HIDEDRV

Malware & Tools · HIDEDRV

· MalwareS0135 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

HIDEDRV is a rootkit used by APT28. It has been deployed along with Downdelph to execute and hide that malware. (Citation: ESET Sednit Part 3) (Citation: Sekoia HideDRV Oct 2016)

Tactic Coverage

stealth (2)privilege escalation (1)

Used By (1 groups)

G0007APT28IRON TWILIGHT, SNAKEMACKEREL

Techniques (2)

T1014Rootkit

stealth

T1055.001Dynamic-link Library Injection

stealthprivilege escalation

References

https://attack.mitre.org/software/S0135 http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf https://web.archive.org/web/20180202163754/http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf