{
	"id": "dbdba948-f879-4075-91cf-ffd738f52576",
	"created_at": "2026-04-06T00:22:36.296695Z",
	"updated_at": "2026-04-10T03:31:51.269358Z",
	"deleted_at": null,
	"sha1_hash": "4b11464329ccc8331e5d53c240b70637c2fc77ce",
	"title": "Free Whitepaper - PIPEDREAM: CHERNOVITE's Emerging Malware Targeting Industrial Environments | Dragos",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31184,
	"plain_text": "Free Whitepaper - PIPEDREAM: CHERNOVITE's Emerging\r\nMalware Targeting Industrial Environments | Dragos\r\nArchived: 2026-04-05 17:29:04 UTC\r\nRead our complete analysis on CHERNOVITE and the PIPEDREAM malware, and get actionable guidance on\r\nwhat you can do to mitigate risk from cyber attack.\r\nPIPEDREAM is the seventh known ICS-specific malware. The CHERNOVITE Activity Group (AG) developed\r\nPIPEDREAM. PIPEDREAM is a modular ICS attack framework that an adversary could leverage to cause\r\ndisruption, degradation, and possibly even destruction depending on targets and the environment.\r\nDragos assesses with high confidence that PIPEDREAM has not yet been employed in the wild for destructive\r\neffects. This is a rare case of accessing and analyzing malicious capabilities developed by adversaries before their\r\ndeployment and gives defenders a unique opportunity to prepare in advance.\r\nPIPEDREAM can manipulate a wide variety of programmable logic controllers (PLC) and industrial software,\r\nincluding Omron and Schneider Electric controllers. It can also execute attacks against the ubiquitous industrial\r\ntechnologies CODESYS, Modbus, and OPC UA. Together, a significant percentage of industrial assets worldwide\r\nare vulnerable to PIPEDREAM.\r\nSource: https://hub.dragos.com/whitepaper/chernovite-pipedream\r\nhttps://hub.dragos.com/whitepaper/chernovite-pipedream\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://hub.dragos.com/whitepaper/chernovite-pipedream"
	],
	"report_names": [
		"chernovite-pipedream"
	],
	"threat_actors": [
		{
			"id": "091dc6fb-2650-4646-894a-41de0d463f94",
			"created_at": "2023-11-17T02:00:07.594612Z",
			"updated_at": "2026-04-10T02:00:03.455179Z",
			"deleted_at": null,
			"main_name": "Chernovite",
			"aliases": [],
			"source_name": "MISPGALAXY:Chernovite",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434956,
	"ts_updated_at": 1775791911,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4b11464329ccc8331e5d53c240b70637c2fc77ce.pdf",
		"text": "https://archive.orkl.eu/4b11464329ccc8331e5d53c240b70637c2fc77ce.txt",
		"img": "https://archive.orkl.eu/4b11464329ccc8331e5d53c240b70637c2fc77ce.jpg"
	}
}