ATT&CK v18 has been released! Check out the blog post or changelog for more information.

Service Modification

Changes made to an existing service or daemon, such as modifying the service name, start type, execution parameters, or security configurations.

ID: DC0065

Domains: ICS, Enterprise

Version: 2.0

Created: 20 October 2021

Last Modified: 12 November 2025

Log Sources

Name	Channel
Service	None
WinEventLog:Microsoft-IIS-Configuration	Module or ISAPI filter registration events
WinEventLog:System	EventCode=7040

ID	Name	Technique Detected
DET0725	Detection of Masquerading	T0849
DET0427	Detection Strategy for Hijack Execution Flow through Service Registry Premission Weakness.	T1574.011
DET0068	Detection Strategy for T1505.004 - Malicious IIS Components	T1505.004