{ "Event": { "analysis": "0", "date": "2022-04-25", "extends_uuid": "", "info": "[Threat Intel] Industroyer2 IEC-104 Analysis", "protected": false, "publish_timestamp": "1772407496", "published": true, "threat_level_id": "2", "timestamp": "1772407493", "uuid": "58805a7e-8a3f-4221-b0a7-379e11f07695", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772339030", "to_ids": false, "type": "link", "uuid": "a4f85041-163d-4fc9-b222-cdbcb1e4ef13", "value": "https://www.netresec.com/?page=Blog&month=2022-04&post=Industroyer2-IEC-104-Analysis" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772352241", "uuid": "b3da6306-43a6-4516-8c7c-6616d599134b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772352241", "to_ids": true, "type": "md5", "uuid": "7b8d8f32-0a69-4539-9f21-b6bd0d85fccd", "value": "7c05da2e4612fca213430b6c93e76b06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352093", "to_ids": true, "type": "sha1", "uuid": "fae83e52-8c83-455e-9124-4b7c602817eb", "value": "fdeb96bc3d4ab32ef826e7e53f4fe1c72e580379", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352093", "to_ids": true, "type": "sha256", "uuid": "7e335c53-2cdc-4ae1-b7b7-cc9f54250820", "value": "d69665f56ddef7ad4e71971f06432e59f1510a7194386e5f0e8926aea7b88e00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351507", "to_ids": true, "type": "ssdeep", "uuid": "d2f54d84-8255-485d-86d4-3a227bfb413a", "value": "768:9kQ2SkG1EqihRWlG4ya6kcqCHfv3uWvzPMinhgaXj7:9jo9kc3einhgaXv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351507", "to_ids": false, "type": "size-in-bytes", "uuid": "ee392933-5b47-4f23-958d-956cb7d06da3", "value": "37888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351507", "to_ids": true, "type": "vhash", "uuid": "40175974-e933-440b-a494-6b5f6688c986", "value": "034046551d155az279z25z1039ze7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351507", "to_ids": true, "type": "filename", "uuid": "9de98efb-e33d-42c8-b330-fc72947ee605", "value": "d69665f56ddef7ad4e71971f06432e59f1510a7194386e5f0e8926aea7b88e00.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351507", "to_ids": false, "type": "text", "uuid": "4f7671be-7db1-4d3e-9826-0e237ad3fd37", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Znyonm!rfn\nVT Total Detection:45/72\nFirst Submission:2022-04-14T12:36:41.000000+00:00\nLast Submission:2025-12-15T13:19:45.000000+00:00" } ] } ] } }