A computer resource object, managed by the I/O system, for storing data (such as images, text, videos, computer programs, or any wide variety of other media)[1]
Opening a file, which makes the file contents available to the requestor (ex: Windows EID 4663)
Opening a file, which makes the file contents available to the requestor (ex: Windows EID 4663)
Initial construction of a new file (ex: Sysmon EID 11)
Initial construction of a new file (ex: Sysmon EID 11)
Removal of a file (ex: Sysmon EID 23)
Removal of a file (ex: Sysmon EID 23)
Domain | ID | Name | |
---|---|---|---|
Enterprise | T1554 | Compromise Client Software Binary | |
Enterprise | T1485 | Data Destruction | |
Enterprise | T1565 | Data Manipulation | |
.001 | Stored Data Manipulation | ||
.003 | Runtime Data Manipulation | ||
Enterprise | T1070 | Indicator Removal on Host | |
.002 | Clear Linux or Mac System Logs | ||
.003 | Clear Command History | ||
.004 | File Deletion | ||
Enterprise | T1490 | Inhibit System Recovery |
Contextual data about a file, which may include information such as name, the content (ex: signature, headers, or data/media), user/ower, permissions, etc.
Contextual data about a file, which may include information such as name, the content (ex: signature, headers, or data/media), user/ower, permissions, etc.
Changes made to a file, or its access permissions and attributes, typically to alter the contents of the targeted file (ex: Windows EID 4670 or Sysmon EID 2)
Changes made to a file, or its access permissions and attributes, typically to alter the contents of the targeted file (ex: Windows EID 4670 or Sysmon EID 2)