1. Home
  2. Software
  3. HIDEDRV

HIDEDRV

HIDEDRV is a rootkit used by APT28. It has been deployed along with Downdelph to execute and hide that malware. [1] [2]

ID: S0135
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1055 .001 Process Injection: Dynamic-link Library Injection

HIDEDRV injects a DLL for Downdelph into the explorer.exe process.[1]
Enterprise T1014 Rootkit

HIDEDRV is a rootkit that hides certain operating system artifacts.[1]

Groups That Use This Software

ID Name References
G0007 APT28

[1]

References

  1. ESET. (2016, October). En Route with Sednit - Part 3: A Mysterious Downloader. Retrieved November 21, 2016.
  1. Rascagnères, P.. (2016, October 27). Rootkit analysis: Use case on HideDRV. Retrieved March 9, 2017.