The malware contains four modules that are specific to industrial control systems and exploits four protocols in these systems – IEC 101, IEC 104, IEC 61850, and OLE for Process Control Data Access.