Adversaries may transfer tools or other files between systems in a compromised environment. Files may be copied from one system to another to stage adversary tools or other files over the course of an operation. Adversaries may copy files laterally between internal victim systems to support lateral movement using inherent file sharing protocols such as file sharing over SMB to connected network shares or with authenticated connections with SMB/Windows Admin Shares or Remote Desktop Protocol. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
AC-3 | Access Enforcement | Protects | T1570 | Lateral Tool Transfer |
AC-4 | Information Flow Enforcement | Protects | T1570 | Lateral Tool Transfer |
CA-7 | Continuous Monitoring | Protects | T1570 | Lateral Tool Transfer |
CM-2 | Baseline Configuration | Protects | T1570 | Lateral Tool Transfer |
CM-6 | Configuration Settings | Protects | T1570 | Lateral Tool Transfer |
CM-7 | Least Functionality | Protects | T1570 | Lateral Tool Transfer |
SC-7 | Boundary Protection | Protects | T1570 | Lateral Tool Transfer |
SI-10 | Information Input Validation | Protects | T1570 | Lateral Tool Transfer |
SI-15 | Information Output Filtering | Protects | T1570 | Lateral Tool Transfer |
SI-3 | Malicious Code Protection | Protects | T1570 | Lateral Tool Transfer |
SI-4 | System Monitoring | Protects | T1570 | Lateral Tool Transfer |