EXPLORE
Sign In
← Back to Explore
T1561.002

Disk Structure Wipe

Adversaries may corrupt or wipe the disk data structures on a hard drive necessary to boot a system; targeting specific critical systems or in large numbers in a network to interrupt availability to system and network resources. Adversaries may attempt to render the system unable to boot by overwriting critical data located in structures such as the master boot record (MBR) or partition table.(Citation: Symantec Shamoon 2012)(Citation: FireEye Shamoon Nov 2016)(Citation: Palo Alto Shamoon Nov ...

LinuxmacOSWindowsNetwork Devices
3
Detections
2
Sources
5
Threat Actors

BY SOURCE

2splunk_escu1sigma

PROCEDURES (2)

Encrypt2 detections

Auto-extracted: 2 detections for encrypt

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

THREAT ACTORS (5)

APT37APT38Ember BearLazarus GroupSandworm Team

DETECTIONS (3)

Cisco File Deletion
sigmamedium
Windows Raw Access To Disk Volume Partition
splunk_escu
Windows Raw Access To Master Boot Record Drive
splunk_escu