havex ics_scada espionage malware
OpenIOC1.0
by @iocbucket
sha1:
f7cbe424b9bfb7ec5c3ce1b1cbe33e1850540814
short description:
havex (ics-scada) espionage malware
long description:
havex - a relatively generic remote access trojan (rat) - gets delivered to victims via spam emails and exploit kits, but to maximize the likelihood that the right people would get infected, the attackers have also poisoned a few online watering holes. havex manipulates the opc protocol. opc is often used to transfer process data between systems from different vendors. almost every ics made in the last decade has an opc interface; it is the ics universal translator. the havex rat is distributed at least through following channels spam email, exploit kits, trojanized installers.