Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1543 | .003 | Create or Modify System Process: Windows Service | |
Enterprise | T1140 | Deobfuscate/Decode Files or Information | ||
Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
DUSTPAN is often disguised as a legitimate Windows binary such as |
Enterprise | T1027 | .009 | Obfuscated Files or Information: Embedded Payloads | |
.013 | Obfuscated Files or Information: Encrypted/Encoded File | |||
Enterprise | T1055 | .002 | Process Injection: Portable Executable Injection |
DUSTPAN can inject its decrypted payload into another process.[1] |
ID | Name | Description |
---|---|---|
C0040 | APT41 DUST |
DUSTPAN was used during APT41 DUST.[1] |