SYMBOLCOMMON_NAMEaka. SYNONYMS
win.piehop (Back to overview)

PIEHOP

According to Mandiant, PIEHOP is a disruption tool written in Python and packaged with PyInstaller version 2.1+ that has the capability to connect to a user supplied remote MSSQL server for uploading files and issuing remote commands to a RTU.
PIEHOP expects its main function to be called via another Python file, supplying either the argument control=True or upload=True. At a minimum, it requires the following arguments: oik, user, and pwd, and if called with control=True, it must also be supplied with iec104.

References
2023-05-25MandiantKen Proska, Daniel Kapellmann Zafra, Keith Lunden, Corey Hildebrandt, Rushikesh Nandedkar, Nathan Brubaker
@online{proska:20230525:cosmicenergy:bb4b9a9, author = {Ken Proska and Daniel Kapellmann Zafra and Keith Lunden and Corey Hildebrandt and Rushikesh Nandedkar and Nathan Brubaker}, title = {{COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises}}, date = {2023-05-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response}, language = {English}, urldate = {2023-05-26} } COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
LIGHTWORK PIEHOP

There is no Yara-Signature yet.