Description
[Equation](https://attack.mitre.org/groups/G0020) is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. (Citation: Kaspersky Equation QA)
Techniques Used (TTPs)
- T1564.005 — Hidden File System (defense-evasion)
- T1120 — Peripheral Device Discovery (discovery)
- T1480.001 — Environmental Keying (defense-evasion)
- T1542.002 — Component Firmware (persistence, defense-evasion)
Total TTPs: 4