StandardDraft

CAPEC-268Audit Log Manipulation

Abstraction
Standard
Status
Draft

Description

The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.

Related weaknesses· 1

CWE-117

MITRE ATT&CK crosswalk· 4

T1070: Indicator Removal on HostT1562.002: Impair Defenses: Disable Windows Event LoggingT1562.003: Impair Defenses: Impair Command History LoggingT1562.008: Impair Defenses: Disable Cloud Logs

Related attack patterns· 1

CAPEC-161 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Output Neutralization for Logscwe-117100%live

Related to4

TypeTargetConfidenceTier
TechniqueIndicator Removalt1070100%live
SubTechniqueDisable Windows Event Loggingt1562.002100%live
SubTechniqueDisable or Modify Cloud Logst1562.008100%live
SubTechniqueImpair Command History Loggingt1562.003100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Log Injection-Tampering-Forging
CAPEC
Web Server Logs Tampering
CAPEC
File Manipulation
CAPEC
Protocol Manipulation
CAPEC
Documentation Alteration to Cause Errors in System Design
CAPEC
Command Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.