v2 - Compact Menu

Remote File Copy

Adversaries leverage the Remote File Copy technique to deploy binaries from a command and control (C2) server to a victim machine or between systems in a compromised environment. As these examples suggest, the technique falls under both the Command and Control and Lateral Movement tactics.
Like certain other techniques on this list, Remote File Copy is a technique of necessity. Adversaries often have to copy files between remote systems if they want to accomplish their objectives. As a result, we see many prominent malware families leveraging Remote File Copy. MITRE ATT&CK lists nearly 200 threat groups and malware samples, but some prominent examples include:
  • Astaroth
  • Bundlore
  • Dyre
  • Emotet
  • njRAT
  • PlugX
  • Shlayer
  • SmokeLoader
  • TrickBot
  • Wannacry