Skip to content

T1624 Event Triggered Execution

Adversaries may establish persistence using system mechanisms that trigger execution based on specific events. Mobile operating systems have means to subscribe to events such as receiving an SMS message, device boot completion, or other device activities.

Adversaries may abuse these mechanisms as a means of maintaining persistent access to a victim via automatically and repeatedly executing malicious code. After gaining access to a victim’s system, adversaries may create or modify event triggers to point to malicious content that will be executed whenever the event trigger is invoked.

Item Value
ID T1624
Sub-techniques T1624.001
Tactics TA0028
Platforms Android
Version 1.1
Created 30 March 2022
Last Modified 20 March 2023


ID Mitigation Description
M1006 Use Recent OS Version Android 8 introduced additional limitations on the implicit intents that an application can register for.1


ID Data Source Data Component
DS0041 Application Vetting Permissions Requests