| ID | C0048 |
| Objective(s) | File System |
| Related ATT&CK Techniques | None |
| Version | 2.2 |
| Created | 4 December 2020 |
| Last Modified | 30 April 2024 |
Malware deletes a directory.
| Name | Date | Method | Description |
|---|---|---|---|
| Gamut | 2014 | -- | Gamut deletes directories. [1] |
| Hupigon | 2013 | -- | Delete directory [1] |
| Kovter | 2016 | -- | Delete directory [1] |
| Tool: capa | Mapping | APIs |
|---|---|---|
| delete directory | Delete Directory (C0048) | RemoveDirectory, RemoveDirectoryTransacted, _rmdir, _wrmdir, System.IO.DirectoryInfo::Delete, System.IO.Directory::Delete |
File System::Delete Directory
SHA256: 27253651170386863b148afb2a0fdda7780ae65cbc31405acbd99fa06b44b79f Location: 0x140002204mov param_1, rdi ; store name of directory to remove call qword ptr [->KERNEL32.DLL::RemoveDirectoryA] ; call Windows API function to remove directory
[1] capa v4.0, analyzed at MITRE on 10/12/2022