Skip to content

T1544 Ingress Tool Transfer

Adversaries may transfer tools or other files from an external system onto a compromised device to facilitate follow-on actions. Files may be copied from an external adversary-controlled system through the command and control channel or through alternate protocols with another tool such as FTP.

Item Value
ID T1544
Tactics TA0037
Platforms Android, iOS
Version 2.1
Created 21 January 2020
Last Modified 20 March 2023

Procedure Examples

ID Name Description
S1061 AbstractEmu AbstractEmu can receive files from the C2 at runtime.3
S0485 Mandrake Mandrake can install attacker-specified components or applications.4
S0407 Monokle Monokle can download attacker-specified files.2
S0326 RedDrop RedDrop uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. RedDrop also downloads additional components (APKs, JAR files) from different C2 servers.6
S1055 SharkBot SharkBot can download attacker-specified files.1
S0418 ViceLeaker ViceLeaker can download attacker-specified files.5


ID Data Source Data Component
DS0041 Application Vetting Network Communication