attack.t1070.006

Unauthorized System Time Modification

Dec 9, 2025 · attack.defense-evasion attack.t1070.006 ·

Share on:

Detect scenarios where a potentially unauthorized application or user is modifying the system time.

File Time Attribute Change - Linux

Dec 8, 2025 · attack.defense-evasion attack.t1070.006 ·

Share on:

Detect file time attribute change to hide new or changes to existing files.

File Creation Date Changed to Another Year

Aug 12, 2024 · attack.t1070.006 attack.defense-evasion ·

Share on:

Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity.

File Time Attribute Change

Aug 12, 2024 · attack.defense-evasion attack.t1070.006 ·

Share on:

Detect file time attribute change to hide new or changes to existing files

Powershell Timestomp

Aug 12, 2024 · attack.defense-evasion attack.t1070.006 ·

Share on:

Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder.

Unauthorized System Time Modification

File Time Attribute Change - Linux

File Creation Date Changed to Another Year

File Time Attribute Change

Powershell Timestomp

Touch Suspicious Service File