DarkHydrus

Also known as: DarkHydrus, G0079, LazyMeerkat, Obscure Serpens

DarkHydrus is a threat group that has targeted government agencies and educational institutions in the Middle East since at least 2016. The group heavily leverages open-source tools and custom payloads for carrying out attacks. Unit 42 DarkHydrus July 2018 Unit 42 Playbook Dec 2017

🌍 Country Iran

🧭 ATT&CK G0079

Introduction

Activities and Tactics

Country of Origin: 🇮🇷 Iran

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

RogueRobin:

MITRE ATT&CK Software

Attribution and Evidence

Country of Origin: Iran Additional attribution information pending cataloguing.

References

[1] mitre-attack [3] Unit 42 DarkHydrus July 2018 Falcone, R., et al. (2018, July 27). New Threat Actor Group DarkHydrus Targets Middle East Government. Retrieved August 2, 2018. [4] Unit 42 Playbook Dec 2017 Unit 42. (2017, December 15). Unit 42 Playbook Viewer. Retrieved December 20, 2017.

Source Attribution

Structured source: APT Groups & Operations Spreadsheet

View ATT&CK group profile

View upstream source record

License: CC BY-NC-SA 3.0

Additional source provenance

APT Groups & Operations Dataset
malpedia Source record Dataset
misp galaxy Dataset
mitre Dataset

Source and license policy

🔍 Quick Filters

Top Countries

Risk Distribution

High

161

Critical

Low

Medium