Description
[DarkHydrus](https://attack.mitre.org/groups/G0079) is a threat group that has targeted government agencies and educational institutions in the Middle East since at least 2016. The group heavily leverages open-source tools and custom payloads for carrying out attacks. (Citation: Unit 42 DarkHydrus July 2018) (Citation: Unit 42 Playbook Dec 2017)
Techniques Used (TTPs)
- T1204.002 — Malicious File (execution)
- T1187 — Forced Authentication (credential-access)
- T1564.003 — Hidden Window (defense-evasion)
- T1059.001 — PowerShell (execution)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1221 — Template Injection (defense-evasion)
- T1588.002 — Tool (resource-development)
Total TTPs: 7
Malware & Tools
Malware: Cobalt Strike, RogueRobin
Tools: Mimikatz