T1570: T1570
Essential information
- MITRE technique ID
T1570- Confidence
- 100/100
- Revoked
- No
- Published
- 16/12/2025 19:38
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Lateral Tool Transfer
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | lateral-movement |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (57)
-
Earth Baxia usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
IronHusky usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
RansomHub usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Locky usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021 primarily targeting critical infrastructure organizations in the US and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC3886 usesThe MITRE Corporation Confidence 100
[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[INC Ransom](https://attack.mitre.org/groups/G1032) is a ransomware and data extortion threat group associated with the deployment of [INC Ransomware](https://attack.mitre.org/software/S1139) that has been active since at least July 2023. [INC Ransom](https://attack.mitre.org/groups/G1032)…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Cuba usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UAC-0212 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dalbit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (97)
-
RansomHub usesFamily
-
Sliver usesFamily
-
SameCoin usesFamily
-
ZingDoor usesFamily
-
CloudAtlas usesFamily
-
BlackByte usesFamily
-
Makop usesFamily
-
QakBot usesFamily
-
SystemBC usesFamily
-
Raccoon Stealer V2 usesFamily
-
INMemory web shell usesFamily
-
ThreatNeedle - S0665 usesFamily
Reports (50)
-
1 CVE 16 MITREs 5 Malwares 16 Observables 1 APT
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools· threat-report
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs· threat-report
-
Latest PyPi Compromise relatedAlienVault Confidence 100 20 MITREs 3 Malwares 9 IOCs 9 Observables 1 APT· threat-report
-
AlienVault Confidence 100 5 CVEs 24 MITREs 2 Malwares 4 IOCs 4 Observables· threat-report
-
3 CVEs 20 MITREs 13 Malwares 33 Observables 1 APT
-
19 MITREs 2 Malwares 2 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 3 Malwares 15 IOCs 15 Observables· threat-report
-
46 MITREs 6 Malwares 27 Observables 1 APT
-
20 MITREs 8 Malwares
-
AlienVault Confidence 100 11 MITREs 1 Malware 1 APT· threat-report
-
AlienVault Confidence 100 19 MITREs 1 Malware 7 IOCs 7 Observables 1 APT· threat-report
Vulnerabilities (CVE) (58)
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 03/03/2022
- Modified
- 21/12/2025
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Attack vector
- LOCAL
- Published
- 13/08/2024
- Modified
- 21/12/2025
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
- Published
- 07/04/2023
- Modified
- 21/12/2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your …
- Attack vector
- NETWORK
- Published
- 11/02/2025
- Modified
- 21/12/2025
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead …
- Attack vector
- Network
- Published
- 19/08/2024
- Modified
- 21/12/2025
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to …
- Published
- 22/10/2025
- Modified
- 21/12/2025
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 09/03/2016
- Modified
- 22/04/2026
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An …
- Published
- 14/06/2022
- Modified
- 27/05/2026
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an …
- Published
- 09/12/2025
- Modified
- 09/12/2025
Course Of Action (2)
-
Network Intrusion Prevention mitigates
-
Filter Network Traffic mitigates
Tool (6)
-
Impacket usesThe MITRE Corporation Confidence 100
[Impacket](https://attack.mitre.org/software/S0357) is an open source collection of modules written in Python for programmatically constructing and manipulating network protocols. [Impacket](https://attack.mitre.org/software/S0357) contains several tools for remote service execution, Kerberos manipulation,…
-
ftp usesThe MITRE Corporation Confidence 100
[ftp](https://attack.mitre.org/software/S0095) is a utility commonly available with operating systems to transfer information over the File Transfer Protocol (FTP). Adversaries can use it to transfer other tools onto a…
-
BITSAdmin usesThe MITRE Corporation Confidence 100
[BITSAdmin](https://attack.mitre.org/software/S0190) is a command line tool used to create and manage [BITS Jobs](https://attack.mitre.org/techniques/T1197). (Citation: Microsoft BITSAdmin)
-
PsExec usesThe MITRE Corporation Confidence 100
[PsExec](https://attack.mitre.org/software/S0029) is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.(Citation: Russinovich Sysinternals)(Citation: SANS…
-
cmd usesThe MITRE Corporation Confidence 100
[cmd](https://attack.mitre.org/software/S0106) is the Windows command-line interpreter that can be used to interact with systems and execute other processes and utilities. (Citation: TechNet Cmd) Cmd.exe contains native functionality to…
-
esentutl usesThe MITRE Corporation Confidence 100
[esentutl](https://attack.mitre.org/software/S0404) is a command-line tool that provides database utilities for the Windows Extensible Storage Engine.(Citation: Microsoft Esentutl)
Campaign (4)
-
Operation Wocao uses
-
C0015 uses
-
SharePoint ToolShell Exploitation uses
-
2015 Ukraine Electric Power Attack uses