Once a payload is delivered, Threat Actors may reproduce copies of the same malware on the victim system to remove evidence of their presence and/or avoid defenses. Copying malware payloads to new locations may also be combined with File Deletion to cleanup older artifacts.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.