A few days ago InQuest discovered a very interesting sample that was uploaded from Iran. The document is a contract for the supply of services to an energy company from southern Iran «Tavangoostar Niro va Gashtavar Jonob». The document also contains a link to this energy company. Since this family of malicious documents containing executable files was not previously known, InQuest named it the Green Stone.
TAGS: green stone, iran
ADVERSARY: Green Stone
INDUSTRY: Energy
TARGETED COUNTRY: Iran, Islamic Republic of
MALWARE FAMILY: Green Stone
ATT&CK IDS: T1102 - Web Service, T1113 - Screen Capture, T1140 - Deobfuscate/Decode Files or Information, T1566 - Phishing
Read More:
Комментарии