OT/ICS Threat Awareness – FrostyGoop: New Indicators and a Closer Look

Researchers at Unit 42’s Threat Research Center have uncovered new samples and indicators of compromise (IoCs) of FrostyGoop – the 9th reported industrial control system (ICS) malware which became publicly known in July this year. These new IoCs include configuration files and libraries used by the malware, as well as artifacts associated with an infection. Unit 42 also investigated network communications and have provided new insights based on open-source intelligence (OSINT) data. While FrostyGoop is the 9th known ICS malware, it is the first that uses Modbus TCP communications to achieve an impact on Operational Technology (OT).

Researchers at Unit 42’s Threat Research Center have uncovered new samples and indicators of compromise (IoCs) of FrostyGoop – the 9th reported industrial control system (ICS) malware which became publicly known in July this year. These new IoCs include configuration files and libraries used by the malware, as well as artifacts associated with an infection. Unit 42 also investigated network communications and have provided new insights based on open-source intelligence (OSINT) data. While FrostyGoop is the 9th known ICS malware, it is the first that uses Modbus TCP communications to achieve an impact on Operational Technology (OT).