Ukraine, Belgium, Portugal, Romania, The Czech Republic, Ireland, USA, Hungary
Social engineering
Cyberespionage
The malicious downloader is unique to each system and contains a customized backdoor written in Assembler.
The malware also uses Twitter, looking for specific tweets from pre-made accounts created by MiniDuke’s Command and Control (C2) operators. The tweets maintain encrypted URLs for the backdoors.
The infected system receives encrypted backdoors within GIF files and disguised as pictures that appear on a victim’s machine.
