Home/ MITRE Matrix/ Impact/ T1561.001

T1561.001Disk Content Wipe

T1561.001 — Disk Content Wipe is a MITRE ATT&CK technique in the Impact tactic. Clankerusecase tracks 4 detection use cases covering it and 2 threat-intel articles citing it.

Impact

View on the matrix → Filter Detection Library MITRE official spec ↗

4Use cases

2Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1561 · Disk Wipe

Use cases covering this technique (4)

Microsoft Intune Bulk Wipe ESCU actions · alerting P [LLM] Locale-conditional rm -rf wiper command from python/node runtime Bespoke actions · alerting DSΣPDDCS [LLM] DynoWiper / ZOV wiper known-bad SHA-1 hash execution Bespoke install · alerting DSΣPDDCS [LLM] Mass file-content overwrite by single non-system process from non-standard path Bespoke actions · hunting DSPDDCS

Articles citing this technique (2)

high Why EDR and proxy won’t save you from supply chain malware art-142

crit DynoWiper update: Technical analysis and attribution art-590