can be used to discover services running on a system.[1]

Groups That Use This Software

Campaigns

ID Name Description
C0063 2025 Poland Wiper Attacks

During the 2025 Poland Wiper Attacks, the adversaries used Tasklist for reconnaissance activities running cmd.exe /c "tasklist > C:\Windows\TEMP\outlog.txt && netstat -nao >> C:\Windows\TEMP\outlog.txt && netstat -r >> C:\Windows\TEMP\ outlog.txt && arp -a >> C:\Windows\TEMP\outlog.txt && dir /s /b C:\ Users >> C:\Windows\TEMP\outlog.txt.[18]
C0007 FunnyDream

[19]
C0006 Operation Honeybee

[20]

References

  1. Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.
  2. Microsoft Threat Intelligence. (2024, September 26). Storm-0501: Ransomware attacks expanding to hybrid cloud environments. Retrieved October 19, 2025.
  3. Perez, D. et al. (2021, May 27). Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices. Retrieved February 5, 2024.
  4. CISA. (2020, July 16). MAR-10296782-1.v1 – SOREFANG. Retrieved September 29, 2020.
  5. Tomonaga, S. (2024, July 16). MirrorFace Attack against Japanese Organisations. Retrieved April 17, 2026.
  6. Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.
  7. Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.
  8. Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.
  9. Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.
  10. NSA et al. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved July 27, 2023.
  1. Counter Threat Unit Research Team. (2023, May 24). Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations. Retrieved July 27, 2023.
  2. CISA et al.. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved May 15, 2024.
  3. Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
  4. Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.
  5. Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.
  6. Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
  7. Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019.
  8. CERT Polska. (2026, January 30). Energy Sector Incident Report – 29 December. Retrieved April 22, 2026.
  9. Vrabie, V. (2020, November). Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. Retrieved September 19, 2022.
  10. Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
×