Date: 11/28/2024
Severity: Medium
Summary
"FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications" explores the OT-centric malware FrostyGoop, which targeted Ukraine’s critical infrastructure in 2024. Using Modbus TCP communications, it disrupted power and heating services for over 600 apartment buildings. The article examines the malware’s behavior, newly discovered samples, and network communications, shedding light on its tactics and impact on industrial control systems (ICS). FrostyGoop serves as a key example of the rising threat posed by OT malware.
Indicators of Compromise (IOC) List
Hash |
91062ed8cc5d92a3235936fb93c1e9181b901ce6fb9d4100cc01167cdc08745f
a63ba88ad869085f1625729708ba65e87f5b37d7be9153b3db1a1b0e3fed309c
c64b67c116044708e282d0d1a8caea2360270a7fc679befa5e28d1ca15f6714c
9cf30d82a86a9485f7bbd0786a5de207cf4902691a3efcfc966248cb1e87d5b7
5d2e4fd08f81e3b2eb2f3eaae16eb32ae02e760afc36fa17f4649322f6da53fb
2fd9cb69ef30c0d00a61851b2d96350a9be68c7f1f25a31f896082cfbf39559a
a25f91b6133cb4eb3ecb3e0598bbab16b80baa40059e623e387a6b1082d6f575
06919e6651820eb7f783cea8f5bc78184f3d437bc9c6cde9bfbe1e38e5c73160 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 |
sha256hash IN ("91062ed8cc5d92a3235936fb93c1e9181b901ce6fb9d4100cc01167cdc08745f","a63ba88ad869085f1625729708ba65e87f5b37d7be9153b3db1a1b0e3fed309c","c64b67c116044708e282d0d1a8caea2360270a7fc679befa5e28d1ca15f6714c","9cf30d82a86a9485f7bbd0786a5de207cf4902691a3efcfc966248cb1e87d5b7","5d2e4fd08f81e3b2eb2f3eaae16eb32ae02e760afc36fa17f4649322f6da53fb","2fd9cb69ef30c0d00a61851b2d96350a9be68c7f1f25a31f896082cfbf39559a","a25f91b6133cb4eb3ecb3e0598bbab16b80baa40059e623e387a6b1082d6f575","06919e6651820eb7f783cea8f5bc78184f3d437bc9c6cde9bfbe1e38e5c73160") |
Reference:
https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/