Quote:
|
Originally Posted by frank_boldewin
hi guys,
has anyone already taken a deeper look at the malware?
i found stuff like this after some decryption/unpacking stages of MD5 sample 016169ebebf1cec2aad6c7f0d0ee9026
Code:
SOFTWARE\SIEMENS\WinCC\Setup
STEP7_Version
SOFTWARE\SIEMENS\STEP7
SOFTWARE\Microsoft\Windows\CurrentVersion\MS-DOS Emulation
NTVDM TRACE
this points me to the Siemens WinCC SCADA system.
looks like this malware was made for espionage. |
Maybe it was written by someone in the Utilities business?