FatDuke

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
FatDuke is a sophisticated malware that was first detected in 2013 and primarily targets government entities, defense contractors, and research institutions. The malware is known to be spread through spear-phishing attacks and has been linked to a group of hackers called APT29 or Cozy Bear. Once installed on a victim's computer, the malware can gather sensitive information, steal passwords, and carry out other malicious activities. In recent years, researchers have observed the presence of FatDuke and another malware named Crutch on the same machine. Crutch is also a backdoor Trojan that has been linked to APT29, and its purpose is to provide additional access to compromised systems. This discovery suggests that APT29 may be using multiple attack vectors to infiltrate their targets and highlights the sophistication of their operations. The presence of FatDuke and Crutch on the same machine raises concerns regarding the potential damage that could be inflicted on an organization if both malwares were used in tandem. It underscores the importance of implementing robust security measures and developing incident response plans to detect and mitigate threats effectively. As the threat landscape continues to evolve, organizations must remain vigilant in identifying and mitigating potential threats such as FatDuke and Crutch to protect themselves from cyberattacks.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CrutchUnspecified
1
Crutch is a sophisticated malware attributed to the Turla group, first discovered by ESET researchers in December 2020. It's considered a second-stage backdoor, achieving persistence through DLL hijacking. One notable feature of Crutch v4 is its ability to automatically upload files found on local a
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the FatDuke Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Turla Crutch: Keeping the “back door” open | WeLiveSecurity