MiniDuke

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
Miniduke is a type of malware that was first observed in 2011-2012 as a relatively tiny implant known as “Sofacy” or SOURFACE. This malware was used by an Advanced Persistent Threat (APT) group that has also been responsible for other attacks such as CozyDuke, MiniDuke, and CosmicDuke. The Miniduke implant was later replaced with the more sophisticated CosmicDuke implant in 2014. In February 2014, the Miniduke APT group was observed using the same backdoor on their hacked servers, but with a much stronger password. There appear to be several links between Turla and Miniduke, although this is yet to be explored in a future blog post. Despite the similarities between the old Miniduke implants and the SOURFACE implant used by the APT group, it seems they parted ways in 2014. The Miniduke malware is a harmful program designed to exploit and damage your computer or device. It can infect your system through suspicious downloads, emails, or websites, often without your knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. The Miniduke APT group has been active for several years, using various implants to conduct cyber espionage against their targets.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the MiniDuke Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Sofacy APT hits high profile targets with updated toolset
MITRE
a year ago
Minidionis – one more APT with a usage of cloud drives
MITRE
a year ago
The Epic Turla Operation
MITRE
a year ago
A Slice of 2017 Sofacy Activity