DarkHydrus is a threat group that has targeted government agencies and educational institutions in the Middle East since at least 2016. The group heavily leverages open-source tools and custom payloads for carrying out attacks.  
|Enterprise||T1059||.001||Command and Scripting Interpreter: PowerShell|
|Enterprise||T1564||.003||Hide Artifacts: Hidden Window|
|Enterprise||T1566||.001||Phishing: Spearphishing Attachment||
DarkHydrus has sent spearphishing emails with password-protected RAR archives containing malicious Excel Web Query files (.iqy). The group has also sent spearphishing emails that contained malicious Microsoft Office documents that use the "attachedTemplate" technique to load a template from a remote server.
|Enterprise||T1204||.002||User Execution: Malicious File|