ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引页]

译者: 林妙倩、戴亦仑 原创翻译作品,如果需要转载请取得翻译作者同意。

数据来源:ATT&CK Matrices


术语表: /attack/glossary





Disk Structure Wipe

Adversaries may corrupt or wipe the disk data structures on hard drive necessary to boot systems; targeting specific critical systems as well as a large number of systems in a network to interrupt availability to system and network resources.

Adversaries may attempt to render the system unable to boot by overwriting critical data located in structures such as the master boot record (MBR) or partition table.[1][2][3][4][5] The data contained in disk structures may include the initial executable code for loading an operating system or the location of the file system partitions on disk. If this information is not present, the computer will not be able to load an operating system during the boot process, leaving the computer unavailable. Disk Structure Wipe may be performed in isolation, or along with Disk Content Wipe if all sectors of a disk are wiped.

To maximize impact on the target organization, malware designed for destroying disk structures may have worm-like features to propagate across a network by leveraging other techniques like Valid Accounts, Credential Dumping, and Windows Admin Shares.


ID编号: T1487

策略: 影响

平台: Windows,macOS,Linux

所需权限: administrator,root,SYSTEM

数据源: 内核驱动程序,MBR

影响类型: 可用性


减轻 描述
数据备份 考虑实施IT灾难恢复计划,其中包含用于进行可用于还原组织数据的常规数据备份的过程。确保备份存储在系统之外,并且免受攻击者可能用来获取访问权限并破坏备份以防止恢复的常见方法的攻击。
Mitigation Description
Data Backup Consider implementing IT disaster recovery plans that contain procedures for taking regular data backups that can be used to restore organizational data. Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and destroy the backups to prevent recovery.



Look for attempts to read/write to sensitive locations like the master boot record and the disk partition table. Monitor for unusual kernel driver installation activity.