S0195 SDelete
SDelete is an application that securely deletes data in a way that makes it unrecoverable. It is part of the Microsoft Sysinternals suite of tools. 1
| Item | Value |
|---|---|
| ID | S0195 |
| Associated Names | |
| Type | TOOL |
| Version | 1.2 |
| Created | 18 April 2018 |
| Last Modified | 25 April 2025 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1485 | Data Destruction | SDelete deletes data in a way that makes it unrecoverable.1 |
| enterprise | T1070 | Indicator Removal | - |
| enterprise | T1070.004 | File Deletion | SDelete deletes data in a way that makes it unrecoverable.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0016 | APT29 | 2 |
| G0034 | Sandworm Team | Sandworm Team has used SDelete for wartime operations in 2022-2023.3 |
| G0080 | Cobalt Group | 4 |
| G0053 | FIN5 | 5 |
| G0091 | Silence | 6 |
References
-
Russinovich, M. (2016, July 4). SDelete v2.0. Retrieved February 8, 2018. ↩↩↩
-
Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved September 12, 2024. ↩
-
Roncone, G. et al. (n.d.). APT44: Unearthing Sandworm. Retrieved July 11, 2024. ↩
-
Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018. ↩
-
Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017. ↩
-
Group-IB. (2018, September). Silence: Moving Into the Darkside. Retrieved May 5, 2020. ↩