Inside a New OT/IoT Cyberweapon: IOCONTROL

Team82 analyzed IOCONTROL, a custom IoT/OT malware tied to Iran-affiliated operators (CyberAv3ngers/IRGC-CEC) used to compromise Orpak/Gasboy fuel management systems and diverse embedded devices; the report provides in-depth technical analysis of the binary (ARM BE sample), unpacking and decryption of configuration, DoH-based DNS resolution to C2, MQTTs communication channels, persistence mechanisms, supported commands (including arbitrary command execution and port scanning), and a set of IoCs (domains, IP, hash, filesystem paths).