Duqu | Malware Detail

Description

[Duqu](https://attack.mitre.org/software/S0038) is a malware platform that uses a modular approach to extend functionality after deployment within a target network. (Citation: Symantec W32.Duqu)

External References

mitre-attack
Symantec W32.Duqu

Techniques Used by This Malware

T1001.002 — Steganography
T1010 — Application Window Discovery
T1016 — System Network Configuration Discovery
T1021.002 — SMB/Windows Admin Shares
T1049 — System Network Connections Discovery
T1053.005 — Scheduled Task
T1055.001 — Dynamic-link Library Injection
T1055.012 — Process Hollowing
T1056.001 — Keylogging
T1057 — Process Discovery
T1071 — Application Layer Protocol
T1074.001 — Local Data Staging
T1078 — Valid Accounts
T1087.001 — Local Account
T1090.001 — Internal Proxy
T1134 — Access Token Manipulation
T1218.007 — Msiexec
T1543.003 — Windows Service
T1560.003 — Archive via Custom Method
T1572 — Protocol Tunneling
T1573.001 — Symmetric Cryptography