T1505 - Server Software Component - MITRE ATT&CK

T1505 - Server Software Component

Tactics:
Persistence

Platforms:
Windows Linux macOS Network Devices +1

Detection:
Not specified

Description:

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems. Enterprise server applications may include features that allow developers to write and install software or scripts to extend the functionality of the main application. Adversaries may install malicious components to extend and abuse server applications.(Citation: volexity_0day_sophos_FW)

Sub-techniques (6)

ID	ATT&CK	Actions
T1505.001	SQL Stored Procedures
T1505.002	Transport Agent
T1505.003	Web Shell
T1505.004	IIS Components
T1505.005	Terminal Services DLL
T1505.006	vSphere Installation Bundles

Metadata

MITRE ID:	T1505
STIX ID:	attack-pattern--d456de47-a16f-...
Platforms:	Windows, Linux, macOS, Network Devices, ESXi
Created:	13/01/2026 17:48
Updated:	14/03/2026 04:00