Skip to content

Hide Navigation Hide TOC

MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)

MiniDuke is malware that was used by APT29 from 2010 to 2015. The MiniDuke toolset consists of multiple downloader and backdoor components. The loader has been used with other MiniDuke components as well as in conjunction with CosmicDuke and PinchDuke. (Citation: F-Secure The Dukes)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 1
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 1
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 1
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 1
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 1
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 2
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 2