Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 19:54:13 UTC
Home > List all groups > List all tools > List all groups using tool LiteDuke
 Tool: LiteDuke
Names LiteDuke
Category Malware
Type Backdoor
Description
(ESET) LiteDuke is a third-stage backdoor that was mainly used in 2014-2015. It is not
directly linked to Operation Ghost, but we found it on some machines compromised by
MiniDuke. We chose to document is mainly because we did not find it described
elsewhere. We have dubbed it LiteDuke because it used SQLite to store information
such as its configuration.
Information
MITRE ATT&CK Malpedia Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool LiteDuke
Changed Name Country Observed
APT groups
 APT 29, Cozy Bear, The Dukes 2008-Feb 2025
1 group listed (1 APT, 0 other, 0 unknown)
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=99ff3fb6-edf3-4c07-b789-3ce1673cd753
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=99ff3fb6-edf3-4c07-b789-3ce1673cd753
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=99ff3fb6-edf3-4c07-b789-3ce1673cd753
Page 2 of 2

APT groups APT 29, Cozy Bear, The Dukes 2008-Feb 2025 
1 group listed (1 APT, 0 other, 0 unknown) 
   Page 1 of 2