216.73.217.139

T1662: Data Destruction

View on MITRE ATT&CK The MITRE Corporation · Published 22/09/2023 21:09 · Modified 27/03/2026 01:41

Essential information

MITRE technique ID
T1662
Confidence
100/100
Revoked
No
Published
22/09/2023 21:09
Modified
27/03/2026 01:41
Author / Source
The MITRE Corporation

Platforms

android

Description

Adversaries may destroy data and files on specific devices or in large numbers to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives. To achieve data destruction, adversaries may use the `pm uninstall` command to uninstall packages or the `rm` command to remove specific files. For example, adversaries may first use `pm uninstall` to uninstall non-system apps, and then use `rm (-f) <file(s)>` to delete specific files, further hiding malicious activity.(Citation: rootnik_rooting_tool)(Citation: abuse_native_linux_tools)

Kill chain phases

Kill chainPhase
mitre-mobile-attack impact

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references