{'created': '2017-05-31T21:31:38.350Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may remove share connections that are no longer '
                'useful in order to clean up traces of their operation. '
                'Windows shared drive and [Windows Admin '
                'Shares](https://attack.mitre.org/techniques/T1077) '
                'connections can be removed when no longer needed. '
                '[Net](https://attack.mitre.org/software/S0039) is an example '
                'utility that can be used to remove network share connections '
                'with the <code>net use \\\\system\\share /delete</code> '
                'command. (Citation: Technet Net Use)\n'
                '\n',
 'external_references': [{'external_id': 'T1126',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1126'},
                         {'description': 'Microsoft. (n.d.). Net Use. '
                                         'Retrieved November 25, 2016.',
                          'source_name': 'Technet Net Use',
                          'url': 'https://technet.microsoft.com/bb490717.aspx'}],
 'id': 'attack-pattern--e7eab98d-ae11-4491-bd28-a53ba875865a',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'defense-evasion'}],
 'modified': '2025-10-24T17:49:32.975Z',
 'name': 'Network Share Connection Removal',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': True,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': False,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Windows'],
 'x_mitre_version': '1.1'}