Malware may use SMB and other file sharing protocols to move laterally through industrial networks. Copying of files may also be performed laterally between internal victim systems. Sandworm Team used a VBS script to facilitate lateral tool transfer. WannaCry and NotPetya can also use the SMB service to transfer tools or other files from one system to another. Adversaries will likely change tool C2 signatures over time or construct protocols in such a way as to avoid detection by common defensive tools.”]
Source: https://collaborate.mitre.org/attackics/index.php/Technique/T0867