T1505Techniquepersistenceagent-callable

T1505Server Software Component

Platforms: Windows · Linux · macOS · Network

ATT&CK version: 14.1

What it is

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems. Enterprise server applications may include features that allow developers to write and install software or scripts to extend the functionality of the main application. Adversaries may install malicious components to extend and abuse server applications.(Citation: volexity_0day_sophos_FW)

ATT&CK tactics· 1

Persistence

References

  1. https://attack.mitre.org/techniques/T1505
  2. https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
  3. https://www.us-cert.gov/ncas/alerts/TA15-314A
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.
T1505: Server Software Component | SQUR Knowledge Base