สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency

Report

Home > List all groups > List all tools > List all groups using tool DUSTPAN

Threat Group Cards: A Threat Actor Encyclopedia

Tool: DUSTPAN

Names	DUSTPAN StealthVector
Category	Malware
Type	Dropper
Description	(Mandiant) DUSTPAN is an in-memory dropper written in C/C++ that decrypts and executes an embedded payload. Different variations of DUSTPAN may also load an external payload off disk from a hard-coded file path encrypted in the Portable Executable (PE) file. DUSTPAN may be configured to inject the decrypted payload into another process or create a new thread and execute it within its own process space.
Information	<https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust> <https://cloud.google.com/blog/topics/threat-intelligence/apt41-us-state-governments>
MITRE ATT&CK	<https://attack.mitre.org/software/S1158>
Malpedia	<https://malpedia.caad.fkie.fraunhofer.de/details/win.dustpan>

Last change to this tool card: 27 December 2024

Download this tool card in JSON format

All groups using tool DUSTPAN

Changed	Name	Country	Observed
APT groups
	APT 41		2012-Aug 2024

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Report incidents

+66 (0)2-123-1227

[email protected]