Duuzer

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Duuzer is a malicious software (malware) known for its harmful capabilities designed to exploit and damage computers or devices. It was first used in 2015, primarily targeting South Korean organizations, particularly those in the manufacturing sector. The malware, compatible with both 32-bit and 64-bit Windows versions, opens a backdoor in the system, enabling cybercriminals to gather vital system information. Its stealthy infiltration methods include suspicious downloads, emails, or websites, often infecting systems without the user's knowledge. The evolution of Duuzer is evident in the three identified variants of the backdoor: v1.0, v1.1, and v2.0. These versions retain Duuzer's core capabilities and demonstrate an increasing sophistication in their operation. The Lazarus Group, a notorious cybercrime entity, has been linked to these developments, having utilized Duuzer's functionalities in its operations. For example, Rising Sun, a similar implant to Lazarus Group's Duuzer, draws from the same source code. Researchers have confirmed that Rising Sun implants are all based on the original Backdoor Duuzer source code. This connection further solidifies the relationship between the Lazarus Group's activities and the progression of Duuzer malware. Notably, Rising Sun also uses source code from the Duuzer backdoor, exemplifying how the original Duuzer malware has influenced subsequent cyber threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Rising Sun
1
Rising Sun is a malicious software (malware) that shares significant similarities with the Lazarus Group’s Duuzer implant. It uses source code from the Duuzer backdoor, a malware first used in a 2015 campaign that targeted South Korean organizations, primarily in manufacturing. The Rising Sun malwar
Backdoor Duuzer
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Implant
Windows
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lazarus GroupUnspecified
1
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Duuzer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Op 'Sharpshooter' Connected to North Korea's Lazarus Group
MITRE
a year ago
RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope | Threatpost