Dustman

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Dustman is a destructive malware variant, specifically a wiper, that was first identified in late December 2019. This new strain of malware was discovered following incidents involving similar wipers such as ZEROCLEARE. Historically, these types of malware and their raw disk drivers were unsigned, meaning they could not directly access the raw disk for rapid data wiping. However, the PDB file of the Dustman wiper indicated that this particular version of the destructive code was a release edition, suggesting it was ready for deployment within a target network. The Dustman event primarily occurred in Saudi Arabia, with the malware's activity heavily concentrated in this region. The Bapco incident, which involved Bahrain’s National Oil Company, took place around the same time as the Dustman event. There were speculations that EKANS, another type of malware first identified on December 26, 2019, might have been used at Bapco before the Dustman incident. However, any connections between EKANS, the Bapco incident, and the Dustman wiper appear to be circumstantial based on the available evidence. While some arguments suggest Iranian involvement due to overlaps with previously reported Dustman wiper activity and alleged technical similarities between EKANS and known Iran-linked operations, no definitive links have been established. If both Dustman and EKANS incidents did occur at Bapco, they would represent a coincidence rather than a coordinated attack from a single authority. Despite the provocative email address related to EKANS, it appears unrelated to the Dustman event.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Zerocleare
2
ZeroCleare is a type of malware, specifically a wiper, known for its destructive capabilities. It targets computer systems and networks, rendering them unusable by deleting critical files and data. This malicious software has been linked to several actors associated with Iran's Ministry of Intellige
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Wiper
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Shamoonis related to
1
Shamoon is a malicious software (malware) known for its destructive capabilities, particularly in wiping out data from infected systems. It first gained notoriety in 2012 when it was used in an attack on Saudi Aramco, crippling approximately 30,000 systems at the company. The malware replaced the co
Dustman WiperUnspecified
1
Dustman Wiper is a type of malware, specifically a data wiper, that has been associated with disruptive attacks on computer systems. This malicious software infiltrates systems, often undetected, through suspicious downloads, emails, or websites, and can lead to significant damage such as stealing p
EKANSUnspecified
1
EKANS, also known as SNAKE (the word EKANS spelled backwards), is a significant strain of malware that emerged in mid-December 2019. It was one of the more concerning ransomware strains observed in 2020, accounting for 6% of all ransomware attacks monitored by IBM Security X-Force in that year. The
Iranian Data Wiper MalwareUnspecified
1
None
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dustman Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
APT trends report Q1 2020
Securelist
a year ago
Stolen certificates in two waves of ransomware and wiper attacks
MITRE
a year ago
EKANS Ransomware and ICS Operations | Dragos Dragos