Skip to content

Hide Navigation Hide TOC

PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)

PolyglotDuke is a downloader that has been used by APT29 since at least 2013. PolyglotDuke has been used to drop MiniDuke.(Citation: ESET Dukes October 2019)

Cluster A Galaxy A Cluster B Galaxy B Level
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 1
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 1
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 1
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 1
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 2