{ "type": "bundle", "id": "bundle--d1797562-ffd4-47d2-9eb3-ffa812c27be3", "spec_version": "2.0", "objects": [ { "modified": "2023-03-09T18:38:51.471Z", "name": "Indicator Removal on Host", "description": "Adversaries may attempt to remove indicators of their presence on a system in an effort to cover their tracks. In cases where an adversary may feel detection is imminent, they may try to overwrite, delete, or cover up changes they have made to the device.", "kill_chain_phases": [ { "kill_chain_name": "mitre-ics-attack", "phase_name": "evasion" } ], "x_mitre_attack_spec_version": "2.1.0", "x_mitre_domains": [ "ics-attack" ], "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Human-Machine Interface", "Safety Instrumented System/Protection Relay" ], "x_mitre_version": "1.0", "x_mitre_data_sources": [ "Process: OS API Execution", "File: File Metadata", "Windows Registry: Windows Registry Key Deletion", "File: File Modification", "Command: Command Execution", "Windows Registry: Windows Registry Key Modification", "Process: Process Creation", "File: File Deletion" ], "type": "attack-pattern", "id": "attack-pattern--53a26eee-1080-4d17-9762-2027d5a1b805", "created": "2020-05-21T17:43:26.506Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T0872", "external_id": "T0872" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_is_subtechnique": false } ] }