File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)
Adversaries may wipe a device or delete individual files in order to manipulate external outcomes or hide activity. An application must have administrator access to fully wipe the device, while individual files may not require special permissions to delete depending on their storage location.(Citation: Android DevicePolicyManager 2019)
Stored data could include a variety of file formats, such as Office files, databases, stored emails, and custom file formats. The impact file deletion will have depends on the type of data as well as the goals and objectives of the adversary, but can include deleting update files to evade detection or deleting attacker-specified files for impact.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) | Attack Pattern | Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) | Attack Pattern | 1 |