Threat actors may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp. Once present, Threat actors may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer).
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.