Data from Network Shared Drive (T1039)
Tactic: Collection · Platforms: Linux, macOS, Windows
The interactive view maps 1 detection strategy, 8 threat groups, 4 software entries, 1 campaign to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may search network shares on computers they have compromised to find files of interest. Sensitive data can be collected from remote systems via shared network drives (host shared directory, network file server, etc.) that are accessible from the current system prior to Exfiltration. Interactive command shells may be in use, and common functionality within cmd may be used to gather information.