{"description": "ICS techniques used by Duqu, ATT&CK software S0038 (v1.2)", "name": "Duqu (S0038)", "domain": "ics-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T0811", "comment": "[Duqu](https://attack.mitre.org/software/S0038) downloads additional modules for the collection of data in information repositories, including the Infostealer 2 module that can access data from Windows Shares.(Citation: Symantec)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0893", "comment": "[Duqu](https://attack.mitre.org/software/S0038) downloads additional modules for the collection of data from local systems. The modules are named: infostealer 1, infostealer 2 and reconnaissance. (Citation: Symantec)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0882", "comment": "[Duqu](https://attack.mitre.org/software/S0038)'s purpose is to gather intelligence data and assets from entities such as industrial infrastructure and system manufacturers, amongst others not in the industrial sector, in order to more easily conduct a future attack against another third party.(Citation: Symantec)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Duqu", "color": "#66b1ff"}]}