EXPLORE
Sign In
← Back to Explore
T1135

Network Share Discovery

Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network. File sharing over a Windows network occurs over the SMB protocol. (Citation: Wikipedia Shared Resource) (Citation: TechNet Shared Fol...

LinuxmacOSWindows
16
Detections
4
Sources
16
Threat Actors

BY SOURCE

7splunk_escu4sigma3elastic2crowdstrike_cql

PROCEDURES (11)

Ransomware2 detections

Auto-extracted: 2 detections for ransomware

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Credential2 detections

Auto-extracted: 2 detections for credential

Remote2 detections

Auto-extracted: 2 detections for remote

Event Log2 detections

Auto-extracted: 2 detections for event log

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Api1 detections

Auto-extracted: 1 detections for api

Api1 detections

Auto-extracted: 1 detections for api

Remote1 detections

Auto-extracted: 1 detections for remote

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Service1 detections

Auto-extracted: 1 detections for service

THREAT ACTORS (16)

APT1APT32APT38APT39APT41BlackByteChimeraDarkVishnyaDragonflyFIN13INC RansomMedusa GroupSowbugTonto TeamTropic TrooperWizard Spider

DETECTIONS (16)

Advanced IP or Port Scanner Execution
splunk_escu
File Explorer Folder Opened Using Explorer Folder Shortcut Via Shell
sigmahigh
HackTool - SharpView Execution
sigmahigh
Lateral Movement Detection
crowdstrike_cql
Manual Mount Discovery via /etc/exports or /etc/fstab
elasticmedium
Network Share Discovery Via Dir Command
splunk_escu
PowerShell Share Enumeration Script
elastichigh
PowerShell Suspicious Discovery Related Windows API Functions
elasticlow
PUA - Advanced IP Scanner Execution
sigmamedium
PUA - Advanced Port Scanner Execution
sigmamedium
SMB Enumeration | Defender for Identity
crowdstrike_cql
Windows Administrative Shares Accessed On Multiple Hosts
splunk_escu
Windows File Share Discovery With Powerview
splunk_escu
Windows Large Number of Computer Service Tickets Requested
splunk_escu
Windows Network Share Interaction Via Net
splunk_escu
Windows Special Privileged Logon On Multiple Hosts
splunk_escu