This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Software: KillDisk
Revision as of 13:54, 11 April 2021 by Oalexander (talk | contribs)
KillDisk | |
---|---|
Software | |
ID | S0016 |
Aliases | KillDisk |
Type | Malware |
In 2015 the BlackEnergy malware contained a component called KillDisk. KillDisk's main functionality is to overwrite files with random data, rendering the OS unbootable.1
Associated Software Descriptions
Techniques Used
- Data Destruction - KillDisk is able to delete system files to make the system unbootable and targets 35 different types of files for deletion.1
- Indicator Removal on Host - KillDisk deletes application, security, setup, and system event logs from Windows systems.1
- Loss of View - KillDisk erases the master boot record (MBR) and system logs, leaving the system unusable.2
- Service Stop - KillDisk looks for and terminates two non-standard processes, one of which is an ICS application.1
Groups
The following groups use this software:
References