Common Information
| Type | Value |
|---|---|
| Value |
Clear Windows Event Logs - T1070.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may clear Windows Event Logs to hide the activity of an intrusion. Windows Event Logs are a record of a computer's alerts and notifications. There are three system-defined sources of events: System, Application, and Security, with five event types: Error, Warning, Information, Success Audit, and Failure Audit. With administrator privileges, the event logs can be cleared with the following utility commands: * <code>wevtutil cl system</code> * <code>wevtutil cl application</code> * <code>wevtutil cl security</code> These logs may also be cleared through other mechanisms, such as the event viewer GUI or [PowerShell](https://attack.mitre.org/techniques/T1059/001). For example, adversaries may use the PowerShell command <code>Remove-EventLog -LogName Security</code> to delete the Security EventLog and after reboot, disable future logging. Note: events may still be generated and logged in the .evtx file between the time the command is run and the reboot.(Citation: disable_win_evt_logging) Adversaries may also attempt to clear logs by directly deleting the stored log files within `C:\Windows\System32\winevt\logs\`. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-03 | 2 | Meet Interlock — The new ransomware targeting FreeBSD servers | ||
| Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-10-10 | 182 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航 | ||
| Details | Website | 2024-09-30 | 174 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | ||
| Details | Website | 2024-09-25 | 1 | DragonForce Ransomware Expands RaaS, Targets Firms Worldwide | ||
| Details | Website | 2024-09-20 | 29 | How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections | ||
| Details | Website | 2024-09-06 | 46 | Самые интересные киберинциденты в 2023 году: внутренние угрозы и многое другое | ||
| Details | Website | 2024-09-03 | 46 | Most interesting IR cases in 2023: insider threats and more | ||
| Details | Website | 2024-09-02 | 13 | 2024-08-29 UNDERGROUND Ransomware Samples | ||
| Details | Website | 2024-08-30 | 13 | US CERT Alert AA24-242A (RansomHub Ransomware) | ||
| Details | Website | 2024-08-30 | 24 | Emulating the Extortionist Mallox Ransomware | ||
| Details | Website | 2024-07-25 | 59 | How APT groups operate in Southeast Asia | ||
| Details | Website | 2024-07-16 | 89 | MirrorFace Attack against Japanese Organisations - JPCERT/CC Eyes | ||
| Details | Website | 2024-06-26 | 5 | Scattered Spider: Evolving & Resilient Group Proves Need for Constant Defender Vigilance | ||
| Details | Website | 2024-05-23 | 44 | How ransomware abuses BitLocker | ||
| Details | Website | 2024-05-22 | 48 | Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs | ||
| Details | Website | 2024-02-23 | 85 | SlashAndGrab: ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708) | Huntress | ||
| Details | Website | 2024-01-01 | 81 | CUCKOO SPEAR Part 2: Threat Actor Arsenal | ||
| Details | Website | 2023-11-16 | 33 | FBI and CISA Issue Advisory on Rhysida Ransomware | ||
| Details | Website | 2023-11-08 | 3 | Identifying Group Policy attacks | ||
| Details | Website | 2023-10-31 | 72 | Unveiling the Dark Side: A Deep Dive into Active Ransomware Families | ||
| Details | Website | 2023-10-30 | 22 | Scattered Ransomware Attribution Blurs Focus on IR Fundamentals | ||
| Details | Website | 2023-08-09 | 23 | An Overview of the New Rhysida Ransomware | ||
| Details | Website | 2023-08-09 | 23 | An Overview of the New Rhysida Ransomware | ||
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector |