Tool: Wevtutil

Description

[Wevtutil](https://attack.mitre.org/software/S0645) is a Windows command-line utility that enables administrators to retrieve information about event logs and publishers.(Citation: Wevtutil Microsoft Documentation)

External References

• mitre-attack
• Wevtutil Microsoft Documentation

Techniques Used by This Tool

• T1005 — Data from Local System
• T1070.001 — Clear Windows Event Logs
• T1562.002 — Disable Windows Event Logging

APT Groups Using This Tool

• Aquatic Panda
• Play
• APT28
• Volt Typhoon