Currently viewing ATT&CK v7.2 which was live between July 8, 2020 and October 26, 2020. Learn more about the versioning system or see the live site.
Register to stream the next session of ATT&CKcon Power Hour November 12
SOFTWARE
Aria-body
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. OnionDuke

OnionDuke

OnionDuke is malware that was used by APT29 from 2013 to 2015. [1]

ID: S0052
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

OnionDuke uses HTTP and HTTPS for C2.[1]
Enterprise T1003 OS Credential Dumping

OnionDuke steals credentials from its victims.[1]
Enterprise T1102 .003 Web Service: One-Way Communication

OnionDuke uses Twitter as a backup C2.[1]

Groups That Use This Software

ID Name References
G0016 APT29

[1]

References

  1. F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.