Skip to content

Hide Navigation Hide TOC

Drive - DS0016 (61bbbf27-f7c3-46ba-a6bc-48ae76928065)

A non-volatile data storage device (hard drive, floppy disk, USB flash drive) with at least one formatted partition, typically mounted to the file system and/or assigned a drive letter(Citation: Sysmon EID 9)

Cluster A Galaxy A Cluster B Galaxy B Level
Drive Modification (4dcd8ba3-2075-4f8b-941e-39884ffaac08) mitre-data-component Drive - DS0016 (61bbbf27-f7c3-46ba-a6bc-48ae76928065) mitre-data-source 1
Drive Creation (3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f) mitre-data-component Drive - DS0016 (61bbbf27-f7c3-46ba-a6bc-48ae76928065) mitre-data-source 1
Drive - DS0016 (61bbbf27-f7c3-46ba-a6bc-48ae76928065) mitre-data-source Drive Access (73ff2dcc-24b1-4368-b9dc-706dd9e68354) mitre-data-component 1
Drive Modification (4dcd8ba3-2075-4f8b-941e-39884ffaac08) mitre-data-component Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 2
Drive Modification (4dcd8ba3-2075-4f8b-941e-39884ffaac08) mitre-data-component Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
Drive Modification (4dcd8ba3-2075-4f8b-941e-39884ffaac08) mitre-data-component Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 2
Drive Modification (4dcd8ba3-2075-4f8b-941e-39884ffaac08) mitre-data-component Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 2
Drive Modification (4dcd8ba3-2075-4f8b-941e-39884ffaac08) mitre-data-component Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2
Drive Modification (4dcd8ba3-2075-4f8b-941e-39884ffaac08) mitre-data-component Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern 2
Drive Creation (3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f) mitre-data-component Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 2
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern Drive Creation (3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f) mitre-data-component 2
Drive Creation (3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f) mitre-data-component Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549) Attack Pattern 2
Drive Creation (3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f) mitre-data-component Hardware Additions - T1200 (d40239b3-05ff-46d8-9bdd-b46d13463ef9) Attack Pattern 2
Drive Creation (3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f) mitre-data-component Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Drive Access (73ff2dcc-24b1-4368-b9dc-706dd9e68354) mitre-data-component 2
Direct Volume Access - T1006 (0c8ab3eb-df48-4b9c-ace7-beacaac81cc5) Attack Pattern Drive Access (73ff2dcc-24b1-4368-b9dc-706dd9e68354) mitre-data-component 2
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern Drive Access (73ff2dcc-24b1-4368-b9dc-706dd9e68354) mitre-data-component 2
Drive Access (73ff2dcc-24b1-4368-b9dc-706dd9e68354) mitre-data-component Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern Drive Access (73ff2dcc-24b1-4368-b9dc-706dd9e68354) mitre-data-component 2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 3
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 3
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549) Attack Pattern 3