Software: KillDisk

From attackics
Jump to navigation Jump to search
KillDisk
Software
ID S0016
Aliases KillDisk
Type Malware

In 2015 the BlackEnergy malware contained a component called KillDisk. KillDisk's main functionality is to overwrite files with random data, rendering the OS unbootable.1

Associated Software Descriptions

  • KillDisk - 12

Techniques Used

  • Data Destruction - KillDisk is able to delete system files to make the system unbootable and targets 35 different types of files for deletion.1
  • Loss of View - KillDisk erases the master boot record (MBR) and system logs, leaving the system unusable.2
  • Service Stop - KillDisk looks for and terminates two non-standard processes, one of which is an ICS application.1

Groups

The following groups use this software: