HIDEDRV is a rootkit used by APT28. It has been deployed along with Downdelph to execute and hide that malware. [1] [2]

ID: S0135
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1055 .001 Process Injection: Dynamic-link Library Injection

HIDEDRV injects a DLL for Downdelph into the explorer.exe process.[1]

Enterprise T1014 Rootkit

HIDEDRV is a rootkit that hides certain operating system artifacts.[1]

Groups That Use This Software

ID Name References
G0007 APT28