{"description": "Enterprise techniques used by GeminiDuke, ATT&CK software S0049 (v1.1)", "name": "GeminiDuke (S0049)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1087", "showSubtechniques": true}, {"techniqueID": "T1087.001", "comment": "[GeminiDuke](https://attack.mitre.org/software/S0049) collects information on local user accounts from the victim.(Citation: F-Secure The Dukes)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1071", "showSubtechniques": true}, {"techniqueID": "T1071.001", "comment": "[GeminiDuke](https://attack.mitre.org/software/S0049) uses HTTP and HTTPS for command and control.(Citation: F-Secure The Dukes)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1083", "comment": "[GeminiDuke](https://attack.mitre.org/software/S0049) collects information from the victim, including installed drivers, programs previously executed by users, programs and services configured to automatically run at startup, files and folders present in any user's home folder, files and folders present in any user's My Documents, programs installed to the Program Files folder, and recently accessed files, folders, and programs.(Citation: F-Secure The Dukes)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1057", "comment": "[GeminiDuke](https://attack.mitre.org/software/S0049) collects information on running processes and environment variables from the victim.(Citation: F-Secure The Dukes)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1016", "comment": "[GeminiDuke](https://attack.mitre.org/software/S0049) collects information on network settings and Internet proxy settings from the victim.(Citation: F-Secure The Dukes)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1007", "comment": "[GeminiDuke](https://attack.mitre.org/software/S0049) collects information on programs and services on the victim that are configured to automatically run at startup.(Citation: F-Secure The Dukes)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by GeminiDuke", "color": "#66b1ff"}]}