Names | HIDEDRV | |
Category | Malware | |
Type | Rootkit, Loader | |
Description | (ESET) The rootkit is configured to hide Downdelph and itself from the user, and also to inject Downdelph into explorer.exe. We are now going to describe how those two operations are implemented. | |
Information | <https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf> <https://contagiodump.blogspot.de/2017/02/russian-apt-apt28-collection-of-samples.html> <http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0135/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.hidedrv> |
Last change to this tool card: 13 May 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Sofacy, APT 28, Fancy Bear, Sednit | 2004-Sep 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |