ItaDukeItaDuke

Also known as: DarkUniverse · SIG27 · ItaDuke

Known aliases
3

Profile

ItaDuke is an actor known since 2013. It used PDF exploits for dropping malware and Twitter accounts to store C2 server urls. On 2018, an actor named DarkUniverse, which was active between 2009 to 2017, was attributed to this ItaDuke by Kaspersky.

Aliases· 3

DarkUniverseSIG27ItaDuke

References

  1. https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/
  2. https://www.fireeye.com/blog/threat-research/2013/02/the-number-of-the-beast.html
  3. https://securelist.com/new-uyghur-and-tibetan-themed-attacks-using-pdf-exploits/35465

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
APT29
Software
GeminiDuke
Actor
TA2719
Actor
DarkHotel
Actor
UAC-0227
Actor
GOLD DUPONT
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.