CosmicDuke

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
CosmicDuke is a type of malware that is designed to exploit and damage computers or devices. It is believed to be developed by the same APT group responsible for other attacks such as CozyDuke and MiniDuke. CosmicDuke was first discovered in 2014 and shares certain similarities with the old Miniduke implants. The original Miniduke group is thought to have switched to the CosmicDuke implant around 2014, suggesting that the two groups were initially connected. However, it appears that they parted ways at some point. Despite this, the similarities between the two implants suggest that they may still share some common code or development techniques. Like other APT groups, the developers of CosmicDuke use sophisticated techniques to evade detection and maintain persistence on compromised systems. This can make it difficult for victims to detect and remove the malware, making it a serious threat to organizations and individuals alike.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CosmicDuke Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Minidionis – one more APT with a usage of cloud drives
MITRE
a year ago
Sofacy APT hits high profile targets with updated toolset
MITRE
a year ago
A Slice of 2017 Sofacy Activity