Dust Storm is a threat group that has targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries.
Disclaimer: We present this mapping to stimulate thinking about active defense options to combat this adversary, not to present all possibilities. We invite you to use this as a guide and add your own use cases for applying Shield techniques to counter each adversary action.
Note: All ATT&CK Group sub-technique mappings have been remapped to their parent technique and were derived from Group Technique mappings in ATT&CK v8.
|ATT&CK Technique||Opportunity Space||AD Technique||Use Case|
|T1005 - Data from Local System||In an adversary engagement scenario, there is an opportunity to add legitimacy by ensuring the local system is with fully populated with content.||DTE0030 - Pocket Litter||A defender can stage a variety of pocket litter files to bolster the legitimacy of the local system.|
|T1005 - Data from Local System||In an adversary engagement scenario, there is an opportunity provide content on a variety of topics to see what types of information seems to interest the adversary.||DTE0030 - Pocket Litter||A defender can stage a variety of pocket litter files in order to determine if an adversary is interested in specific file types, subjects, etc.|
|T1027 - Obfuscated Files or Information||In an adversary engagement scenario, there is an opportunity to introduce decoy systems that can influence an adversary's behavior or allow you to observe how they perform a specific task.||DTE0017 - Decoy System||A defender could implement a decoy system to study how and when an adversary obfuscate files and hides information.|
|T1083 - File and Directory Discovery||There is an opportunity to feed content to an adversary to influence their behaviors, test their interest in specific topics, or add legitimacy to a system or environment.||DTE0011 - Decoy Content||A defender can utilize decoy files and directories to provide content that could be used by the adversary.|