Check out the results from our first round of ATT&CK Evaluations at!


MiniDuke is malware that was used by APT29 from 2010 to 2015. The MiniDuke toolset consists of multiple downloader and backdoor components. The loader has been used with other MiniDuke components as well as in conjunction with CosmicDuke and PinchDuke. [1]

ID: S0051
Aliases: MiniDuke
Platforms: Windows

Version: 1.0

Techniques Used

EnterpriseT1008Fallback ChannelsMiniDuke uses Google Search to identify C2 servers if its primary C2 method via Twitter is not working.[2]
EnterpriseT1105Remote File CopyMiniDuke can download additional encrypted backdoors onto the victim via GIF files.[2]
EnterpriseT1071Standard Application Layer ProtocolMiniDuke uses HTTP and HTTPS for command and control.[1]
EnterpriseT1102Web ServiceSome MiniDuke components use Twitter to initially obtain the address of a C2 server or as a backup if no hard-coded C2 server responds.[1][2]


Groups that use this software: