HIDEDRV

HIDEDRV is a rootkit used by APT28. It has been deployed along with Downdelph to execute and hide that malware. [1] [2]

ID: S0135
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1055Process InjectionHIDEDRV injects a DLL for Downdelph into the explorer.exe process.[1]
EnterpriseT1014RootkitHIDEDRV is a rootkit that hides certain operating system artifacts.[1]

Groups

Groups that use this software:

APT28

References