GET /api/techniques/386/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 386,
"key": "xbel-recently-opened-files-check",
"unprotect_id": "U1352",
"name": "XBEL Recently Opened Files Check",
"description": "The `recently-used.xbel` XML file documents recent files on a Linux system that were accessed by applications. By parsing the file & checking how many files were recently accessed, we can determine whether or not a system is likely a sandbox or virtual machine. If a system has a low amount of files being accessed, it's likely a sandbox/VM.",
"windows": "",
"linux": "",
"macos": "",
"resources": "https://attack.mitre.org/techniques/T1497/002/",
"creation_date": "2025-01-06T08:52:12.722531Z",
"tags": "",
"modification_date": "2025-01-06T08:54:13.780464Z",
"category": [
1
],
"rules": [],
"attachments": [],
"featured_api": [],
"contributors": [
41
]
}
