RemoteCMD

RemoteCMD is a custom tool used by APT3 to execute commands on a remote system similar to SysInternal's PSEXEC functionality. [1]

ID: S0166
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1105Remote File CopyRemoteCMD copies a file over to the remote system before execution.[1]
EnterpriseT1053Scheduled TaskRemoteCMD can execute commands remotely by creating a new schedule task on the remote system[1]
EnterpriseT1035Service ExecutionRemoteCMD can execute commands remotely by creating a new service on the remote system.[1]

Groups

Groups that use this software:

APT3

References