T1570 Lateral Tool Transfer Mappings

Adversaries may transfer tools or other files between systems in a compromised environment. Files may be copied from one system to another to stage adversary tools or other files over the course of an operation. Adversaries may copy files laterally between internal victim systems to support lateral movement using inherent file sharing protocols such as file sharing over SMB to connected network shares or with authenticated connections with SMB/Windows Admin Shares or Remote Desktop Protocol. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-3 Access Enforcement Protects T1570 Lateral Tool Transfer
AC-4 Information Flow Enforcement Protects T1570 Lateral Tool Transfer
CA-7 Continuous Monitoring Protects T1570 Lateral Tool Transfer
CM-2 Baseline Configuration Protects T1570 Lateral Tool Transfer
CM-6 Configuration Settings Protects T1570 Lateral Tool Transfer
CM-7 Least Functionality Protects T1570 Lateral Tool Transfer
SC-7 Boundary Protection Protects T1570 Lateral Tool Transfer
SI-10 Information Input Validation Protects T1570 Lateral Tool Transfer
SI-15 Information Output Filtering Protects T1570 Lateral Tool Transfer
SI-3 Malicious Code Protection Protects T1570 Lateral Tool Transfer
SI-4 System Monitoring Protects T1570 Lateral Tool Transfer
network_security_groups Network Security Groups technique_scores T1570 Lateral Tool Transfer