Software: KillDisk

From attackics
Revision as of 13:54, 11 April 2021 by Oalexander (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
KillDisk
Software
ID S0016
Aliases KillDisk
Type Malware

In 2015 the BlackEnergy malware contained a component called KillDisk. KillDisk's main functionality is to overwrite files with random data, rendering the OS unbootable.1

Associated Software Descriptions

  • KillDisk - 12

Techniques Used

  • Data Destruction - KillDisk is able to delete system files to make the system unbootable and targets 35 different types of files for deletion.1
  • Loss of View - KillDisk erases the master boot record (MBR) and system logs, leaving the system unusable.2
  • Service Stop - KillDisk looks for and terminates two non-standard processes, one of which is an ICS application.1

Groups

The following groups use this software:

References

  1. a b c d e  Anton Cherepanov. (n.d.). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved October 29, 2019.
  1. a b  Booz Allen Hamilton. (n.d.). When The Lights Went Out. Retrieved October 22, 2019.

 

Retrieved from "https://collaborate.mitre.org/attackics/index.php?title=Software/S0016&oldid=9098"