Esc

File and Directory Discovery - T1083

(ATT&CK® Technique)

Definition

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.

        graph LR;

     T1083["File and Directory Discovery"] --> |accesses| Directory["Directory"]; class T1083 OffensiveTechniqueNode;
        class Directory ArtifactNode; click Directory href "/dao/artifact/d3f:Directory";
        click T1083 href "/offensive-technique/attack/T1083/"; click Directory href "/dao/artifact/d3f:Directory"; T1083["File and Directory Discovery"] --> |accesses| File["File"]; class T1083 OffensiveTechniqueNode;
        class File ArtifactNode; click File href "/dao/artifact/d3f:File";
        click T1083 href "/offensive-technique/attack/T1083/"; click File href "/dao/artifact/d3f:File";                          DecoyFile["Decoy File"] -->
          | spoofs | File["File"];

          DecoyFile["Decoy File"] -.->
            | May Deceive | T1083["File and Directory Discovery"] ;
          class DecoyFile DefensiveTechniqueNode;
          class File ArtifactNode;
          click DecoyFile href "/technique/d3f:DecoyFile"; FileIntegrityMonitoring["File Integrity Monitoring"] -->
          | analyzes | File["File"];

          FileIntegrityMonitoring["File Integrity Monitoring"] -.->
            | May Detect | T1083["File and Directory Discovery"] ;
          class FileIntegrityMonitoring DefensiveTechniqueNode;
          class File ArtifactNode;
          click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring";                           FileEncryption["File Encryption"] -->
          | encrypts | File["File"];

          FileEncryption["File Encryption"] -.->
            | May Harden | T1083["File and Directory Discovery"] ;
          class FileEncryption DefensiveTechniqueNode;
          class File ArtifactNode;
          click FileEncryption href "/technique/d3f:FileEncryption"; LocalFilePermissions["Local File Permissions"] -->
          | restricts | Directory["Directory"];

          LocalFilePermissions["Local File Permissions"] -.->
            | May Harden | T1083["File and Directory Discovery"] ;
          class LocalFilePermissions DefensiveTechniqueNode;
          class Directory ArtifactNode;
          click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; LocalFilePermissions["Local File Permissions"] -->
          | restricts | File["File"];

          
          class LocalFilePermissions DefensiveTechniqueNode;
          class File ArtifactNode;
          click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; FileAnalysis["File Analysis"] -->
          | analyzes | File["File"];

          FileAnalysis["File Analysis"] -.->
            | May Detect | T1083["File and Directory Discovery"] ;
          class FileAnalysis DefensiveTechniqueNode;
          class File ArtifactNode;
          click FileAnalysis href "/technique/d3f:FileAnalysis";                                               FileEviction["File Eviction"] -->
          | deletes | File["File"];

          FileEviction["File Eviction"] -.->
            | May Evict | T1083["File and Directory Discovery"] ;
          class FileEviction DefensiveTechniqueNode;
          class File ArtifactNode;
          click FileEviction href "/technique/d3f:FileEviction"; RestoreFile["Restore File"] -->
          | restores | File["File"];

          RestoreFile["Restore File"] -.->
            | May Restore | T1083["File and Directory Discovery"] ;
          class RestoreFile DefensiveTechniqueNode;
          class File ArtifactNode;
          click RestoreFile href "/technique/d3f:RestoreFile";

json