| ID | Name |
|---|---|
| ATAGS-T1074.001 | IIS Components |
| ATAGS-T1074.002 | SQL Stored Procedures |
| ATAGS-T1074.003 | Terminal Services DLL |
| ATAGS-T1074.004 | Transport Agent |
| ATAGS-T1074.005 | vSphere Installation Bundles |
| ATAGS-T1074.006 | Web Shell |
Threat Actors may abuse components of Terminal Services to enable persistent access to systems. Microsoft Terminal Services, renamed to Remote Desktop Services in some Windows Server OSs as of 2022, enable remote terminal connections to hosts. Terminal Services allows servers to transmit a full, interactive, graphical user interface to clients via RDP.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.