← threatfilter.dev / all groups / DarkHydrus
DarkHydrus
Overview
DarkHydrus is a threat group that has targeted government agencies and educational institutions in the Middle East since at least 2016. The group heavily leverages open-source tools and custom payloads for carrying out attacks.
TTPs — 7 techniques across 5 tactics
Resource Development
-
T1588.002Tool
Initial Access
-
T1566.001Spearphishing Attachment
Execution
-
T1059.001PowerShell -
T1204.002Malicious File
Stealth
-
T1221Template Injection -
T1564.003Hidden Window
Credential Access
-
T1187Forced Authentication
Tools & malware (3)
Mimikatz · RogueRobin · Cobalt Strike
Reporting (2)
- New Threat Actor Group DarkHydrus Targets Middle East Government — Falcone, R., et al
- Unit 42 Playbook Viewer — Unit 42