Disassemble
Intent
This pattern removes objects at the fringes of a more elaborate structure, then works downward until it removes the origin object(s).
Motivation
There are occurrences of deleting or dismantling more elaborate structures in multiple steps that can not be conveniently expressed through singular grap operations. Such dismantlings typically start from the farthest objects, then works downwards in iterations to the final origin objects. Such staged removals reduce to multiple applications of Remove.
Possible use cases
Use Disassemble when:
- Dismantling more elaborate object structures with multiple layers of objects.
- Dismantling a hierarchy of objects.
- Deleting a container object and its sub-objects.
- Deleting a configuration object and its sub-objects, such as a setting and a nominal value.
- Deleting an authentication object and its sub-objects, such as an account and a credential.
- Deleting an executable object packed with additional objects, such as further execution objects.
- Terminating executors and executees, such as a container (executor) and its running applications (executees).
- Deleting object structures specifically to impair or shut down a system.
Code example
asset Host {
| removeDirectories >
R> dirs / files
R> self / dirs
| shutDownContainer >
R> applications[Container] / applications
R> self / applications[Container]
}
asset File {}
asset Directory {}
asset Application {[...]}
asset Container extends Application {[...]}
associations {
Host [host] * <-- Storage --> * [dirs] Directory
Directory [dir] 1 <-- Contains --> * [files] File
Host [host] 1 <-- Execution --> * [applications] Application
Container [executor] 1 <-- Container --> * [executee] Application
}
Possible synonyms
•delete •destroy •erase •kill •shutdown •stop •terminate •uninstall •wipe
Occurrences
ATT&CK
•Disk wipe •Impair defenses •Inhibit system recovery •Modify cloud compute infrastructure •Modify system image •Resource hijacking •Service stop •System shutdown/reboot