Data Destruction
Description
Leverage searches that allow you to detect and investigate unusual activities that might relate to the data destruction, including deleting files, overwriting files, wiping disk and encrypting files.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Endpoint
- Last Updated: 2022-02-14
- Author: Teoderick Contreras, Splunk
- ID: 4ae5c0d1-cebd-47d1-bfce-71bf096e38aa
Narrative
Adversaries may use this technique to maximize the impact on the target organization in operations where network wide availability interruption is the goal.
Detections
Reference
- https://attack.mitre.org/techniques/T1485/
- https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
- https://www.picussecurity.com/blog/a-brief-history-and-further-technical-analysis-of-sodinokibi-ransomware
source | version: 1