T1070 #152
Description
https://attack.mitre.org/techniques/T1070/
sigma:
builtin/application/microsoft_windows_backup/win_susp_backup_delete.yml: - attack.t1070.004
builtin/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml: - attack.t1070
builtin/security/win_security_audit_log_cleared.yml: - attack.t1070.001
builtin/security/win_security_sdelete_potential_secure_deletion.yml: - attack.t1070.004
builtin/security/win_security_susp_time_modification.yml: - attack.t1070.006
builtin/system/microsoft_windows_eventlog/win_system_eventlog_cleared.yml: - attack.t1070.001
builtin/system/microsoft_windows_eventlog/win_system_susp_eventlog_cleared.yml: - attack.t1070.001
file/file_change/file_change_win_2022_timestomping.yml: - attack.t1070.006
file/file_delete/file_delete_win_delete_event_log_files.yml: - attack.t1070
file/file_delete/file_delete_win_delete_exchange_powershell_logs.yml: - attack.t1070
file/file_delete/file_delete_win_delete_iis_access_logs.yml: - attack.t1070
file/file_delete/file_delete_win_delete_powershell_command_history.yml: - attack.t1070
file/file_delete/file_delete_win_delete_prefetch.yml: - attack.t1070.004
file/file_delete/file_delete_win_delete_teamviewer_logs.yml: - attack.t1070.004
file/file_delete/file_delete_win_delete_tomcat_logs.yml: - attack.t1070
file/file_delete/file_delete_win_sysinternals_sdelete_file_deletion.yml: - attack.t1070.004
file/file_delete/file_delete_win_zone_identifier_ads_uncommon.yml: - attack.t1070.004
image_load/image_load_susp_dll_load_system_process.yml: - attack.t1070
powershell/powershell_module/posh_pm_clear_powershell_history.yml: - attack.t1070.003
powershell/powershell_script/posh_ps_clearing_windows_console_history.yml: - attack.t1070
powershell/powershell_script/posh_ps_clearing_windows_console_history.yml: - attack.t1070.003
powershell/powershell_script/posh_ps_clear_powershell_history.yml: - attack.t1070.003
powershell/powershell_script/posh_ps_disable_psreadline_command_history.yml: - attack.t1070.003
powershell/powershell_script/posh_ps_etw_trace_evasion.yml: - attack.t1070
powershell/powershell_script/posh_ps_susp_clear_eventlog.yml: - attack.t1070.001
powershell/powershell_script/posh_ps_susp_iofilestream.yml: - attack.t1070.003
powershell/powershell_script/posh_ps_susp_mounted_share_deletion.yml: - attack.t1070.005
powershell/powershell_script/posh_ps_timestomp.yml: - attack.t1070.006
process_creation/proc_creation_win_bcdedit_susp_execution.yml: - attack.t1070
process_creation/proc_creation_win_cmd_del_execution.yml: - attack.t1070.004
process_creation/proc_creation_win_cmd_del_greedy_deletion.yml: - attack.t1070.004
process_creation/proc_creation_win_cmd_ping_copy_combined_execution.yml: - attack.t1070.004
process_creation/proc_creation_win_cmd_ping_del_combined_execution.yml: - attack.t1070.004
process_creation/proc_creation_win_cmd_rmdir_execution.yml: - attack.t1070.004
process_creation/proc_creation_win_fltmc_unload_driver.yml: - attack.t1070
process_creation/proc_creation_win_fltmc_unload_driver_sysmon.yml: - attack.t1070
process_creation/proc_creation_win_fsutil_usage.yml: - attack.t1070
process_creation/proc_creation_win_iis_logs_deletion.yml: - attack.t1070
process_creation/proc_creation_win_logman_disable_eventlog.yml: - attack.t1070.001
process_creation/proc_creation_win_net_share_unmount.yml: - attack.t1070.005
process_creation/proc_creation_win_reg_delete_runmru.yml: - attack.t1070.003
process_creation/proc_creation_win_susp_etw_trace_evasion.yml: - attack.t1070
process_creation/proc_creation_win_susp_eventlog_clear.yml: - attack.t1070.001
process_creation/proc_creation_win_susp_shadow_copies_deletion.yml: - attack.t1070
registry/registry_delete/registry_delete_mstsc_history_cleared.yml: - attack.t1070
registry/registry_delete/registry_delete_runmru.yml: - attack.t1070.003
registry/registry_set/registry_set_disable_administrative_share.yml: - attack.t1070.005
registry/registry_set/registry_set_optimize_file_sharing_network.yml: - attack.t1070.005