Common Information
| Type | Value |
|---|---|
| Value |
Timestomp - T1099 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools. Timestomping may be used along with file name Masquerading to hide malware and tools. (Citation: WindowsIR Anti-Forensic Techniques) Detection: Forensic techniques exist to detect aspects of files that have had their timestamps modified. (Citation: WindowsIR Anti-Forensic Techniques) It may be possible to detect timestomping using file modification monitoring that collects information on file handle opens and can compare timestamp values. Platforms: Linux, Windows Data Sources: File monitoring, Process monitoring, Process command-line parameters Defense Bypassed: Host forensic analysis Permissions Required: User, Administrator, SYSTEM |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-07-10 | 415 | RST TI Report Digest: 10 Jul 2023 | ||
| Details | Website | 2023-07-06 | 11 | RedEnergy: a sophisticated Stealer-as-a-Ransomware threat | ||
| Details | Website | 2023-06-28 | 0 | Evasion & Obfuscation Techniques | ||
| Details | Website | 2023-06-23 | 0 | ICE | CTF walkthrough | ||
| Details | Website | 2023-06-13 | 14 | VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors | Mandiant | ||
| Details | Website | 2023-04-26 | 9 | Chinese Alloy Taurus Updates PingPull Malware | ||
| Details | Website | 2023-04-06 | 21 | Не только стилер: бэкдор Gopuram распространялся посредством атаки на цепочку поставок 3CX | ||
| Details | Website | 2023-04-03 | 21 | Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | ||
| Details | Website | 2023-04-01 | 55 | The Rise of FusionCore An Emerging Cybercrime Group from Europe - CYFIRMA | ||
| Details | Website | 2023-03-27 | 90 | DBatLoader Actively Distributing Malwares Targeting Europea | ||
| Details | Website | 2023-03-19 | 0 | A Complete guide on how to learn 5 Phases of Ethical Hacking & Techniques, Tools used in each phase. | ||
| Details | Website | 2023-03-09 | 86 | Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 | Mandiant | ||
| Details | Website | 2023-03-07 | 85 | Lazarus Group Attack Case Using Vulnerability of Certificate Software Commonly Used by Public Institutions and Universities - ASEC BLOG | ||
| Details | Website | 2023-03-02 | 199 | Russia/Ukraine Update - February 2023 | ||
| Details | Website | 2023-02-27 | 104 | 공공 기관 및 대학 등에 널리 사용하는 공인인증서 소프트웨어 취약점을 이용한 Lazarus 공격 그룹 공격 사례 - ASEC BLOG | ||
| Details | Website | 2023-02-08 | 21 | Earth Zhulong Familiar Patterns Target Southeast Asian Firms | ||
| Details | Website | 2023-01-31 | 41 | Rapid7 observes use of Microsoft OneNote to spread Redline Infostealer | Rapid7 Blog | ||
| Details | Website | 2022-12-20 | 133 | Russia/Ukraine Update - December 2022 | ||
| Details | Website | 2022-12-07 | 39 | Fantasy – a new Agrius wiper deployed through a supply-chain attack | ||
| Details | Website | 2022-11-29 | 132 | Russia/Ukraine Update - November 2022 | ||
| Details | Website | 2022-11-25 | 25 | Punisher Ransomware Spreading Through Fake COVID Site | ||
| Details | Website | 2022-10-18 | 104 | LAZARUS greift die Niederlande und Belgien an | ||
| Details | Website | 2022-09-30 | 98 | A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion | ||
| Details | Website | 2022-09-06 | 54 | Mythic Case Study: Assessing Common Offensive Security Tools | ||
| Details | Website | 2022-08-29 | 17 | Mini Stealer: Possible Predecessor of Parrot Stealer |