Adversaries leverage the Remote File Copy technique to deploy binaries from a command and control (C2) server to a victim machine or between systems in a compromised environment. As these examples suggest, the technique falls under both the Command and Control and Lateral Movement tactics.

Like certain other techniques on this list, Remote File Copy is a technique of necessity. Adversaries often have to copy files between remote systems if they want to accomplish their objectives. As a result, we see many prominent malware families leveraging Remote File Copy. MITRE ATT&CK lists nearly 200 threat groups and malware samples, but some prominent examples include:

• Astaroth

• Bundlore

• Dyre

• Emotet

• njRAT

• PlugX

• Shlayer

• SmokeLoader

• TrickBot

• Wannacry