Recent Incident Reportedly Targeting Saudi Arabia With Links To Greenbug and OilRig Actors
released on 2017-09-11 @ 06:34:05 PM
Open source reporting recently indicated new activity from the Iranian actor publicly known as Greenbug targeting Saudi Arabia. The incident used a Microsoft Excel file containing malicious macros which wrote a malicious executable and associated files to the victim machine. The executable in this instance appears to be a variant of a Trojan known as ISMAgent and uses the domain www.ntpupdateserver[.]com for command and control (C2). This domain has been previously reported as an lSMAgent C2.