Common Information
| Type | Value |
|---|---|
| Value |
Indicator Removal on Host - T1070 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may delete or alter generated event files on a host system, including potentially captured files such as quarantined malware. This may compromise the integrity of the security solution, causing events to go unreported, or make forensic analysis and incident response more difficult due to lack of sufficient data to determine what occurred. Detection: File system monitoring may be used to detect improper deletion or modification of indicator files. Events not stored on the file system will require different detection mechanisms. Platforms: Linux, macOS, Windows Data Sources: File monitoring, Process command-line parameters, Process monitoring Defense Bypassed: Anti-virus, Log analysis, Host intrusion prevention systems |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-09 | 9 | BPFDoor Linux Malware Detected by AhnLab EDR - ASEC | ||
| Details | Website | 2024-10-07 | 67 | Threat Intelligence Report October 1 - October 7 2024 | Red Piranha | ||
| Details | Website | 2024-10-07 | 141 | Mind the (air) gap: GoldenJackal gooses government guardrails | ||
| Details | Website | 2024-10-04 | 34 | VILSA STEALER - CYFIRMA | ||
| Details | Website | 2024-09-30 | 27 | Threat Intelligence Report 24th September – 30th September 2024 | ||
| Details | Website | 2024-09-27 | 123 | Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs | ||
| Details | Website | 2024-09-27 | 58 | OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe - CYFIRMA | ||
| Details | Website | 2024-09-20 | 29 | How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections | ||
| Details | Website | 2024-09-16 | 13 | The Dark Lord of Cybersecurity | ||
| Details | Website | 2024-09-12 | 13 | Emulating the Persistent and Stealthy Ebury Linux Malware | ||
| Details | Website | 2024-09-12 | 41 | From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking | ||
| Details | Website | 2024-09-12 | 11 | Hadooken Malware Targets Weblogic Applications | ||
| Details | Website | 2024-09-12 | 25 | Hygiene, Hygiene, Hygiene! [Guest Diary] - SANS Internet Storm Center | ||
| Details | Website | 2024-09-10 | 96 | Crimson Palace returns: New Tools, Tactics, and Targets | ||
| Details | Website | 2024-09-04 | 9 | Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers | SonicWall | ||
| Details | Website | 2024-09-04 | 71 | AZORult Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-09-03 | 46 | Most interesting IR cases in 2023: insider threats and more | ||
| Details | Website | 2024-09-02 | 48 | Dark Web Profile: Abyss Ransomware - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-09-02 | 19 | Medusa Ransomware - Everything You Need to Know | Red Piranha | ||
| Details | Website | 2024-08-30 | 97 | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users | ||
| Details | Website | 2024-08-30 | 13 | US CERT Alert AA24-242A (RansomHub Ransomware) | ||
| Details | Website | 2024-08-30 | 24 | Emulating the Extortionist Mallox Ransomware | ||
| Details | Website | 2024-08-29 | 269 | #StopRansomware: RansomHub Ransomware | CISA | ||
| Details | Website | 2024-08-28 | 44 | BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks | ||
| Details | Website | 2024-08-19 | 20 | PG_MEM: A Malware Hidden in the Postgres Processes |