Green Stone

A few days ago InQuest discovered a very interesting sample that was uploaded from Iran. The document is a contract for the supply of services to an energy company from southern Iran «Tavangoostar Niro va Gashtavar Jonob». The document also contains a link to this energy company. Since this family of malicious documents containing executable files was not previously known, InQuest named it the Green Stone.

REFERENCE: https://inquest.net/blog/2022/07/27/green-stone

TAGS: green stone, iran

ADVERSARY: Green Stone

INDUSTRY: Energy

TARGETED COUNTRY: Iran, Islamic Republic of

MALWARE FAMILY: Green Stone

ATT&CK IDS: T1102 - Web Service, T1113 - Screen Capture, T1140 - Deobfuscate/Decode Files or Information, T1566 - Phishing

Read More:

https://otx.alienvault.com/pulse/62e3cb22e71e4dc39a8bd03e