Threat actors may transfer tools or other files between systems in a compromised environment. Once brought into the victim environment (i.e., Ingress Tool Transfer) files may then be copied from one system to another to stage adversary tools or other files over the course of an operation.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.