Inter-Process Communication (T1559)

View on ATT&CK

In Playbook

Technique & Subtechniques

Associated Tactics

  • Execution

Execution (TA0002)

The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.

View on ATT&CK

Procedure Examples

Description Source(s)
Hamilton, C. (2019, June 4). Hunting COM Objects. Retrieved June 10, 2019. Fireeye Hunting COM June 2019
N/A. (2021, April 1). Inter Process Communication (IPC). Retrieved March 11, 2022. Linux IPC