Common Information
| Type | Value |
|---|---|
| Value |
Timestomp - T1099 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools. Timestomping may be used along with file name Masquerading to hide malware and tools. (Citation: WindowsIR Anti-Forensic Techniques) Detection: Forensic techniques exist to detect aspects of files that have had their timestamps modified. (Citation: WindowsIR Anti-Forensic Techniques) It may be possible to detect timestomping using file modification monitoring that collects information on file handle opens and can compare timestamp values. Platforms: Linux, Windows Data Sources: File monitoring, Process monitoring, Process command-line parameters Defense Bypassed: Host forensic analysis Permissions Required: User, Administrator, SYSTEM |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-14 | 72 | Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-10 | 9 | AhnLab EDR을 활용한 BPFDoor 리눅스 악성코드 탐지 - ASEC | ||
| Details | Website | 2024-10-09 | 9 | BPFDoor Linux Malware Detected by AhnLab EDR - ASEC | ||
| Details | Website | 2024-10-07 | 643 | RST TI Report Digest: 07 Oct 2024 | ||
| Details | Website | 2024-10-04 | 34 | VILSA STEALER - CYFIRMA | ||
| Details | Website | 2024-09-27 | 123 | Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs | ||
| Details | Website | 2024-09-13 | 143 | THM Metasploit Meterpreter | ||
| Details | Website | 2024-09-12 | 13 | Emulating the Persistent and Stealthy Ebury Linux Malware | ||
| Details | Website | 2024-09-04 | 71 | AZORult Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-09-04 | 3 | Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion | ||
| Details | Website | 2024-07-16 | 89 | MirrorFace Attack against Japanese Organisations - JPCERT/CC Eyes | ||
| Details | Website | 2024-01-01 | 81 | CUCKOO SPEAR Part 2: Threat Actor Arsenal | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-11-14 | 44 | Everything You Need to Know About Silent Skimming | ||
| Details | Website | 2023-10-31 | 17 | Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla) | ||
| Details | Website | 2023-10-16 | 11 | Risky Biz News: Israel warns citizens of security camera hack risk | ||
| Details | Website | 2023-10-11 | 38 | Global ESXiArgs ransomware attack on the back of a two-year-old vulnerability | ||
| Details | Website | 2023-10-10 | 31 | Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers | ||
| Details | Website | 2023-09-18 | 20 | Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks | ||
| Details | Website | 2023-09-18 | 90 | DBatLoader: Actively Distributing Malwares Targeting European Businesses | ||
| Details | Website | 2023-08-29 | 235 | Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) | Mandiant | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-23 | 70 | Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat | ||
| Details | Website | 2023-08-08 | 50 | Utilization of Leaked Ransomware Builders in Tech-Related Scams | ||
| Details | Website | 2023-07-25 | 6 | APT Profile: Kimsuky - SOCRadar® Cyber Intelligence Inc. |