Ingress Tool Transfer (T1105)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Ingress Tool Transfer

Associated Tactics

  • Command And Control

Command and Control (TA0011)

The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Mathanraj Thangaraju, Sijo Jacob. (2023, July 26). Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler. Retrieved March 15, 2024. T1105: Trellix_search-ms
David Talbot. (2013, August 21). Dropbox and Similar Services Can Sync Malware. Retrieved May 31, 2023. Dropbox Malware Sync
Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016. University of Birmingham C2
LOLBAS. (n.d.). LOLBAS Mapped to T1105. Retrieved March 11, 2022. t1105_lolbas
Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018. PTSecurity Cobalt Dec 2016