Host Artifact Deletion¶
Adversaries may delete artifacts on a host system, including logs, browser history, or directories.
id: | 339d4a19-dfb8-4d86-89c8-6a3ac807a57f |
---|---|
categories: | enrich |
confidence: | low |
os: | windows |
created: | 7/26/2019 |
updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
tactics: | Defense Evasion |
---|---|
techniques: | T1070 Indicator Removal on Host |
Query¶
process where subtype.create and (
(process_name == "rundll32.exe" and command_line == "*InetCpl.cpl,Clear*") or
(process_name == "reg.exe" and command_line == "* delete *") or
(process_name == "cmd.exe" and command_line == "* *rmdir *")
)