Malware: CosmicDuke

Description

[CosmicDuke](https://attack.mitre.org/software/S0050) is malware that was used by [APT29](https://attack.mitre.org/groups/G0016) from 2010 to 2015. (Citation: F-Secure The Dukes)

External References

• mitre-attack
• F-Secure The Dukes

Techniques Used by This Malware

• T1003.002 — Security Account Manager
• T1003.004 — LSA Secrets
• T1005 — Data from Local System
• T1020 — Automated Exfiltration
• T1025 — Data from Removable Media
• T1039 — Data from Network Shared Drive
• T1048.003 — Exfiltration Over Unencrypted Non-C2 Protocol
• T1053.005 — Scheduled Task
• T1056.001 — Keylogging
• T1068 — Exploitation for Privilege Escalation
• T1071.001 — Web Protocols
• T1083 — File and Directory Discovery
• T1113 — Screen Capture
• T1114.001 — Local Email Collection
• T1115 — Clipboard Data
• T1543.003 — Windows Service
• T1555 — Credentials from Password Stores
• T1555.003 — Credentials from Web Browsers
• T1573.001 — Symmetric Cryptography

APT Groups Using This Malware

• APT29