Skip to content

MISP galaxy

4ffbca79 358a 4ba5 bfbb dc1694c45646

MISP galaxy

Home
Statistics
360net
360net
- 360.net Threat Actors
Ammunitions
Ammunitions
- Ammunitions
Android
Android
- Android
Atrm
Atrm
- Azure Threat Research Matrix
Attck4fraud
Attck4fraud
- attck4fraud
Backdoor
Backdoor
- Backdoor
Banker
Banker
- Banker
Bhadra framework
Bhadra framework
- Bhadra Framework
Botnet
Botnet
- Botnet
Branded vulnerability
Branded vulnerability
- Branded Vulnerability
Cancer
Cancer
- Cancer
Cert eu govsector
Cert eu govsector
- Cert EU GovSector
China defence universities
China defence universities
- China Defence Universities Tracker
Cmtmf attack pattern
Cmtmf attack pattern
- CONCORDIA Mobile Modelling Framework - Attack Pattern
Country
Country
- Country
Cryptominers
Cryptominers
- Cryptominers
Disarm actortypes
Disarm actortypes
- Actor Types
Disarm countermeasures
Disarm countermeasures
- Countermeasures
Disarm detections
Disarm detections
- Detections
Disarm techniques
Disarm techniques
- Techniques
Election guidelines
Election guidelines
- Election guidelines
Entity
Entity
- Entity
Exploit kit
Exploit kit
- Exploit-Kit
Firearms
Firearms
- Firearms
First csirt services framework
First csirt services framework
- FIRST CSIRT Services Framework
First dns
First dns
- FIRST DNS Abuse Techniques Matrix
Gsma motif
Gsma motif
- GSMA MoTIF
Handicap
Handicap
- Handicap
Intelligence agencies
Intelligence agencies
- Intelligence Agencies
Interpol dwva
Interpol dwva
- INTERPOL DWVA Taxonomy
Malpedia
Malpedia
- Malpedia
Microsoft activity group
Microsoft activity group
- Microsoft Activity Group actor
Misinfosec amitt misinformation pattern
Misinfosec amitt misinformation pattern
- Misinformation Pattern
Mitre atlas attack pattern
Mitre atlas attack pattern
- MITRE ATLAS Attack Pattern
Mitre atlas course of action
Mitre atlas course of action
- MITRE ATLAS Course of Action
Mitre attack pattern
Mitre attack pattern
- Attack Pattern
Mitre course of action
Mitre course of action
- Course of Action
Mitre d3fend
Mitre d3fend
- MITRE D3FEND
Mitre data component
Mitre data component
- mitre-data-component
Mitre data source
Mitre data source
- mitre-data-source
Mitre ics assets
Mitre ics assets
- Assets
Mitre ics groups
Mitre ics groups
- Groups
Mitre ics levels
Mitre ics levels
- Levels
Mitre ics software
Mitre ics software
- Software
Mitre ics tactics
Mitre ics tactics
- Tactics
Mitre intrusion set
Mitre intrusion set
- Intrusion Set
Mitre malware
Mitre malware
- Malware
Mitre tool
Mitre tool
- mitre-tool
Nace
Nace
- NACE
Naics
Naics
- NAICS
Nice framework competency areas
Nice framework competency areas
- NICE Competency areas
Nice framework knowledges
Nice framework knowledges
- NICE Knowledges
Nice framework opm codes
Nice framework opm codes
- OPM codes in cybersecurity
Nice framework skills
Nice framework skills
- NICE Skills
Nice framework tasks
Nice framework tasks
- NICE Tasks
Nice framework work roles
Nice framework work roles
- NICE Work Roles
O365 exchange techniques
O365 exchange techniques
- o365-exchange-techniques
Online service
Online service
- online-service
Preventive measure
Preventive measure
- Preventive Measure
Producer
Producer
- Producer
Ransomware
Ransomware
- Ransomware
Rat
Rat
- RAT
Region
Region
- Regions UN M49
Rsit
Rsit
- rsit
Sector
Sector
- Sector
Sigma rules
Sigma rules
- Sigma-Rules
Social dark patterns
Social dark patterns
- Dark Patterns
Sod matrix
Sod matrix
- SoD Matrix
Stealer
Stealer
- Stealer
Surveillance vendor
Surveillance vendor
- Surveillance Vendor
Target information
Target information
- Target Information
Tds
Tds
- TDS
Tea matrix
Tea matrix
- Tea Matrix
Threat actor
Threat actor
- Threat Actor
Tidal campaigns
Tidal campaigns
- Tidal Campaigns
Tidal groups
Tidal groups
- Tidal Groups
Tidal references
Tidal references
- Tidal References
Tidal software
Tidal software
- Tidal Software
Tidal tactic
Tidal tactic
- Tidal Tactic
Tidal technique
Tidal technique
- Tidal Technique
Tmss
Tmss
- Threat Matrix for storage services
Tool
Tool
- Tool
Uavs
Uavs
- UAVs/UCAVs
Ukhsa culture collections
Ukhsa culture collections
- UKHSA Culture Collections

Hide Navigation Hide TOC

Hydraq (4ffbca79-358a-4ba5-bfbb-dc1694c45646)

Hydraq is a data-theft trojan first used by Elderwood in the 2009 Google intrusion known as Operation Aurora, though variations of this trojan have been used in more recent campaigns by other Chinese actors, possibly including APT17.^{[MicroFocus 9002 Aug 2016]}^{[Symantec Elderwood Sept 2012]}^{[Symantec Trojan.Hydraq Jan 2010]}^{[ASERT Seven Pointed Dagger Aug 2015]}^{[FireEye DeputyDog 9002 November 2013]}^{[ProofPoint GoT 9002 Aug 2017]}^{[FireEye Sunshop Campaign May 2013]}^{[PaloAlto 3102 Sept 2015]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Axiom (90f4d3f9-3fe3-4a64-8dc1-172c6d037dca)	Tidal Groups	Hydraq (4ffbca79-358a-4ba5-bfbb-dc1694c45646)	Tidal Software	1
APT20 (4173c301-0307-458d-89dd-2583e94247ec)	Tidal Groups	Hydraq (4ffbca79-358a-4ba5-bfbb-dc1694c45646)	Tidal Software	1
Elderwood (51146bb6-7478-44a3-8f08-19adcdceffca)	Tidal Groups	Hydraq (4ffbca79-358a-4ba5-bfbb-dc1694c45646)	Tidal Software	1