BITS Jobs (T1197)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • BITS Jobs

Associated Tactics

  • Defense Evasion
  • Persistence

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Counter Threat Unit Research Team. (2016, June 6). Malware Lingers with BITS. Retrieved January 12, 2018. CTU BITS Malware June 2016
Florio, E. (2007, May 9). Malware Update with Windows Update. Retrieved January 12, 2018. Symantec BITS May 2007
French, D., Murphy, B. (2020, March 24). Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1). Retrieved December 21, 2020. Elastic - Hunting for Persistence Part 1
Hayashi, K. (2017, November 28). UBoatRAT Navigates East Asia. Retrieved January 12, 2018. PaloAlto UBoatRAT Nov 2017
Microsoft. (2011, July 19). Issues with BITS. Retrieved January 12, 2018. Microsoft Issues with BITS July 2011
Microsoft. (n.d.). Background Intelligent Transfer Service. Retrieved January 12, 2018. Microsoft BITS
Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018. Microsoft BITSAdmin
Microsoft. (n.d.). Component Object Model (COM). Retrieved November 22, 2017. Microsoft COM
Mondok, M. (2007, May 11). Malware piggybacks on Windows’ Background Intelligent Transfer Service. Retrieved January 12, 2018. Mondok Windows PiggyBack BITS May 2007