Anti-Forensics
Account Misuse
Clear Browser Artifacts
Clear Email Artifacts
Code Contribution Obfuscation and Misrepresentation
Decrease Privileges
Delayed Execution Triggers
Delete User Account
Deletion of Volume Shadow Copy
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Hiding or Destroying Command History
Log Deletion
Log Modification
Message Deletion
Message Modification
Modify Windows Registry
Network Obfuscation
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Stalling
Steganography
System Shutdown
System Time Modification
Timestomping
Tripwires
Uninstalling Software
Virtualization
- ID: AF002.004
- Created: 06th July 2026
- Updated: 06th July 2026
- Platforms: Oracle Cloud Infrastructure (OCI)Google Cloud Platform (GCP)Amazon Web Services (AWS)Microsoft Azure
- MITRE ATT&CK®: T1685T1685.002
- Contributor: The ITM Team
Clear Cloud Logs
A subject deletes, disables, suppresses, or materially alters cloud logging to eliminate records of their activity or reduce investigative visibility. This may include audit logs, sign-in logs, administrative activity logs, mailbox audit records, storage access logs, network flow logs, or service-level application logs within cloud, identity provider, office suite, infrastructure-as-a-service, or software-as-a-service environments.
Cloud log deletion or suppression may be performed through administrative consoles, command-line tools, application programming interfaces, policy changes, logging configuration changes, retention changes, license changes, or removal of log forwarding integrations. The subject may target specific users, services, regions, tenants, workloads, or time periods to prevent later reconstruction of activity.
Preventions (2)
Detections (3)
MITRE ATT&CK® Mapping (2)
ATT&CK Enterprise Matrix Version 19.1