Skip to content

Hide Navigation Hide TOC

HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)

HIDEDRV is a rootkit used by APT28. It has been deployed along with Downdelph to execute and hide that malware. (Citation: ESET Sednit Part 3) (Citation: Sekoia HideDRV Oct 2016)

Cluster A Galaxy A Cluster B Galaxy B Level
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 1
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2