extremely sensitive high profile victims and targets (targets in the U.S. are believed to include the White House and the State Department)
evolving crypto and anti-detection capabilities. For example, the code hunts for the presence of several security products in order to attempt to evade them, namely: Kaspersky Lab, Sophos, DrWeb, Avira, Crystal and Comodo Dragon.
strong malware functional and structural similarities mating this toolset to early MiniDuke second stage components, along with more recent CosmicDuke and OnionDuke components
Government entities
Сommercial entities
Strong malicious program functionality, as well as structural similarities match thу CozyDuke toolset with the MiniDuke, CosmicDuke and OnionDuke cyberespionage campaigns; operations that, according to a number of indicators, are believed to be managed by Russian-speaking authors.
The blog post and research paper are available atSecurelist.com
