| ID | Name |
|---|---|
| ATAGS-T1099.001 | Clear Command History |
| ATAGS-T1099.002 | Clear Linux or Mac System Logs |
| ATAGS-T1099.003 | Clear Mailbox Data |
| ATAGS-T1099.004 | Clear Network Connection History and Configurations |
| ATAGS-T1099.005 | Clear Persistence |
| ATAGS-T1099.006 | Clear Windows Event Logs |
| ATAGS-T1099.007 | File Deletion |
| ATAGS-T1099.008 | Network Share Connection Removal |
| ATAGS-T1099.009 | Relocate Malware |
| ATAGS-T1099.010 | Timestomp |
Threat Actors may clear or remove evidence of malicious network connections in order to clean up traces of their operations. Configuration settings as well as various artifacts that highlight connection history may be created on a system and/or in application logs from behaviors that require network connections, such as Remote Services or External Remote Services. Defenders may use these artifacts to monitor or otherwise analyze network connections created by Threat Actors.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.