Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Dyre

Dyre is a Trojan that has been used for financial gain. [1]

ID: S0024
Aliases: Dyre
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
Dyre[1]

Techniques Used

DomainIDNameUse
EnterpriseT1140Deobfuscate/Decode Files or InformationDyre decrypts resources needed for targeting the victim.[1]
EnterpriseT1050New ServiceDyre registers itself as a service by adding several Registry keys.[1]
EnterpriseT1055Process InjectionDyre injects into other processes to load modules.[1]
EnterpriseT1105Remote File CopyDyre has a command to download and executes additional files.[1]
EnterpriseT1063Security Software DiscoveryThe Dyre crimeware toolkit has refined its detection of sandbox analysis environments by inspecting the process list and Registry.[1]
EnterpriseT1071Standard Application Layer ProtocolDyre uses HTTPS for C2 communications.[1]

References