MiniDuke
Jump to navigation
Jump to search
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
| MiniDuke | |
|---|---|
| Alias | SandyEva |
| Group | Spying |
| Parent | |
| Sibling | |
| Family | |
| Relations | Variants: Sibling of: |
| Target | |
| Origin | |
| Distribution vector | |
| UserAgent | Mozilla/4.0 (compatible; MSIE 7.0; windows NT 5.1; .NET CLR 2.0.50727; .NT CLR 2.0.4506.2151; .N&T CLR 3.5.30729; InfoPath.2) |
| CCProtocol | Twitter (Centralized) |
| Activity | 2013 / |
| Status | |
| Language | |
| Programming language | |
| Operation/Working group | |
Introduction
- Infection by a crafted PDF file (CVE-2013-0640)
- 20 kB downloader (crafted each time specifically for the attacked systems), which calculates a unique fingerprint that is also used for encryption
- Receives encrypted backdoors obfuscated within GIF files
- Which then fetch a larger backdoor that carries out the actual spying activities
- Kaspersky identified 59 unique victims in 23 countries (Belgium, Brazil, Bulgaria, Czech Republic, Georgia, Germany, Hungary, Ireland, Israel, Japan, Latvia, Lebanon, Lithuania, Montenegro, Portugal, Romania, Russian Federation, Slovenia, Spain, Turkey, Ukraine, United Kingdom and United States)
- Related to ItaDuke
Features
CVE: CVE-2013-0640