Log-Clearing — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/log-clearing/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 09 Jan 2024 12:00:00 +0000Linux Log Clearing Attempts via Common Utilitieshttps://feed.craftedsignal.io/briefs/2024-01-09-linux-log-clearing/Tue, 09 Jan 2024 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-09-linux-log-clearing/Adversaries attempt to clear Linux system logs using utilities like rm, rmdir, shred, and unlink to conceal malicious activity and evade detection.Attackers often remove or modify system logs to hide their actions and hinder forensic investigations. This activity involves the use of common Linux utilities to delete or overwrite log files, making it difficult to trace the attacker’s entry point, lateral movement, and actions performed on the system. Log clearing is a common post-exploitation technique used by a wide range of threat actors across various campaigns. This brief focuses on detecting the usage of common utilities like rm

]]>mediumadvisorydefense-evasionlog-clearinglinux