Difference between revisions of "MiniDuke"
Jump to navigation
Jump to search
Line 12: | Line 12: | ||
|CVE=CVE-2013-0640, | |CVE=CVE-2013-0640, | ||
|Status=Unknown | |Status=Unknown | ||
|BeginYear= | |BeginYear=2013 | ||
|EndYear=Unknown | |EndYear=Unknown | ||
|Group=Spying | |Group=Spying |
Revision as of 10:26, 3 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
MiniDuke | |
---|---|
Alias | SandyEva |
Group | Spying |
Parent | |
Sibling | |
Family | |
Relations | Variants: Sibling of: |
Target | Unknown |
Origin | |
Distribution vector | |
UserAgent | Mozilla/4.0 (compatible; MSIE 7.0; windows NT 5.1; .NET CLR 2.0.50727; .NT CLR 2.0.4506.2151; .N&T CLR 3.5.30729; InfoPath.2) |
CCProtocol | Twitter (Centralized) |
Activity | 2013 / Unknown |
Status | Unknown |
Language | |
Programming language | |
Operation/Working group |
Introduction
- Infection by a crafted PDF file (CVE-2013-0640)
- 20 kB downloader (crafted each time specifically for the attacked systems), which calculates a unique fingerprint that is also used for encryption
- Receives encrypted backdoors obfuscated within GIF files
- Which then fetch a larger backdoor that carries out the actual spying activities
- Kaspersky identified 59 unique victims in 23 countries (Belgium, Brazil, Bulgaria, Czech Republic, Georgia, Germany, Hungary, Ireland, Israel, Japan, Latvia, Lebanon, Lithuania, Montenegro, Portugal, Romania, Russian Federation, Slovenia, Spain, Turkey, Ukraine, United Kingdom and United States)
- Related to ItaDuke
Features
CVE: CVE-2013-0640