T1135: T1135
Essential information
- MITRE technique ID
T1135- Confidence
- 100/100
- Revoked
- No
- Published
- 14/12/2017 17:46
- Modified
- 27/03/2026 01:09
- Author / Source
- The MITRE Corporation
Aliases
Network Share Discovery
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | discovery |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (53)
-
Agenda usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Head Mare and Twelve usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Cuba usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Vect usesRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Medusa Group usesThe MITRE Corporation Confidence 100
[Medusa Group](https://attack.mitre.org/groups/G1051) has been active since at least 2021 and was initially operated as a closed ransomware group before evolving into a Ransomware-as-a-Service (RaaS) operation. Some reporting indicates…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Fog Ransomware usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rhantus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Agrius](https://attack.mitre.org/groups/G1030) is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Rancoz usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (74)
-
Atera usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DiscordGo usesFamily
-
scm.exe usesFamily
-
ThreatNeedle - S0665 usesFamily
-
More_eggs - S0284 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
QuietSieve uses
-
Sandals uses
-
Stowaway usesFamily
-
Medusa Ransomware usesFamily
-
Volgmer - S0180 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
XWorm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Family
Reports (50)
-
AlienVault Confidence 100 13 CVEs 22 MITREs 6 Malwares 5 IOCs 4 Observables
-
AlienVault Confidence 100 3 CVEs 21 MITREs 2 Malwares 8 IOCs 2 Observables
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables
-
AlienVault Confidence 100 1 CVE 20 MITREs 4 Malwares 3 IOCs 3 Observables 1 APT
-
19 MITREs 2 Malwares 2 Observables 1 APT
-
20 MITREs 1 Malware 2 Observables
-
AlienVault Confidence 100 24 MITREs 1 Malware 13 IOCs 13 Observables 1 APT
-
3 CVEs 20 MITREs 13 Malwares 33 Observables 1 APT
-
AlienVault Confidence 100 15 MITREs 1 Malware 8 IOCs 8 Observables
-
AlienVault Confidence 100 21 MITREs 1 Malware 8 IOCs 8 Observables 1 APT
-
19 MITREs 1 Malware 1 Observable
-
AlienVault Confidence 100 20 MITREs 3 Malwares 15 IOCs 15 Observables
Vulnerabilities (CVE) (64)
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 …
- Attack vector
- Network
- Published
- 10/03/2025
- Modified
- 21/12/2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
- Attack vector
- NETWORK
- Published
- 11/03/2021
- Modified
- 24/06/2026
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within …
- Attack vector
- Network
- Published
- 22/08/2023
- Modified
- 27/05/2026
Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.
- Published
- 18/01/2022
- Modified
- 20/12/2025
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An …
- Published
- 10/02/2022
- Modified
- 20/12/2025
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
- Published
- 31/03/2022
- Modified
- 20/12/2025
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker …
- Attack vector
- Network
- Published
- 16/10/2023
- Modified
- 21/12/2025
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This …
- Attack vector
- Network
- Published
- 07/02/2025
- Modified
- 21/12/2025
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/05/2017
- Modified
- 22/04/2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command …
- Published
- 07/04/2023
- Modified
- 21/12/2025
Campaign (2)
-
Operation CuckooBees uses
-
Leviathan Australian Intrusions uses
Tool (1)
-
Net usesThe MITRE Corporation Confidence 100
The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft…