Stuxnet Under the Microscope
Show in Graph
Image Description
Common Information
Type Value
UUID 229b275c-1b9c-4341-8f16-251e4fe4aee0
Fingerprint dbb6bcbbc8a0b05f9fa4e0b70a7ebe80b4d5f68e918d5e11f2d67db69c7a7f75
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 3, 2011, 11:14 a.m.
Added to db April 14, 2024, 1:07 a.m.
Last updated Aug. 31, 2024, 6:20 a.m.
Headline Stuxnet Under the Microscope
Title Stuxnet Under the Microscope
Detected Hints/Tags/Attributes 205/3/280
Source URLs
Redirection Url
Details Source https://web-assets.esetstatic.com/wls/2012/11/Stuxnet_Under_the_Microscope.pdf
Details Redirection https://www.welivesecurity.com/media_files/white-papers/Stuxnet_Under_the_Microscope.pdf
Details Redirection https://www.welivesecurity.com/wp-content/uploads/2012/11/Stuxnet_Under_the_Microscope.pdf
URL Provider
Details Provider Source level domain
Details esetstatic.com web-assets.esetstatic.com
Details welivesecurity.com www.welivesecurity.com
Attributes
Details Type #Events CTI Value
Details CVE 5 
cve-2010-2772
Details CVE 6 
cve-2010-0249
Details CVE 48 
cve-2010-2568
Details Domain 80 
www.eset.com
Details Domain 14 
blog.eset.com
Details Domain 3 
www.h-online.com
Details Domain 216 
www.symantec.com
Details Domain 8 
www.pbs.org
Details Domain 87 
www.amazon.com
Details Domain 397 
www.microsoft.com
Details Domain 3 
support.automation.siemens.com
Details Domain 128 
support.microsoft.com
Details Domain 2 
www.anti-virus.by
Details Domain 38 
blogs.technet.com
Details Domain 79 
www.f-secure.com
Details Domain 2 
www.sea.siemens.com
Details Domain 2 
aspx.sea.siemens.com
Details Domain 202 
krebsonsecurity.com
Details Domain 36 
www.kb.cert.org
Details Domain 145 
www.us-cert.gov
Details Domain 425 
isc.sans.edu
Details Domain 25 
www.cve.mitre.org
Details Domain 64 
go.microsoft.com
Details Domain 145 
threatpost.com
Details Domain 177 
www.wired.com
Details Domain 25 
securityweek.com
Details Domain 25 
www.scmagazineuk.com
Details Domain 7 
www.langner.com
Details Domain 2 
realtimeacs.com
Details Domain 404 
www.virusbtn.com
Details Domain 1 
www.infracritical.com
Details Domain 2 
www.stdlib.com
Details Domain 34 
www.metasploit.com
Details Domain 201 
msdn.microsoft.com
Details Domain 6 
www.windowsupdate.com
Details Domain 30 
www.msn.com
Details Domain 5 
www.mypremierfutbol.com
Details Domain 5 
www.todaysfutbol.com
Details Domain 15 
www.heise.de
Details Domain 8 
www.reconstructer.org
Details Domain 4 
it.slashdot.org
Details Domain 2 
www.zdnet.co.uk
Details Domain 3 
www.msnbc.msn.com
Details Domain 123 
www.reuters.com
Details Domain 2 
forums.cnet.com
Details Domain 36 
news.softpedia.com
Details Domain 20 
www.computerworld.com
Details Domain 454 
www.google.com
Details Domain 3 
www.dailytech.com
Details Domain 4 
www.scmagazineus.com
Details Domain 170 
www.sans.org
Details Domain 41 
secunia.com
Details Domain 54 
www.csoonline.com
Details Domain 2 
frank.geekheim.de
Details Domain 2 
www.faz.net
Details Domain 7 
news.sky.com
Details Domain 41 
www.bbc.co.uk
Details Domain 2 
www.thinq.co.uk
Details Domain 70 
nakedsecurity.sophos.com
Details Domain 2 
thompson.blog.avg.com
Details Domain 622 
en.wikipedia.org
Details Domain 8 
www.itproportal.com
Details Domain 18 
www.eweek.com
Details Domain 132 
www.exploit-db.com
Details Domain 1 
blogs.protegerse.com
Details Domain 4 
www.v3.co.uk
Details Domain 335 
www.facebook.com
Details Domain 4 
af.reuters.com
Details Domain 1 
go.theregister.com
Details Domain 101 
www.theregister.co.uk
Details Domain 1 
blogs.forbes.com
Details Domain 1 
taiaglobal.com
Details Domain 138 
www.darkreading.com
Details Domain 1 
www.vimeo.com
Details Domain 372 
wscript.shell
Details Domain 74 
adodb.stream
Details File 115 
