T1662: Data Destruction
Essential information
- MITRE technique ID
T1662- Confidence
- 100/100
- Revoked
- No
- Published
- 22/09/2023 21:09
- Modified
- 27/03/2026 01:41
- Author / Source
- The MITRE Corporation
Platforms
android
Description
Adversaries may destroy data and files on specific devices or in large numbers to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives.
To achieve data destruction, adversaries may use the `pm uninstall` command to uninstall packages or the `rm` command to remove specific files. For example, adversaries may first use `pm uninstall` to uninstall non-system apps, and then use `rm (-f) <file(s)>` to delete specific files, further hiding malicious activity.(Citation: rootnik_rooting_tool)(Citation: abuse_native_linux_tools)
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-mobile-attack | impact |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.