Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Dust Storm

Dust Storm is a threat group that has targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. (Citation: Cylance Dust Storm)

ID: G0031

Associated Groups:

Version: 1.0

Created: 31 May 2017

Last Modified: 18 Apr 2025

Name	Description
Associated Group Descriptions

ID	Name	References	Techniques
Software
S0083	Misdat	(Citation: Cylance Dust Storm)	Standard Encoding, Match Legitimate Resource Name or Location, Boot or Logon Autostart Execution, System Information Discovery, Native API, Data from Local System, Timestomp, Indicator Removal, File and Directory Discovery, Exfiltration Over C2 Channel, System Language Discovery, Non-Application Layer Protocol, Windows Command Shell, Clear Persistence, File Deletion, Software Packing, Ingress Tool Transfer, Custom Command and Control Protocol, Commonly Used Port
S0086	ZLib	(Citation: Cylance Dust Storm)	Screen Capture, Match Legitimate Resource Name or Location, Windows Service, System Service Discovery, System Information Discovery, Archive via Library, File and Directory Discovery, Exfiltration Over C2 Channel, Windows Command Shell, Web Protocols, Ingress Tool Transfer
S0085	S-Type	(Citation: Cylance Dust Storm)	System Owner/User Discovery, Standard Encoding, Match Legitimate Resource Name or Location, Local Account, System Service Discovery, System Information Discovery, Native API, Shortcut Modification, Local Account, System Network Configuration Discovery, Indicator Removal, Exfiltration Over C2 Channel, Registry Run Keys / Startup Folder, System Language Discovery, Windows Command Shell, Clear Persistence, File Deletion, Software Packing, Web Protocols, Ingress Tool Transfer, Fallback Channels, Commonly Used Port
S0084	Mis-Type	(Citation: Cylance Dust Storm)	System Owner/User Discovery, Standard Encoding, Local Data Staging, Match Legitimate Resource Name or Location, Boot or Logon Autostart Execution, Local Account, System Information Discovery, Native API, Data from Local System, Process Injection, Local Account, System Network Configuration Discovery, Exfiltration Over C2 Channel, Non-Application Layer Protocol, Windows Command Shell, Web Protocols, Ingress Tool Transfer, Fallback Channels, Custom Command and Control Protocol, Commonly Used Port

References

Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Dust Storm

Associated Group Descriptions

Software

References