win32k.sys
Details File 17 
mrxcls.sys
Details File 14 
mrxnet.sys
Details File 5 
wtr4141.tmp
Details File 5 
jmidebs.sys
Details File 2 
1081469.html
Details File 2 
weiss.html
Details File 3 
automation.sie
Details File 2 
security-bulletin-release.aspx
Details File 2 
new_rootkit_en.pdf
Details File 2 
sea.sie
Details File 2 
wincc_update.aspx
Details File 38 
kb.cer
Details File 2 
01%20-%20usb%20malware%20targeting%20siemens%20control%20software.pdf
Details File 3 
the-stuxnet-sting.aspx
Details File 18 
diary.html
Details File 3 
llisapi.dll
Details File 3 
cslib.cs
Details File 3 
autorun.vb
Details File 2 
vulnerability.aspx
Details File 109 
index.htm
Details File 6 
w32_stuxnet_dossier.pdf
Details File 1 
raiu-vb2010.pdf
Details File 1 
omurchu-vb2010.pdf
Details File 384 
www.inf
Details File 1 
timeline.txt
Details File 2 
art6-shortcut-file-format-lnk.html
Details File 5 
wtr4132.tmp
Details File 9 
winsta.exe
Details File 131 
spoolsv.exe
Details File 11 
rundll.exe
Details File 2 
c:\addins\defragdc2d0.tmp
Details File 2 
schedsvc.dll
Details File 1 
olmarik.ai
Details File 533 
ntdll.dll
Details File 3 
kerenl32.dll
Details File 748 
kernel32.dll
Details File 185 
shell32.dll
Details File 9 
lssas.exe
Details File 119 
avp.exe
Details File 45 
mcshield.exe
Details File 23 
avguard.exe
Details File 42 
bdagent.exe
Details File 8 
umxcfg.exe
Details File 14 
fsdfwd.exe
Details File 28 
rtvscan.exe
Details File 35 
ccsvchst.exe
Details File 53 
ekrn.exe
Details File 7 
tmproxy.exe
Details File 3 
wtrabcd.tmp
Details File 2 
wtr4411.tmp
Details File 6 
s7tgtopx.exe
Details File 9 
ccprojectmgr.exe
Details File 4 
s7apromx.dll
Details File 13 
mfc42.dll
Details File 80 
msvcrt.dll
Details File 86 
ole32.dll
Details File 4 
s7p00001.dbf
Details File 306 
services.exe
Details File 7 
s7otbxdx.dll
Details File 2 
s7otbxdsx.dll
Details File 263 
iexplore.exe
Details File 4 
s7otbldx.dll
Details File 2 
s7togtopx.exe
Details File 1205 
index.php
Details File 1 
1038992.html
Details File 1 
luecke-1038281.html
Details File 8 
main.html
Details File 2 
5208-6132_102-0.html
Details File 2 
00001993.html
Details File 2 
newsbites.php
Details File 2 
1080751.html
Details File 252 
www.cs
Details File 2 
32_stuxnet_dossier.pdf
Details File 2 
scontent.html
Details File 1 
comment-on-stuxnet-and-more-windows-0-days.html
Details File 1 
00002040.html
Details File 1 
-black-market-1142866.html
Details File 1 
china-likely-behind-stuxnet-attack-cyberwar-expert-says.html
Details File 1 
stuxnet-timeline.txt
Details File 2 
dbo.sys
Details File 2 
mcptproject.cs
Details File 2 
mcptvariabledesc.max
Details File 4 
sql%05x.db
Details IPv4 9 
4.2.1.1
Details IPv4 8 
4.2.1.2
Details IPv4 4 
4.2.1.3
Details Pdb 2 
b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb
Details Url 1 
http://blog.eset.com/2010/07/22/why-steal-digital-certificates
Details Url 2 
http://blog.eset.com/2010/07/19/win32stuxnet-signed-binaries
Details Url 2 
http://blog.eset.com/2010/07/19/which-army-attacked-the-power-grids.
Details Url 2 
http://www.h-online.com/security/news/item/stuxnet-also-found-at-industrial-plants-in-germany-
Details Url 2 
http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process
Details Url 2 
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/weiss.html
Details Url 1 
http://www.amazon.com/protecting-industrial-
Details Url 2 
http://www.microsoft.com/technet/security/bulletin/ms10-
Details Url 3 
http://www.microsoft.com/technet/security/bulletin/ms10-061.mspx
Details Url 1 
http://www.microsoft.com/technet/security/bulletin/ms10-073.mspx
Details Url 1 
http://www.microsoft.com/technet/security/bulletin/ms10-092.mspx
Details Url 2 
http://support.automation.siemens.com/ww/view/en/43876783.
