SDelete

SDelete is an application that securely deletes data in a way that makes it unrecoverable. It is part of the Microsoft Sysinternals suite of tools. [1]

ID: S0195
Type: TOOL
Platforms: Windows
Version: 1.1

Techniques Used

Domain ID Name Use
Enterprise T1116 Code Signing

SDelete is digitally signed by Microsoft.[1]

Enterprise T1485 Data Destruction

SDelete deletes data in a way that makes it unrecoverable.[1]

Enterprise T1107 File Deletion

SDelete deletes data in a way that makes it unrecoverable.[1]

Groups That Use This Software

ID Name References
G0053 FIN5 [2]
G0080 Cobalt Group [3]
G0016 APT29 [4]

References