{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/log-clearing/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["defense-evasion","log-clearing","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eAttackers often remove or modify system logs to hide their actions and hinder forensic investigations. This activity involves the use of common Linux utilities to delete or overwrite log files, making it difficult to trace the attacker\u0026rsquo;s entry point, lateral movement, and actions performed on the system. Log clearing is a common post-exploitation technique used by a wide range of threat actors across various campaigns. This brief focuses on detecting the usage of common utilities like \u003ccode\u003erm\u003c/code\u003e…\u003c/p\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"/briefs/2024-01-09-linux-log-clearing/","summary":"Adversaries attempt to clear Linux system logs using utilities like rm, rmdir, shred, and unlink to conceal malicious activity and evade detection.","title":"Linux Log Clearing Attempts via Common Utilities","url":"https://feed.craftedsignal.io/briefs/2024-01-09-linux-log-clearing/"}],"language":"en","title":"CraftedSignal Threat Feed — Log-Clearing","version":"https://jsonfeed.org/version/1.1"}