Using LOLbins for Tool Downloads
“LOL”, in this case, is an acronym for “Living off the Land”. This term is used when an adversary leverages tools and capabilities that are already present in the target environment to execute additional TTPs and achieve objectives. In the case of T1105: Ingress Tool Transfer, that means using programs like FTP that are already present on a target system to download more tools to that system.
The primary risk from this technique is that the adversary will achieve an expansion of their capabilities within the target environment, system, or application through additional tooling.
Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT41 (aka Double Dragon). Prevent adversaries from accomplishing the tactic of command and control.