RemoteCMD

RemoteCMD is a custom tool used by APT3 to execute commands on a remote system similar to SysInternal's PSEXEC functionality. [1]

ID: S0166
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 16 January 2018
Last Modified: 31 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1105 Ingress Tool Transfer

RemoteCMD copies a file over to the remote system before execution.[1]

Enterprise T1053 .005 Scheduled Task/Job: Scheduled Task

RemoteCMD can execute commands remotely by creating a new schedule task on the remote system[1]

Enterprise T1569 .002 System Services: Service Execution

RemoteCMD can execute commands remotely by creating a new service on the remote system.[1]

Groups That Use This Software

ID Name References
G0022 APT3

[1]

References