Details Url 2 
http://blog.eset.com/2010/07/20/theres-passwording-and-theres-security.
Details Url 2 
http://support.microsoft.com/kb/2286198
Details Url 2 
http://www.anti-virus.by/en/tempo.shtml
Details Url 2 
http://blogs.technet.com/b/msrc/archive/2010/09/13/september-2010-
Details Url 2 
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf
Details Url 2 
http://www.sea.siemens.com/us/news/industrial/pages/wincc_update.aspx.sea.siemens.com/us/new
Details Url 3 
http://blog.eset.com/2010/07/19/win32stuxnet-
Details Url 2 
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw
Details Url 2 
http://www.kb.cert.org/vuls/id/940193
Details Url 2 
http://www.us-cert.gov/control_systems/pdf/icsa-10-201-
Details Url 2 
http://www.microsoft.com/technet/security/advisory/2286198.mspx
Details Url 2 
http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx
Details Url 2 
http://isc.sans.edu/diary.html?storyid=9181
Details Url 2 
http://www.cve.mitre.org/cgi-
Details Url 2 
http://go.microsoft.com/?linkid=9738980
Details Url 2 
http://go.microsoft.com/?linkid=9738981
Details Url 2 
http://threatpost.com/en_us/blogs/verisign-revokes-certificate-used-sign-stuxnet-malware-071710
Details Url 2 
http://blog.eset.com/2010/07/19/win32stuxnet-signed-binaries.
Details Url 2 
http://isc.sans.edu/diary.html?storyid=9190
Details Url 2 
http://www.sea.siemens.com/us/news/industrial/pages/wincc_update.aspx
Details Url 2 
http://www.wired.com/threatlevel/tag/siemens
Details Url 3 
http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo
Details Url 3 
http://isc.sans.edu/diary.html?storyid=9229
Details Url 2 
http://blog.eset.com/2010/07/22/new-
Details Url 2 
http://securityweek.com/shortcuts-insecurity-lnk-exploits
Details Url 2 
http://blog.eset.com/2010/08/02/save-your-work-microsoft-releases-critical-
Details Url 2 
http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx
Details Url 2 
http://www.scmagazineuk.com/microsoft-plugs-stuxnet-problems-as-nine-bulletins-are-released-on-
Details Url 3 
http://blogs.technet.com/b/msrc
Details Url 2 
http://blogs.technet.com/b/srd/archive/2010/09/14/ms10-061-printer-spooler-
Details Url 2 
http://www.langner.com/en/index.htm
Details Url 2 
http://realtimeacs.com/?page_id=65
Details Url 2 
http://realtimeacs.com/?page_id=66
Details Url 1 
http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process.
Details Url 2 
http://www.virusbtn.com/conference/vb2010/programme/index
Details Url 1 
http://www.symantec.com/connect/blogs/w32stuxnet-dossier
Details Url 1 
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitep
Details Url 1 
http://www.virusbtn.com/pdf/conference_slides/2010/raiu-vb2010.pdf
Details Url 1 
http://www.virusbtn.com/pdf/conference_slides/2010/omurchu-vb2010.pdf
Details Url 1 
http://www.symantec.com/connect/blogs/stuxnet-breakthrough
Details Url 1 
http://www.infracritical.com/papers/stuxnet-
Details Url 1 
http://www.langner.com/en/2010/12/31/year-end-roundup
Details Url 1 
http://www.langner.com/en/blog
Details Url 1 
http://blog.eset.com/?p=5731
Details Url 2 
http://www.stdlib.com/art6-shortcut-file-format-lnk.html
Details Url 2 
http://www.metasploit.com/modules/exploit/windows/browser/ms10_046_shortcut_icon_dllloader
Details Url 2 
http://msdn.microsoft.com/en-us/library/cc227098(prot.10).aspx
Details Url 3 
http://www.microsoft.com/technet/security/advisory/2269637.mspx
Details Url 1 
http://www.h-online.com/security/news/item/trojan-spreads-via-new-windows-hole-
Details Url 1 
http://www.heise.de/newsticker/meldung/trojaner-verbreitet-sich-ueber-neue-windows-
Details Url 3 
http://www.reconstructer.org/main.html
Details Url 2 
http://it.slashdot.org/submission/1283670/malware-targets-shortcut-flaw-in-windows-scada
Details Url 1 
http://it.slashdot.org/story/10/07/15/1955228/malware-targets-shortcut-flaw-in-windows-
Details Url 1 
http://www.zdnet.co.uk/news/security/2010/07/16/spy-rootkit-goes-after-key-indian-iranian-
Details Url 2 
