Register to stream ATT&CKcon 2.0 October 29-30

SDelete

SDelete is an application that securely deletes data in a way that makes it unrecoverable. It is part of the Microsoft Sysinternals suite of tools. [1]

ID: S0195
Type: TOOL
Platforms: Windows
Version: 1.1

Techniques Used

Domain ID Name Use
Enterprise T1116 Code Signing SDelete is digitally signed by Microsoft. [1]
Enterprise T1485 Data Destruction SDelete deletes data in a way that makes it unrecoverable. [1]
Enterprise T1107 File Deletion SDelete deletes data in a way that makes it unrecoverable. [1]

Groups That Use This Software

ID Name References
G0053 FIN5 [2]
G0080 Cobalt Group [3]
G0016 APT29 [4]

References