{"description": "Enterprise techniques used by AcidPour, ATT&CK software S1167 (v1.0)", "name": "AcidPour (S1167)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1485", "comment": "[AcidPour](https://attack.mitre.org/software/S1167) can perform an in-depth wipe of victim filesystems and attached storage devices through either data overwrite or calling various IOCTLS to erase them, similar to [AcidRain](https://attack.mitre.org/software/S1125).(Citation: SentinelOne AcidPour 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1561", "showSubtechniques": true}, {"techniqueID": "T1561.001", "comment": "[AcidPour](https://attack.mitre.org/software/S1167) includes functionality to overwrite victim devices with the content of a buffer to wipe disk content.(Citation: SentinelOne AcidPour 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1083", "comment": "[AcidPour](https://attack.mitre.org/software/S1167) can identify specific files and directories within the Linux operating system corresponding with storage devices for follow-on wiping activity, similar to [AcidRain](https://attack.mitre.org/software/S1125).(Citation: SentinelOne AcidPour 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1070", "showSubtechniques": true}, {"techniqueID": "T1070.004", "comment": "[AcidPour](https://attack.mitre.org/software/S1167) includes a self-delete function where the malware deletes itself from disk after execution and program load into memory.(Citation: SentinelOne AcidPour 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1120", "comment": "[AcidPour](https://attack.mitre.org/software/S1167) includes functionality to identify MMC and SD cards connected to the victim device.(Citation: SentinelOne AcidPour 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1082", "comment": "[AcidPour](https://attack.mitre.org/software/S1167) can identify various system locations and mapped devices on Linux systems as a precursor to wiping activity.(Citation: SentinelOne AcidPour 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1529", "comment": "[AcidPour](https://attack.mitre.org/software/S1167) includes functionality to reboot the victim system following wiping actions, similar to [AcidRain](https://attack.mitre.org/software/S1125).(Citation: SentinelOne AcidPour 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by AcidPour", "color": "#66b1ff"}]}