Duqu 2.0 is a version of malware reported in 2015 to have infected computers in hotels of Austria and Switzerland that were sites of the international negotiations with Iran over its nuclear program and economic sanctions. [1]

2019年8月25日 · Duqu 2.0 was described by security researchers as highly sophisticated malware that exploited a number of zero-days vulnerabilities, which are listed below: Malware researchers at Kaspersky that first detected it revealed that among its targets there were entities linked to the negotiations about Iran's nuclear deal and IT security firms.

什么是 Duqu 2.0？ Duqu 2.0 具有很高的复杂度，是一个利用多达三个零日漏洞的恶意软件平台，其攻击活动包括与 P5+1 世界领导人高层会议及其举办地点有关的感染。 其攻击包含了一些独特的、早前未出现过的特征，比如代码仅存在于运行内存中。它几乎不留痕迹。

2015年6月10日 · We named this new malware and its associated platform “Duqu 2.0”. Some of the new 2014-2015 Duqu infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal. The threat actor behind Duqu appears to have launched attacks at the venues for some of these high level talks.

Duqu 2.0 is a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities with infections linked to the P5+1 events and venues for high level meetings between world leaders. The attacks included some unique and earlier unseen features such as the code existing only in operative memory.

Duqu 2.0的最大特点是恶意代码只驻留在被感染机器的内存里，硬盘里不留痕迹，某台机器重启时恶意代码会被短暂清洗，但只要它还会连上内部网络，恶意代码就会从另一台感染机器传过来。

2015年6月11日 · 尤金·卡巴斯基把这个APT恶意程序称之为Duqu 2.0，因为它与2011年发现的背后有国家支持的恶意软件Duqu有关。Duqu最早出现在2011年9月，是继震网蠕虫后最受关注的恶意程序之一，大多数...

Duqu malware, sometimes referred to as the step-brother of 2Stuxnet. We named this new malware and its associated platform “Duqu 2.0”. Victims of Duqu 2.0 have been found in several places, including western countries, the Middle East and Asia. The actor appears to compromise both final and utilitarian targets,

2015年6月9日 · The Duqu 2.0 malware platform was designed in a way that survives almost exclusively in the memory of infected systems, without need for persistence – it means the attackers are sure there is always a way for them to maintain an infection – even if the victim’s

In this report, we present the results of our comparative analysis of the old version of Duqu and the new version, codenamed ^Duqu 2.0 _. We concentrate on the description of the relevant similarities and differences we have found between the two malware samples.