T1070.001: T1070.001
Essential information
- MITRE technique ID
T1070.001- Confidence
- 100/100
- Revoked
- No
- Published
- 28/01/2020 18:05
- Modified
- 17/04/2026 13:15
- Author / Source
- The MITRE Corporation
Aliases
Clear Windows Event Logs
Platforms
windows
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (50)
-
WP-SHELLSTORM usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
4BID relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Aquatic Panda relatedThe MITRE Corporation Confidence 100
[Aquatic Panda](https://attack.mitre.org/groups/G0143) is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, [Aquatic Panda](https://attack.mitre.org/groups/G0143) has primarily…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Black Hunt relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CL-STA-1132 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CL0P relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chimera relatedThe MITRE Corporation Confidence 100
[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline…
First seen 01/01/1970 · Last seen 16/11/5138 · -
China-nexus APT relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dark Power relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dire Wolf relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB…
First seen 01/01/1970 · Last seen 16/11/5138 · -
ForumTroll APT relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (74)
-
BlackSalt usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LeetAgent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CutBrooch usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Vect usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Ghostengine usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Guidloader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RunningRAT usesFamily The MITRE Corporation Confidence 100
[RunningRAT](https://attack.mitre.org/software/S0253) is a remote access tool that appeared in operations surrounding the 2018 Pyeongchang Winter Olympics along with [Gold Dragon](https://attack.mitre.org/software/S0249) and [Brave Prince](https://attack.mitre.org/software/S0252). (Citation: McAfee Gold Dragon)
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Crucio usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Blackout Locker usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Cobalt Strike usesFamily The MITRE Corporation Confidence 100
[Cobalt Strike](https://attack.mitre.org/software/S0154) is a commercial, full-featured, remote access tool that bills itself as “adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Rhysida usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (44)
-
AlienVault Confidence 100 13 CVEs 20 MITREs 4 Malwares 6 IOCs 5 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 6 Malwares 10 IOCs 2 Observables
-
AlienVault Confidence 100 4 CVEs 17 MITREs 3 Malwares 9 IOCs 6 Observables 1 APT
-
AlienVault Confidence 100 19 MITREs 5 Malwares 20 IOCs 1 APT
-
AlienVault Confidence 100 20 MITREs 2 Malwares 9 IOCs 2 Observables
-
AlienVault Confidence 100 20 MITREs 8 Malwares 11 IOCs 2 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 8 Malwares 11 IOCs 2 Observables 1 APT
-
AlienVault Confidence 100 1 CVE 20 MITREs 4 Malwares 3 IOCs 3 Observables 1 APT
-
1 CVE 20 MITREs 12 Malwares 6 Observables 1 APT
-
19 MITREs 2 Malwares 2 Observables 1 APT
-
AlienVault Confidence 100 1 CVE 20 MITREs 3 Malwares 3 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 1 CVE 23 MITREs 6 Malwares 32 IOCs 32 Observables
Vulnerabilities (CVE) (48)
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or …
- Published
- 23/03/2026
- Modified
- 10/07/2026
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
- Published
- 20/12/2025
- Modified
- 21/12/2025
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing …
- Attack vector
- Adjacent
- Complexity
- Low
- Published
- 24/02/2021
- Modified
- 03/06/2026
The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0005 (P15.8%)
- Published
- 23/03/2026
- Modified
- 13/07/2026
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 07/04/2026
- Modified
- 13/07/2026
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a …
- Attack vector
- Network
- Published
- 17/07/2023
- Modified
- 27/05/2026
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue …
- Attack vector
- NETWORK
- Published
- 19/12/2025
- Modified
- 26/01/2026
Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control …
- Attack vector
- LOCAL
- Published
- 01/08/2025
- Modified
- 09/06/2026
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
- Attack vector
- NETWORK
- Published
- 21/03/2025
- Modified
- 21/12/2025
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0006 (P18.5%)
- Published
- 23/04/2026
- Modified
- 13/07/2026
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 06/07/2026
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread …
- Attack vector
- Network
- Published
- 10/07/2025
- Modified
- 21/12/2025
Tool (1)
-
Wevtutil usesThe MITRE Corporation Confidence 100
[Wevtutil](https://attack.mitre.org/software/S0645) is a Windows command-line utility that enables administrators to retrieve information about event logs and publishers.(Citation: Wevtutil Microsoft Documentation)