Analysis of CLR SqlShell Used to Attack MS-SQL Servers Posted By Sanseo , May 11, 2023 This blog post will analyze the CLR SqlShell malware that is being used to target MS-SQL servers. Similar to WebShell, which can be installed on web servers, SqlShell is a malware strain that supports various features after being installed on an MS-SQL server, such as executing commands from threat actors and carrying out all sorts of malicious behavior. MS-SQL servers support a method known as CLR Stored Procedure which allows the usage of expanded features, and SqlShell is a DLL…
