External Remote Services (T1133)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • External Remote Services

Associated Tactics

  • Persistence
  • Initial Access

Persistence (TA0003)

The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

View on ATT&CK

Procedure Examples

Description Source(s)
Adair, S. (2015, October 7). Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence. Retrieved March 20, 2017. Volexity Virtual Private Keylogging
Apple Support. (n.d.). Set up a computer running VNC software for Remote Desktop. Retrieved August 18, 2021. MacOS VNC software for Remote Desktop
Chen, J. et al. (2021, February 3). Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes. Retrieved April 5, 2021. Unit 42 Hildegard Malware
Remillano II, A., et al. (2020, June 20). XORDDoS, Kaiji Variants Target Exposed Docker Servers. Retrieved April 5, 2021. Trend Micro Exposed Docker Server