Skip to content

Hide Navigation Hide TOC

ETW Trace Evasion Activity (a238b5d0-ce2d-4414-a676-7a531b3d13d6)

Detects command line activity that tries to clear or disable any ETW trace log which could be a sign of logging evasion.

Cluster A Galaxy A Cluster B Galaxy B Level
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern ETW Trace Evasion Activity (a238b5d0-ce2d-4414-a676-7a531b3d13d6) Sigma-Rules 1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern ETW Trace Evasion Activity (a238b5d0-ce2d-4414-a676-7a531b3d13d6) Sigma-Rules 1