In August, Jimmy Wylie and I presented at DEF CON’33 on Dragos’ process for determining whether a given capability qualifies as “ICS-specific malware.”
We presented a basic rubric for making the determination and include 3 example capabilities that I discovered while threat hunting and why - though they might look like it - they do not qualify as ICS malware.
Give it a listen!