SYMBOLCOMMON_NAMEaka. SYNONYMS
win.miniduke (Back to overview)

MiniDuke

Actor(s): APT29


The MiniDuke toolset consists of multiple downloader and backdoor components

References
2022-09-21Check PointJiří Vinopal
@online{vinopal:20220921:native:e68056c, author = {Jiří Vinopal}, title = {{Native function and Assembly Code Invocation}}, date = {2022-09-21}, organization = {Check Point}, url = {https://research.checkpoint.com/2022/native-function-and-assembly-code-invocation/}, language = {English}, urldate = {2022-09-26} } Native function and Assembly Code Invocation
MiniDuke
2021-09-29CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20210929:how:b7fbf82, author = {CyberMasterV}, title = {{How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by APT29/Cozy Bear}}, date = {2021-09-29}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/how-to-defeat-the-russian-dukes-a-step-by-step-analysis-of-miniduke-used-by-apt29-cozy-bear/}, language = {English}, urldate = {2021-10-14} } How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by APT29/Cozy Bear
MiniDuke
2020-03-26VMWare Carbon BlackScott Knight
@online{knight:20200326:dukes:df85f94, author = {Scott Knight}, title = {{The Dukes of Moscow}}, date = {2020-03-26}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/03/26/the-dukes-of-moscow/}, language = {English}, urldate = {2020-05-18} } The Dukes of Moscow
Cobalt Strike LiteDuke MiniDuke OnionDuke PolyglotDuke PowerDuke
2020-02-13QianxinQi Anxin Threat Intelligence Center
@techreport{center:20200213:report:146d333, author = {Qi Anxin Threat Intelligence Center}, title = {{APT Report 2019}}, date = {2020-02-13}, institution = {Qianxin}, url = {https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf}, language = {English}, urldate = {2020-02-27} } APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020SecureworksSecureWorks
@online{secureworks:2020:iron:59396c7, author = {SecureWorks}, title = {{IRON HEMLOCK}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/iron-hemlock}, language = {English}, urldate = {2020-05-23} } IRON HEMLOCK
FatDuke MiniDuke OnionDuke PolyglotDuke APT29
2019-08-12Kindred SecurityKindred Security
@online{security:20190812:overview:0726c0a, author = {Kindred Security}, title = {{An Overview of Public Platform C2’s}}, date = {2019-08-12}, organization = {Kindred Security}, url = {https://kindredsec.wordpress.com/2019/08/12/an-overview-of-public-platform-c2s/}, language = {English}, urldate = {2021-07-20} } An Overview of Public Platform C2’s
HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT
2013-05-30CIRCLCIRCL
@techreport{circl:20130530:analysis:e828e08, author = {CIRCL}, title = {{Analysis of a stage 3 Miniduke sample}}, date = {2013-05-30}, institution = {CIRCL}, url = {https://www.circl.lu/files/tr-14/circl-analysisreport-miniduke-stage3-public.pdf}, language = {English}, urldate = {2020-01-08} } Analysis of a stage 3 Miniduke sample
MiniDuke
2013-02-28FireEyeJames T. Bennett
@online{bennett:20130228:its:1534b7e, author = {James T. Bennett}, title = {{It's a Kind of Magic}}, date = {2013-02-28}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2013/02/its-a-kind-of-magic-1.html}, language = {English}, urldate = {2020-04-24} } It's a Kind of Magic
MiniDuke

There is no Yara-Signature yet.