GET /api/techniques/165/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 165,
"key": "indicator-removal-timestomp",
"unprotect_id": "U0303, T1070.006",
"name": "Indicator Removal: Timestomp",
"description": "Timestomping is a technique used by adversaries to modify the timestamps of a file, such as the modify, access, create, and change times. This technique is often used to hide the fact that a file has been modified or created by the adversary, making it more difficult for forensic investigators or file analysis tools to detect the changes. \r\n\r\nBy modifying the timestamps of a file, the adversary can make it appear as if the file has been present on the system for a longer period of time, or that it was last accessed or modified at a different time than it actually was. This can help the adversary avoid detection and continue operating on a compromised system without being detected.",
"windows": "",
"linux": "",
"macos": "",
"resources": "https://attack.mitre.org/techniques/T1070/006/",
"creation_date": "2020-11-13T20:27:25Z",
"tags": "Timestomping,\r\nTimestamp manipulation,\r\nChange times,\r\nForensic investigators,\r\nFile analysis tools,\r\nAPT28,\r\nAPT29,\r\nAPT32,\r\nAPT38,",
"modification_date": "2023-10-04T10:44:15.174000Z",
"category": [
8,
10
],
"rules": [
90
],
"attachments": [],
"featured_api": [
425
],
"contributors": []
}
