Skip to content

S0166 RemoteCMD

RemoteCMD is a custom tool used by APT3 to execute commands on a remote system similar to SysInternal’s PSEXEC functionality. 1

Item Value
ID S0166
Associated Names
Type MALWARE
Version 1.1
Created 16 January 2018
Last Modified 31 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1105 Ingress Tool Transfer RemoteCMD copies a file over to the remote system before execution.1
enterprise T1053 Scheduled Task/Job -
enterprise T1053.005 Scheduled Task RemoteCMD can execute commands remotely by creating a new schedule task on the remote system1
enterprise T1569 System Services -
enterprise T1569.002 Service Execution RemoteCMD can execute commands remotely by creating a new service on the remote system.1

Groups That Use This Software

ID Name References
G0022 APT3 1

References

  1. Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.