Server Software Component (T1505)
Tactic: Persistence · Platforms: Windows, Linux, macOS, Network Devices, ESXi
The interactive view maps 1 detection strategy, 7 mitigations to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems. Enterprise server applications may include features that allow developers to write and install software or scripts to extend the functionality of the main application. Adversaries may install malicious components to extend and abuse server applications.
Sub-techniques
- SQL Stored Procedures (T1505.001)
- Transport Agent (T1505.002)
- Web Shell (T1505.003)
- IIS Components (T1505.004)
- Terminal Services DLL (T1505.005)
- vSphere Installation Bundles (T1505.006)