| ID | Name |
|---|---|
| ATAGS-T1074.001 | IIS Components |
| ATAGS-T1074.002 | SQL Stored Procedures |
| ATAGS-T1074.003 | Terminal Services DLL |
| ATAGS-T1074.004 | Transport Agent |
| ATAGS-T1074.005 | vSphere Installation Bundles |
| ATAGS-T1074.006 | Web Shell |
Threat Actors may abuse SQL stored procedures to establish persistent access to systems. SQL Stored Procedures are code that can be saved and reused so that database users do not waste time rewriting frequently used SQL queries. Stored procedures can be invoked via SQL statements to the database using the procedure name or via defined events (e.g. when a SQL server application is started/restarted).
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.