OnionDuke

OnionDuke is malware that was used by APT29 from 2013 to 2015. [1]

ID: S0052
Aliases: OnionDuke
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1003Credential DumpingOnionDuke steals credentials from its victims.[1]
EnterpriseT1071Standard Application Layer ProtocolOnionDuke uses HTTP and HTTPS for C2.[1]
EnterpriseT1102Web ServiceOnionDuke uses Twitter as a backup C2 method. It also has a module designed to post messages to the Russian VKontakte social media site.[1]

Groups

Groups that use this software:

APT29

References