Common Information
| Type | Value |
|---|---|
| Value |
Indicator Removal on Host - T1070 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may delete or alter generated event files on a host system, including potentially captured files such as quarantined malware. This may compromise the integrity of the security solution, causing events to go unreported, or make forensic analysis and incident response more difficult due to lack of sufficient data to determine what occurred. Detection: File system monitoring may be used to detect improper deletion or modification of indicator files. Events not stored on the file system will require different detection mechanisms. Platforms: Linux, macOS, Windows Data Sources: File monitoring, Process command-line parameters, Process monitoring Defense Bypassed: Anti-virus, Log analysis, Host intrusion prevention systems |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-16 | 90 | From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-15 | 33 | DONOT's Attack On Maritime & Defense Manufacturing | ||
| Details | Website | 2024-11-14 | 72 | Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-13 | 23 | T.A. — RansomHub | ||
| Details | Website | 2024-11-12 | 35 | Lock5 (Medusa Ransomware) | ||
| Details | Website | 2024-11-11 | 39 | Kaspersky discovers new Ymir ransomware used together with RustyStealer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-11-11 | 47 | Ymir: new stealthy ransomware in the wild | ||
| Details | Website | 2024-11-11 | 47 | Kaspersky discovers new Ymir ransomware used together with RustyStealer | ||
| Details | Website | 2024-11-07 | 63 | Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-04 | 57 | Threat Intelligence Report October 29 - November 4 2024 | Red Piranha | ||
| Details | Website | 2024-11-03 | 35 | Threat Actor — Cl0P | ||
| Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-11-01 | 62 | Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-30 | 154 | Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T. | ||
| Details | Website | 2024-10-29 | 19 | Ransomware: Kill Security | ||
| Details | Website | 2024-10-23 | 5 | EDRSilencer — Red Team Tool | ||
| Details | Website | 2024-10-23 | 76 | Embargo ransomware: Rock’n’Rust | ||
| Details | Website | 2024-10-18 | 44 | Weekly Intelligence Report - 18 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-14 | 55 | Hidden In Plain Sight: How ErrorFather Deploys Cerberus To Amplify Cyber Threats | ||
| Details | Website | 2024-10-14 | 21 | Threat Intelligence Report 8th October – 14th October | ||
| Details | Website | 2024-10-12 | 46 | Good Day Ransomware analysis — ShadowStackRE | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium | ||
| Details | Website | 2024-10-11 | 71 | Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-10 | 9 | AhnLab EDR을 활용한 BPFDoor 리눅스 악성코드 탐지 - ASEC |