Esc
File and Directory Discovery - T1083
(ATT&CK® Technique)
Definition
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR;
T1083["File and Directory Discovery"] --> |accesses| Directory["Directory"]; class T1083 OffensiveTechniqueNode;
class Directory ArtifactNode; click Directory href "/dao/artifact/d3f:Directory";
click T1083 href "/offensive-technique/attack/T1083/"; click Directory href "/dao/artifact/d3f:Directory"; T1083["File and Directory Discovery"] --> |accesses| File["File"]; class T1083 OffensiveTechniqueNode;
class File ArtifactNode; click File href "/dao/artifact/d3f:File";
click T1083 href "/offensive-technique/attack/T1083/"; click File href "/dao/artifact/d3f:File"; DecoyFile["Decoy File"] -->
| spoofs | File["File"];
DecoyFile["Decoy File"] -.->
| may-deceive | T1083["File and Directory Discovery"] ;
class DecoyFile DefensiveTechniqueNode;
class File ArtifactNode;
click DecoyFile href "/technique/d3f:DecoyFile"; FileIntegrityMonitoring["File Integrity Monitoring"] -->
| analyzes | File["File"];
FileIntegrityMonitoring["File Integrity Monitoring"] -.->
| may-detect | T1083["File and Directory Discovery"] ;
class FileIntegrityMonitoring DefensiveTechniqueNode;
class File ArtifactNode;
click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; RemoteFileAccessMediation["Remote File Access Mediation"] -->
| isolates | File["File"];
RemoteFileAccessMediation["Remote File Access Mediation"] -.->
| may-isolate | T1083["File and Directory Discovery"] ;
class RemoteFileAccessMediation DefensiveTechniqueNode;
class File ArtifactNode;
click RemoteFileAccessMediation href "/technique/d3f:RemoteFileAccessMediation"; FileEviction["File Eviction"] -->
| deletes | File["File"];
FileEviction["File Eviction"] -.->
| may-evict | T1083["File and Directory Discovery"] ;
class FileEviction DefensiveTechniqueNode;
class File ArtifactNode;
click FileEviction href "/technique/d3f:FileEviction"; LocalFilePermissions["Local File Permissions"] -->
| restricts | File["File"];
LocalFilePermissions["Local File Permissions"] -.->
| may-isolate | T1083["File and Directory Discovery"] ;
class LocalFilePermissions DefensiveTechniqueNode;
class File ArtifactNode;
click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; LocalFilePermissions["Local File Permissions"] -->
| restricts | Directory["Directory"];
class LocalFilePermissions DefensiveTechniqueNode;
class Directory ArtifactNode;
click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; RestoreFile["Restore File"] -->
| restores | File["File"];
RestoreFile["Restore File"] -.->
| may-restore | T1083["File and Directory Discovery"] ;
class RestoreFile DefensiveTechniqueNode;
class File ArtifactNode;
click RestoreFile href "/technique/d3f:RestoreFile"; FileEncryption["File Encryption"] -->
| encrypts | File["File"];
FileEncryption["File Encryption"] -.->
| may-harden | T1083["File and Directory Discovery"] ;
class FileEncryption DefensiveTechniqueNode;
class File ArtifactNode;
click FileEncryption href "/technique/d3f:FileEncryption"; FileAnalysis["File Analysis"] -->
| analyzes | File["File"];
FileAnalysis["File Analysis"] -.->
| may-detect | T1083["File and Directory Discovery"] ;
class FileAnalysis DefensiveTechniqueNode;
class File ArtifactNode;
click FileAnalysis href "/technique/d3f:FileAnalysis";