EXPLORE
Sign In
← Back to Explore
T1505.001

SQL Stored Procedures

Adversaries may abuse SQL stored procedures to establish persistent access to systems. SQL Stored Procedures are code that can be saved and reused so that database users do not waste time rewriting frequently used SQL queries. Stored procedures can be invoked via SQL statements to the database using the procedure name or via defined events (e.g. when a SQL server application is started/restarted). Adversaries may craft malicious stored procedures that can provide a persistence mechanism in SQL ...

WindowsLinux
8
Detections
3
Sources
0
Threat Actors

BY SOURCE

6splunk_escu1elastic1sigma

PROCEDURES (6)

Suspicious3 detections

Auto-extracted: 3 detections for suspicious

Privilege1 detections

Auto-extracted: 1 detections for privilege

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Privilege1 detections

Auto-extracted: 1 detections for privilege

Privilege1 detections

Auto-extracted: 1 detections for privilege

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

DETECTIONS (8)

Execution via MSSQL xp_cmdshell Stored Procedure
elasticmedium
Suspicious SQL Query
sigmamedium
Windows SQL Server Configuration Option Hunt
splunk_escu
Windows SQL Server Critical Procedures Enabled
splunk_escu
Windows SQL Server Extended Procedure DLL Loading Hunt
splunk_escu
Windows SQL Server Startup Procedure
splunk_escu
Windows SQL Server xp_cmdshell Config Change
splunk_escu
Windows Sqlservr Spawning Shell
splunk_escu