Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Many command shell utilities can be used to obtain this information. Examples include dir
, tree
, ls
, find
, and locate
.(Citation: Windows Commands JPCERT) Custom tools may also be used to gather file and directory information and interact with the Native API. Adversaries may also leverage a Network Device CLI on network devices to gather file and directory information.(Citation: US-CERT-TA18-106A)
2022-11-01
2022-10-25
2022-05-10
2022-05-03
2022-03-01
2022-02-08
2021-12-21
2021-12-14
2021-08-10