216.73.217.176

T1663: Remote Access Software

View on MITRE ATT&CK The MITRE Corporation · Published 25/09/2023 21:53 · Modified 27/03/2026 01:41

Essential information

MITRE technique ID
T1663
Confidence
100/100
Revoked
No
Published
25/09/2023 21:53
Modified
27/03/2026 01:41
Author / Source
The MITRE Corporation

Platforms

android iOS

Description

Adversaries may use legitimate remote access software, such as `VNC`, `TeamViewer`, `AirDroid`, `AirMirror`, etc., to establish an interactive command and control channel to target mobile devices. Remote access applications may be installed and used post-compromise as an alternate communication channel for redundant access or as a way to establish an interactive remote session with the target device. They may also be used as a component of malware to establish a reverse connection to an adversary-controlled system or service. Installation of remote access tools may also include persistence.

Kill chain phases

Kill chainPhase
mitre-mobile-attack command-and-control

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references