Disk Wipe (T1561)

Adversaries may wipe or corrupt raw disk data on specific systems or in large numbers in a network to interrupt availability to system and network resources. With direct write access to a disk, adversaries may attempt to overwrite portions of disk data. Adversaries may opt to wipe arbitrary portions of disk data and/or wipe disk structures like the master boot record (MBR). A complete wipe of all disk sectors may be attempted. To maximize impact on the target organization in operations where network-wide availability interruption is the goal, malware used for wiping disks may have worm-like features to propagate across a network by leveraging additional techniques like Valid Accounts, OS Credential Dumping, and SMB/Windows Admin Shares.(Citation: Novetta Blockbuster Destructive Malware)

Source: https://github.com/mitre/cti
Related Prelude attack chains
Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Linux
  • Darwin
  • Global
  • Android

Themes

Tags

Licenses

APT38 DarkSeoul

2022-05-16

/static/assets/windows-logo.svg
Destructive Master Boot Record (MBR) wiper malware.
CSwipe

2022-01-04

/static/assets/linux-logo.svg
Deploy a custom payload to achieve ransomware without using traditional encryption.
S(C)wipe

2021-12-28

/static/assets/apple-logo.svg
Deploy a custom payload to achieve ransomware without using traditional encryption.