Threats Library
Reusable threat definitions (causes on the left side of bow-tie diagrams).
Add Threat
Tags:
clear tags
11 threats — page 1 of 1
| Name | Category | Tags | Description | |
|---|---|---|---|---|
| Indicator Removal | Defense Evasion | Adversaries may delete or modify artifacts generated within systems to remove evidence of their pres… | Edit | |
| Indicator Removal: Clear Command History | Defense Evasion | In addition to clearing system logs, an adversary may clear the command history of a compromised acc… | Edit | |
| Indicator Removal: Clear Linux or Mac System Logs | Defense Evasion | Adversaries may clear system logs to hide evidence of an intrusion. macOS and Linux both keep track … | Edit | |
| Indicator Removal: Clear Mailbox Data | Defense Evasion | Adversaries may modify mail and mail application data to remove evidence of their activity. Email ap… | Edit | |
| Indicator Removal: Clear Network Connection History and Configurations | Defense Evasion | Adversaries may clear or remove evidence of malicious network connections in order to clean up trace… | Edit | |
| Indicator Removal: Clear Persistence | Defense Evasion | Adversaries may clear artifacts associated with previously established persistence on a host system … | Edit | |
| Indicator Removal: Clear Windows Event Logs | Defense Evasion | Adversaries may clear Windows Event Logs to hide the activity of an intrusion. Windows Event Logs ar… | Edit | |
| Indicator Removal: File Deletion | Defense Evasion | Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools,… | Edit | |
| Indicator Removal: Network Share Connection Removal | Defense Evasion | Adversaries may remove share connections that are no longer useful in order to clean up traces of th… | Edit | |
| Indicator Removal: Relocate Malware | Defense Evasion | Once a payload is delivered, adversaries may reproduce copies of the same malware on the victim syst… | Edit | |
| Indicator Removal: Timestomp | Defense Evasion | Adversaries may modify file time attributes to hide new files or changes to existing files. Timestom… | Edit |