Dustman

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Dustman is a destructive malware variant, specifically a wiper, that was first identified in late December 2019. This new strain of malware was discovered following incidents involving similar wipers such as ZEROCLEARE. Historically, these types of malware and their raw disk drivers were unsigned, meaning they could not directly access the raw disk for rapid data wiping. However, the PDB file of the Dustman wiper indicated that this particular version of the destructive code was a release edition, suggesting it was ready for deployment within a target network. The Dustman event primarily occurred in Saudi Arabia, with the malware's activity heavily concentrated in this region. The Bapco incident, which involved Bahrain’s National Oil Company, took place around the same time as the Dustman event. There were speculations that EKANS, another type of malware first identified on December 26, 2019, might have been used at Bapco before the Dustman incident. However, any connections between EKANS, the Bapco incident, and the Dustman wiper appear to be circumstantial based on the available evidence. While some arguments suggest Iranian involvement due to overlaps with previously reported Dustman wiper activity and alleged technical similarities between EKANS and known Iran-linked operations, no definitive links have been established. If both Dustman and EKANS incidents did occur at Bapco, they would represent a coincidence rather than a coordinated attack from a single authority. Despite the provocative email address related to EKANS, it appears unrelated to the Dustman event.
What's your take? (Question 1 of 2)
c5121cd9-a672-4568-a854-3ee6d6e23851 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Zerocleare
2
ZeroCleare is a type of malware, specifically a wiper, known for its destructive capabilities. It targets computer systems and networks, rendering them unusable by deleting critical files and data. This malicious software has been linked to several actors associated with Iran's Ministry of Intellige
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Wiper
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dustman Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
EKANS Ransomware and ICS Operations | Dragos Dragos
Securelist
a year ago
Stolen certificates in two waves of ransomware and wiper attacks
MITRE
a year ago
APT trends report Q1 2020