Threat actors may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Threat actors may use the information from File and Directory Discoveryduring automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.