Cosmu with a twist of MiniDuke
In this document we report on our analysis of CosmicDuke – the first malware seen to include code from both the notorious MiniDuke APT trojan and another longstanding threat, the information stealing Cosmu family. When active on an infected machine, CosmicDuke will search for and harvest login details from a range of programs and forward the data to remote servers, some of which were active at the time of writing