Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-4 | Information Flow Enforcement | Protects | T1105 | Ingress Tool Transfer |
| CA-7 | Continuous Monitoring | Protects | T1105 | Ingress Tool Transfer |
| CM-2 | Baseline Configuration | Protects | T1105 | Ingress Tool Transfer |
| CM-6 | Configuration Settings | Protects | T1105 | Ingress Tool Transfer |
| CM-7 | Least Functionality | Protects | T1105 | Ingress Tool Transfer |
| SC-7 | Boundary Protection | Protects | T1105 | Ingress Tool Transfer |
| SI-3 | Malicious Code Protection | Protects | T1105 | Ingress Tool Transfer |
| SI-4 | System Monitoring | Protects | T1105 | Ingress Tool Transfer |