Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Defense Evasion/ T1070

T1070Indicator Removal

T1070 — Indicator Removal is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 8 detection use cases covering it and 1 threat-intel article citing it.

Defense Evasion
View on the matrix → Filter Detection Library MITRE official spec ↗
8Use cases
1Articles
8Sub-techniques
1Tactic

Sub-techniques (8)

T1070.003 · Clear Command HistoryT1070.008 · Clear Mailbox DataT1070.007 · Clear Network Connection History and ConfigurationsT1070.009 · Clear PersistenceT1070.004 · File DeletionT1070.005 · Network Share Connection RemovalT1070.010 · Relocate MalwareT1070.006 · Timestomp

Use cases covering this technique (8)

Cisco ASA - Logging Message Suppression ESCU actions · hunting P ESXi Audit Tampering ESCU actions · alerting P Fsutil Zeroing File ESCU actions · alerting P Linux Indicator Removal Clear Cache ESCU actions · alerting P MacOS Log Removal ESCU actions · alerting P Process Deleting Its Process File Path ESCU actions · alerting P USN Journal Deletion ESCU actions · alerting P Windows Indicator Removal Via Rmdir ESCU actions · hunting P

Articles citing this technique (1)

crit Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools art-316