Skip to content

Hide Navigation Hide TOC

Diskpart - S9002 (080f872e-f1a3-4d42-bb00-9eb55949f6a9)

Diskpart is a Windows command-line utility that is used to manage the computer’s drives, which includes disks, partitions, volumes and virtual hard disks.(Citation: Microsoft_diskpart_Feb2023)

Adversaries may abuse Diskpart to perform discovery and destructive actions on a system’s storage. For example, adversaries have been observed using Diskpart to conduct Discovery techniques to enumerate disks and volumes to gather information about the host environment, and to execute commands such as clean all to remove partition information and overwrite data across disks, resulting in data destruction.(Citation: Trendmicro_RansomHub_Dec2024)

Cluster A Galaxy A Cluster B Galaxy B Level
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Diskpart - S9002 (080f872e-f1a3-4d42-bb00-9eb55949f6a9) mitre-tool 1
Diskpart - S9002 (080f872e-f1a3-4d42-bb00-9eb55949f6a9) mitre-tool Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Diskpart - S9002 (080f872e-f1a3-4d42-bb00-9eb55949f6a9) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Diskpart - S9002 (080f872e-f1a3-4d42-bb00-9eb55949f6a9) mitre-tool 1
Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern Diskpart - S9002 (080f872e-f1a3-4d42-bb00-9eb55949f6a9) mitre-tool 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2
Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 2