1. Home
  2. ATT&CK Techniques
  3. T1505 Server Software Component

T1505 Server Software Component Mappings

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems. Enterprise server applications may include features that allow developers to write and install software or scripts to extend the functionality of the main application. Adversaries may install malicious components to extend and abuse server applications.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
AC-2 Account Management Protects T1505 Server Software Component
AC-3 Access Enforcement Protects T1505 Server Software Component
AC-5 Separation of Duties Protects T1505 Server Software Component
AC-6 Least Privilege Protects T1505 Server Software Component
CA-8 Penetration Testing Protects T1505 Server Software Component
CM-11 User-installed Software Protects T1505 Server Software Component
CM-2 Baseline Configuration Protects T1505 Server Software Component
CM-5 Access Restrictions for Change Protects T1505 Server Software Component
CM-6 Configuration Settings Protects T1505 Server Software Component
CM-8 System Component Inventory Protects T1505 Server Software Component
IA-2 Identification and Authentication (organizational Users) Protects T1505 Server Software Component
IA-9 Service Identification and Authentication Protects T1505 Server Software Component
RA-5 Vulnerability Monitoring and Scanning Protects T1505 Server Software Component
SA-10 Developer Configuration Management Protects T1505 Server Software Component
SA-11 Developer Testing and Evaluation Protects T1505 Server Software Component
SI-4 System Monitoring Protects T1505 Server Software Component
SI-7 Software, Firmware, and Information Integrity Protects T1505 Server Software Component
SR-11 Component Authenticity Protects T1505 Server Software Component
SR-4 Provenance Protects T1505 Server Software Component
SR-5 Acquisition Strategies, Tools, and Methods Protects T1505 Server Software Component
SR-6 Supplier Assessments and Reviews Protects T1505 Server Software Component
CVE-2014-4148 n/a uncategorized T1505 Server Software Component
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1505 Server Software Component
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1505 Server Software Component
action.malware.variety.Backdoor Backdoor (enable remote access). Child of 'RAT' when combined with 'Trojan' related-to T1505 Server Software Component

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1505.001 SQL Stored Procedures 25
T1505.002 Transport Agent 25
T1505.003 Web Shell 16