CosmicDuke

  • First known sample

    2012
  • Discovery

    2013
  • Number of targets

    100-1000
  • Current status

    Active
  • Type

    Backdoor
  • Targeted platforms

    Windows
  • TOP targeted countries

    Azerbaijan , Belarus , Cyprus , Georgia , Great Britain , Greece , India , Kazakhstan , Lithuania , Russia , Ukraine , United Arab Emirates
  • Connected attacks

  • The way of propagation

    Trojanized software installers
  • Purpose/Functions

    Data wiping
  • Special features
    The TinyBaron/CosmicDuke custom backdoor is compiled using a customizable framework called "BotGenStudio", which has sufficient flexibility to enable/disable components when the bot is constructed.
  • Targets

    Diplomatic organizations/embassies , Military , Specific individuals , Telecoms
  • Artefacts/Attribution
    Although the attackers use English in several places, there are certain indicators – like strings in a block of memory appended to the malware component used for persistence – that make experts believe they are not native English speakers.
  • Description

    A newer version of the backdoor malware “MiniDuke” uncovered in 2013. The malware spoofs popular applications designed to run in the background and creates a backdoor in the infected system to steal a variety of information. The malware targets high-level organizations, including those representing the government and diplomatic sector, primarily in Eastern Europe and the US.

    Additional information