http://www.msnbc.msn.com/id/38315572
Details Url 2 
http://www.reuters.com/article/idustre66i5vx20100719
Details Url 2 
http://forums.cnet.com/5208-6132_102-0.html?messageid=3341877
Details Url 2 
http://www.f-secure.com/weblog/archives/00001993.html
Details Url 2 
http://news.softpedia.com/news/poc-exploit-code-available-for-windows-lnk-vulnerability-
Details Url 1 
http://www.computerworld.com/s/article/9179339/windows_shortcut_attack_code_goes_pub
Details Url 2 
http://krebsonsecurity.com/2010/09/stuxnet-worm-far-more-sophisticated-than-previously-
Details Url 2 
http://blog.eset.com/2010/08/04/assessing-intent
Details Url 1 
http://www.google.com/hostednews/ap/article/aleqm5h7lx0joe1agngqoefwwmcm6thizqd
Details Url 1 
http://www.dailytech.com/hackers
Details Url 2 
http://www.scmagazineus.com/keeping-hilfs-from-crashing-your-party/article/173975
Details Url 2 
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=12&issue=74
Details Url 1 
http://www.computerworld.com/s/article/9185919/is_stuxnet_the_best_malware_ever_?taxo
Details Url 1 
http://www.zdnet.co.uk/news/security-threats/2010/09/16/siemens-stuxnet-infected-14-
Details Url 2 
http://www.h-online.com/security/news/item/stuxnet-worm-can-control-industrial-systems-
Details Url 2 
http://secunia.com/advisories/41525
Details Url 2 
http://secunia.com/advisories/41471
Details Url 2 
http://www.csoonline.com/article/614064/siemens-stuxnet-worm-hit-industrial-systemss
Details Url 1 
http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-
Details Url 2 
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w
Details Url 2 
http://blog.eset.com/?s=stuxnet
Details Url 2 
http://frank.geekheim.de/?p=1189
Details Url 2 
http://www.faz.net/s/rubceb3712d41b64c3094e31bdc1446d18e/doc
Details Url 1 
http://www.computerworld.com/s/article/9187300/microsoft_confirms_it_missed_stuxnet_pri
Details Url 1 
http://news.sky.com/skynews/home/world-news/stuxnet-worm-virus-targeted-at-irans-
Details Url 1 
http://news.sky.com/skynews/home/video/stuxnet-worm-virus-targeted-at-irans-nuclear-
Details Url 1 
http://www.bbc.co.uk/news/technology-11795076
Details Url 1 
http://www.thinq.co.uk/2010/11/25/stuxnet-worm-hits-black-market
Details Url 1 
http://nakedsecurity.sophos.com/2010/11/25/stuxnet-scared-of-shadows
Details Url 1 
http://thompson.blog.avg.com/2010/11/comment-on-stuxnet-and-more-windows-0-days.html
Details Url 1 
http://en.wikipedia.org/wiki/stuxnet
Details Url 1 
http://www.msnbc.msn.com/id/3036697/#40280338
Details Url 1 
http://www.itproportal.com/2010/11/25/microsoft-reveals-code-vulnerable-stuxnet
Details Url 1 
http://www.eweek.com/c/a/security/exploit-code-for-windows-zeroday-targeted-by-stuxnet-
Details Url 1 
http://www.exploit-db.com/exploits/15589
Details Url 1 
http://blogs.protegerse.com/laboratorio/2010/11/24/publicado-el-codigo-de-otra-de-las-
Details Url 1 
http://www.v3.co.uk/v3/news/2273495/stuxnet-black-market-sky-news
Details Url 1 
http://www.f-secure.com/weblog/archives/00002040.html
Details Url 1 
http://www.facebook.com/notes/eset-ireland/cyberthreats-daily-facebook-infested-with-new-
Details Url 1 
http://af.reuters.com/article/energyoilnews/idaflde6as1l120101129
Details Url 1 
http://go.theregister.com/i/cfh/http://www.theregister.co.uk/2010/11/29/stuxnet_stuxnet
Details Url 1 
http://www.h-online.com/security/news/item/report-stuxnet-code-being-sold-on
Details Url 1 
http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
Details Url 1 
http://blogs.forbes.com/firewall/2010/12/14/stuxnets-finnish-chinese-connection/#more
Details Url 1 
http://taiaglobal.com/?attachment_id=81
Details Url 1 
http://www.darkreading.com/vulnerability-management/167901026/security/attacks-
Details Url 1 
http://www.infracritical.com/papers/stuxnet-timeline.txt
Details Url 1 
http://www.vimeo.com/18225315
Details Windows Registry Key 2 
HKLM\SOFTWARE\SIEMENS\STEP7
Details Windows Registry Key 2 
HKLM\SOFTWARE\SIEMENS\WinCC\Setup