Register to stream ATT&CKcon 2.0 October 29-30

RemoteCMD

RemoteCMD is a custom tool used by APT3 to execute commands on a remote system similar to SysInternal's PSEXEC functionality. [1]

ID: S0166
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1105 Remote File Copy RemoteCMD copies a file over to the remote system before execution. [1]
Enterprise T1053 Scheduled Task RemoteCMD can execute commands remotely by creating a new schedule task on the remote system [1]
Enterprise T1035 Service Execution RemoteCMD can execute commands remotely by creating a new service on the remote system. [1]

Groups That Use This Software

ID Name References
G0022 APT3 [1]

References