1. Home
  2. Software
  3. SDelete

SDelete

SDelete is an application that securely deletes data in a way that makes it unrecoverable. It is part of the Microsoft Sysinternals suite of tools. [1]

ID: S0195
Type: TOOL
Platforms: Windows
Version: 1.2
Created: 18 April 2018
Last Modified: 12 August 2020
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1485 Data Destruction

SDelete deletes data in a way that makes it unrecoverable.[1]
Enterprise T1070 .004 Indicator Removal: File Deletion

SDelete deletes data in a way that makes it unrecoverable.[1]

Groups That Use This Software

ID Name References
G0016 APT29

[2]
G0034 Sandworm Team

Sandworm Team has used SDelete for wartime operations in 2022-2023.[3]
G0080 Cobalt Group

[4]
G0053 FIN5

[5]
G0091 Silence

[6]

References

  1. Russinovich, M. (2016, July 4). SDelete v2.0. Retrieved February 8, 2018.
  2. Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved September 12, 2024.
  3. Roncone, G. et al. (n.d.). APT44: Unearthing Sandworm. Retrieved July 11, 2024.
  1. Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018.
  2. Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.
  3. Group-IB. (2018, September). Silence: Moving Into the Darkside. Retrieved May 5, 2020.