Common Information
| Type | Value |
|---|---|
| Value |
File Deletion - T1070.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: [Ingress Tool Transfer](https://attack.mitre.org/techniques/T1105)) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint. There are tools available from the host operating system to perform cleanup, but adversaries may use other tools as well.(Citation: Microsoft SDelete July 2016) Examples of built-in [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059) functions include <code>del</code> on Windows and <code>rm</code> or <code>unlink</code> on Linux and macOS. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-09-06 | 7 | Critical Arbitrary File Deletion Vulnerability in MP3 Audio Player WordPress Plugin Affects Over 20,000 Sites | ||
| Details | Website | 2024-09-06 | 46 | Самые интересные киберинциденты в 2023 году: внутренние угрозы и многое другое | ||
| Details | Website | 2024-09-05 | 7 | Analysis of Evolving Evasion Tradecraft in Contemporary Malware and Command-and-Control Frameworks | ||
| Details | Website | 2024-09-04 | 13 | Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover | ||
| Details | Website | 2024-09-04 | 9 | Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers | SonicWall | ||
| Details | Website | 2024-09-04 | 0 | Ways I Can Find Your Deleted Files as An Ethical Hacker | ||
| Details | Website | 2024-09-03 | 660 | US-CERT Vulnerability Summary for the Week of August 26, 2024 - RedPacket Security | ||
| Details | Website | 2024-09-03 | 46 | Most interesting IR cases in 2023: insider threats and more | ||
| Details | Website | 2024-09-03 | 2 | New Custom Malware "Tickler" Attack Satellite Devices | ||
| Details | Website | 2024-09-02 | 13 | 2024-08-29 UNDERGROUND Ransomware Samples | ||
| Details | Website | 2024-09-02 | 19 | Medusa Ransomware - Everything You Need to Know | Red Piranha | ||
| Details | Website | 2024-08-31 | 0 | How can I restore a deleted KeePass database file (KDBX)? | ||
| Details | Website | 2024-08-30 | 97 | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users | ||
| Details | Website | 2024-08-30 | 3 | New Voldemort malware abuses Google Sheets to store stolen data | ||
| Details | Website | 2024-08-28 | 44 | BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks | ||
| Details | Website | 2024-08-22 | 8 | GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk - CyberSRC | ||
| Details | Website | 2024-08-21 | 2 | Critical RCE Vulnerability in GiveWP WordPress Plugin – Gridinsoft Blog | ||
| Details | Website | 2024-08-19 | 4 | $4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin | ||
| Details | Website | 2024-08-19 | 20 | PG_MEM: A Malware Hidden in the Postgres Processes | ||
| Details | Website | 2024-08-19 | 14 | Hunting for Persistence: Registry Run Keys / Startup Folder | ||
| Details | Website | 2024-08-15 | 0 | Earn Up to $31,200 Per Vulnerability: Introducing the WordPress Bug Bounty Superhero Challenge! | ||
| Details | Website | 2024-08-15 | 6 | ZDI-24-1149 | ||
| Details | Website | 2024-08-15 | 3 | ZDI-24-1106 | ||
| Details | Website | 2024-08-15 | 3 | ZDI-24-1020 | ||
| Details | Website | 2024-08-13 | 9 | Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution |