Hide Navigation Hide TOC

Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)

Duqu is a malware platform that uses a modular approach to extend functionality after deployment within a target network. (Citation: Symantec W32.Duqu)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	1
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	1
Duqu (809b54c3-dd6a-4ec9-8c3a-a27b9baa6732)	Tool	Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	1
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	1
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	1
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	1
Duqu - S0038 (68dca94f-c11d-421e-9287-7c501108e18c)	Malware	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	1
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2
Duqu (809b54c3-dd6a-4ec9-8c3a-a27b9baa6732)	Tool	DuQu (7344cee0-87c9-46a1-85aa-0d3c8c9c8cc6)	Malpedia	2
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	2