Malware: RemoteCMD

Description

[RemoteCMD](https://attack.mitre.org/software/S0166) is a custom tool used by [APT3](https://attack.mitre.org/groups/G0022) to execute commands on a remote system similar to SysInternal's PSEXEC functionality. (Citation: Symantec Buckeye)

External References

• mitre-attack
• Symantec Buckeye

Techniques Used by This Malware

• T1053.005 — Scheduled Task
• T1105 — Ingress Tool Transfer
• T1569.002 — Service Execution

APT Groups Using This Malware

• APT3