MiniDuke

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Miniduke is a type of malware that was first observed in 2011-2012 as a relatively tiny implant known as “Sofacy” or SOURFACE. This malware was used by an Advanced Persistent Threat (APT) group that has also been responsible for other attacks such as CozyDuke, MiniDuke, and CosmicDuke. The Miniduke implant was later replaced with the more sophisticated CosmicDuke implant in 2014. In February 2014, the Miniduke APT group was observed using the same backdoor on their hacked servers, but with a much stronger password. There appear to be several links between Turla and Miniduke, although this is yet to be explored in a future blog post. Despite the similarities between the old Miniduke implants and the SOURFACE implant used by the APT group, it seems they parted ways in 2014. The Miniduke malware is a harmful program designed to exploit and damage your computer or device. It can infect your system through suspicious downloads, emails, or websites, often without your knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. The Miniduke APT group has been active for several years, using various implants to conduct cyber espionage against their targets.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Implant
Apt
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CosmicDukeUnspecified
1
CosmicDuke is a type of malware that is designed to exploit and damage computers or devices. It is believed to be developed by the same APT group responsible for other attacks such as CozyDuke and MiniDuke. CosmicDuke was first discovered in 2014 and shares certain similarities with the old Miniduke
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT28Unspecified
1
APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the
CozyDukeUnspecified
1
CozyDuke, also known as Cozy Bear or APT29, is a prominent threat actor recognized for its malicious activities against Western government organizations and a variety of industries. The group has successfully infiltrated the unclassified networks of several high-profile entities, including the White
SofacyUnspecified
1
Sofacy is a threat actor group that has been observed using multiple languages to create variants of the Zebrocy Trojan and Cannon. In one campaign, they relied heavily on filenames to lure victims into launching weaponized documents. The group packed only Delphi variants in an attempt to increase e
TurlaUnspecified
1
Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the MiniDuke Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The Epic Turla Operation
MITRE
a year ago
Sofacy APT hits high profile targets with updated toolset
MITRE
a year ago
A Slice of 2017 Sofacy Activity
MITRE
a year ago
Minidionis – one more APT with a usage of cloud drives