CosmicDuke

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
CosmicDuke is a type of malware that is designed to exploit and damage computers or devices. It is believed to be developed by the same APT group responsible for other attacks such as CozyDuke and MiniDuke. CosmicDuke was first discovered in 2014 and shares certain similarities with the old Miniduke implants. The original Miniduke group is thought to have switched to the CosmicDuke implant around 2014, suggesting that the two groups were initially connected. However, it appears that they parted ways at some point. Despite this, the similarities between the two implants suggest that they may still share some common code or development techniques. Like other APT groups, the developers of CosmicDuke use sophisticated techniques to evade detection and maintain persistence on compromised systems. This can make it difficult for victims to detect and remove the malware, making it a serious threat to organizations and individuals alike.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Backdoor
Implant
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MiniDukeUnspecified
1
Miniduke is a type of malware that was first observed in 2011-2012 as a relatively tiny implant known as “Sofacy” or SOURFACE. This malware was used by an Advanced Persistent Threat (APT) group that has also been responsible for other attacks such as CozyDuke, MiniDuke, and CosmicDuke. The Miniduke
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CozyDukeUnspecified
1
CozyDuke, also known as Cozy Bear or APT29, is a prominent threat actor recognized for its malicious activities against Western government organizations and a variety of industries. The group has successfully infiltrated the unclassified networks of several high-profile entities, including the White
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CosmicDuke Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Sofacy APT hits high profile targets with updated toolset
MITRE
a year ago
A Slice of 2017 Sofacy Activity
MITRE
a year ago
Minidionis – one more APT with a usage of cloud drives