DUSTPAN

Description

(Mandiant) DUSTPAN is an in-memory dropper written in C/C++ that decrypts and executes an embedded payload. Different variations of DUSTPAN may also load an external payload off disk from a hard-coded file path encrypted in the Portable Executable (PE) file. DUSTPAN may be configured to inject the decrypted payload into another process or create a new thread and execute it within its own process space.

Names

Name
DUSTPAN
StealthVector

Type

Dropper

Information

https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust
https://cloud.google.com/blog/topics/threat-intelligence/apt41-us-state-governments

Mitre Attack

https://attack.mitre.org/software/S1158

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.dustpan

Other Information

Uuid

023d9604-42c5-4f69-bc1e-625c5795eb1c

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

DUSTPAN

DUSTPAN

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks