T1505

Windows Linux macOS Network Devices ESXi
Server Software Component

Description

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems. Enterprise server applications may include features that allow developers to write and install software or scripts to extend the functionality of the main application.

Adversaries may install malicious components to extend and abuse server applications.

Sub-techniques

T1505.001 — SQL Stored Procedures T1505.002 — Transport Agent T1505.003 — Web Shell T1505.004 — IIS Components T1505.005 — Terminal Services DLL T1505.006 — vSphere Installation Bundles