EXPLORE

← Back to Explore

T1039

Data from Network Shared Drive

Adversaries may search network shares on computers they have compromised to find files of interest. Sensitive data can be collected from remote systems via shared network drives (host shared directory, network file server, etc.) that are accessible from the current system prior to Exfiltration. Interactive command shells may be in use, and common functionality within [cmd](https://attack.mitre.org/software/S0106) may be used to gather information.

LinuxmacOSWindows

6

Detections

3

Sources

8

Threat Actors

BY SOURCE

3elastic2sigma1splunk_escu

PROCEDURES (6)

Remote1 detections

Auto-extracted: 1 detections for remote

Powershell1 detections

Auto-extracted: 1 detections for powershell

Powershell1 detections

Auto-extracted: 1 detections for powershell

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

Remote1 detections

Auto-extracted: 1 detections for remote

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

THREAT ACTORS (8)

APT28 BRONZE BUTLER Chimera Fox Kitten Gamaredon Group menuPass RedCurl Sowbug

DETECTIONS (6)

Copy From Or To Admin Share Or Sysvol Folder

PowerShell Share Enumeration Script

PowerShell Suspicious Discovery Related Windows API Functions

Suspicious Access to Sensitive File Extensions

Unusual Remote File Size

Windows Network Share Interaction Via Net