DUSTPAN

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[DUSTPAN](https://attack.mitre.org/software/S1158) is an in-memory dropper written in C/C++ used by [APT41](https://attack.mitre.org/groups/G0096) since 2021 that decrypts and executes an embedded payload.(Citation: Google Cloud APT41 2024)(Citation: Google Cloud APT41 2022)

Associated Techniques (6)

ID	ATT&CK	Tactics
T1027.009	Embedded Payloads	-
T1027.013	Encrypted/Encoded File	-
T1036.005	Match Legitimate Resource Name or Location	-
T1055.002	Portable Executable Injection	-
T1140	Deobfuscate/Decode Files or Information	-
T1543.003	Windows Service	-

Used by Actors (1)

APT41
Nation-state

Metadata

ID:	144
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00