Dyre

Dyre is a Trojan that has been used for financial gain. [1]

ID: S0024
Type: MALWARE
Platforms: Windows

Version: 1.1

Techniques Used

DomainIDNameUse
EnterpriseT1140Deobfuscate/Decode Files or InformationDyre decrypts resources needed for targeting the victim.[1]
EnterpriseT1050New ServiceDyre registers itself as a service by adding several Registry keys.[1]
EnterpriseT1055Process InjectionDyre injects into other processes to load modules.[1]
EnterpriseT1105Remote File CopyDyre has a command to download and executes additional files.[1]
EnterpriseT1071Standard Application Layer ProtocolDyre uses HTTPS for C2 communications.[1]
EnterpriseT1497Virtualization/Sandbox EvasionDyre can detect sandbox analysis environments by inspecting the process list and Registry.[1]

References