VERY IMPORTANT

In 2019, multiple destructive attacks were observed targeting entities within the Middle East. The Saudi National Cyber Security Centre (NCSC) detected a new malware named “DUSTMAN” that was detonated on December 29, 2019. Based on analyzed evidence and artifacts found on machines in a victim’s network that were not wiped by the malware. NCSC assess that the threat actor behind the attack had some kind of urgency on executing the files on the date of the attack due to multiple OPSEC failures observed on the infected network. NCSC is calling the malware used in this attack “DUSTMAN” after the filename and string embedded in the malware. The file Dustman.exe was compiled from C:\Users\Admin\Desktop\Dustman\ on 2019-12-29. It uses the ElDos raw disk driver for wiping hard drives.