/
DarkHydrus_G0079.json
1 lines (1 loc) · 2.11 KB
/
DarkHydrus_G0079.json
1
{"description": "Enterprise techniques used by DarkHydrus, ATT&CK group G0079 v1.0", "name": "DarkHydrus (G0079)", "domain": "mitre-enterprise", "version": "2.2", "techniques": [{"score": 1, "techniqueID": "T1143", "techniqueName": "Hidden Window", "comment": "[DarkHydrus](https://attack.mitre.org/groups/G0079) has used <code>-WindowStyle Hidden</code> to conceal [PowerShell](https://attack.mitre.org/techniques/T1086) windows."}, {"score": 1, "techniqueID": "T1086", "techniqueName": "PowerShell", "comment": "[DarkHydrus](https://attack.mitre.org/groups/G0079) leveraged PowerShell to download and execute additional scripts for execution."}, {"score": 1, "techniqueID": "T1187", "techniqueName": "Forced Authentication", "comment": "[DarkHydrus](https://attack.mitre.org/groups/G0079) used [Template Injection](https://attack.mitre.org/techniques/T1221) to launch an authentication window for users to enter their credentials."}, {"score": 1, "techniqueID": "T1193", "techniqueName": "Spearphishing Attachment", "comment": "[DarkHydrus](https://attack.mitre.org/groups/G0079) has sent spearphishing emails with password-protected RAR archives containing malicious Excel Web Query files (.iqy). The group has also sent spearphishing emails that contained malicious Microsoft Office documents that use the \u201cattachedTemplate\u201d technique to load a template from a remote server."}, {"score": 1, "techniqueID": "T1204", "techniqueName": "User Execution", "comment": "[DarkHydrus](https://attack.mitre.org/groups/G0079) has sent malware that required users to hit the enable button in Microsoft Excel to allow an .iqy file to be downloaded."}, {"score": 1, "techniqueID": "T1221", "techniqueName": "Template Injection", "comment": "[DarkHydrus](https://attack.mitre.org/groups/G0079) used an open-source tool, Phishery, to inject malicious remote template URLs into Microsoft Word documents and then sent them to victims to enable [Forced Authentication](https://attack.mitre.org/techniques/T1187)."}], "gradient": {"colors": ["#ffffff", "#ff6666"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by DarkHydrus", "color": "#ff6666"}]}