Home/ MITRE Matrix/ Persistence/ T1505.001

T1505.001SQL Stored Procedures

T1505.001 — SQL Stored Procedures is a MITRE ATT&CK technique in the Persistence tactic. Clankerusecase tracks 8 detection use cases covering it and 2 threat-intel articles citing it.

Persistence

View on the matrix → Filter Detection Library MITRE official spec ↗

8Use cases

2Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1505 · Server Software Component

Use cases covering this technique (8)

Windows SQL Server Configuration Option Hunt ESCU actions · hunting P Windows SQL Server Critical Procedures Enabled ESCU actions · alerting P Windows SQL Server Extended Procedure DLL Loading Hunt ESCU actions · hunting P Windows SQL Server Startup Procedure ESCU actions · hunting P Windows SQL Server xp_cmdshell Config Change ESCU actions · alerting P Windows Sqlservr Spawning Shell ESCU actions · hunting P [LLM] Public-facing MSSQL sqlservr.exe spawns suspicious child (OceanLotus transport-construction intrusion vector) Bespoke exploit · alerting DSΣPDDCS [LLM] npm postinstall chain installs malicious 'openclaw' global package (cline@2.3.0 supply-chain IOC) Bespoke install · alerting DSΣPDDCS

Articles citing this technique (2)

crit OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack art-53

crit Cline Supply Chain Attack Detected: cline@2.3.0 Silently Installs OpenClaw art-404