Analysis of CLR SqlShell Used to Attack MS-SQL Servers

This blog post will analyze the CLR SqlShell malware that is being used to target MS-SQL servers. Similar to WebShell, which can be installed on web servers, SqlShell is a malware strain that supports various features after being installed on an MS-SQL server, such as executing commands from threat actors and carrying out all sorts of malicious behavior. MS-SQL servers support a method known as CLR Stored Procedure which allows the usage of expanded features, and SqlShell is a DLL …

analysis attack blog blog post features malware malware analysis ms-sql server servers sql sql server sql servers sqlshell target threat threat actors web webshell