SOFTWARE
Arp
at
cmd
Dok
FTP
Net
Orz
Reg
RTM
Tor
yty
SOFTWARE
1-9
A-B
Arp
at
C-D
cmd
Dok
E-F
FTP
G-H
I-J
K-L
M-N
Net
O-P
Orz
Q-R
Reg
RTM
S-T
Tor
U-V
W-X
Y-Z
yty
  1. Home
  2. Software
  3. RemoteCMD

RemoteCMD

RemoteCMD is a custom tool used by APT3 to execute commands on a remote system similar to SysInternal's PSEXEC functionality. [1]

ID: S0166
Type: MALWARE
Platforms: Windows
Version: 1.0
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1105 Remote File Copy

RemoteCMD copies a file over to the remote system before execution.[1]
Enterprise T1053 Scheduled Task

RemoteCMD can execute commands remotely by creating a new schedule task on the remote system[1]
Enterprise T1035 Service Execution

RemoteCMD can execute commands remotely by creating a new service on the remote system.[1]

Groups That Use This Software

ID Name References
G0022 APT3 [1]

References

  1. Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.