← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Buhtrap group uses zero‑day in latest espionage campaigns
WHITE BuhTrap AlienVault 2019-07-11 Modified: 2019-07-12
32
IOCs
MEDIUM VOLUME
The Buhtrap group is well known for its targeting of financial institutions and businesses in Russia. However, since late 2015, we have witnessed an interesting change in its traditional targets. From a pure criminal group perpetrating cybercrime for financial gain, its toolset has been expanded with malware used to conduct espionage in Eastern Europe and Central Asia.
russiabuhtrap
Indicators of Compromise (32)
All URL domain FileHash-SHA256 hostname FileHash-SHA1 CVE
TYPEINDICATORDESCRIPTIONCREATED
URL http://redmond.corp-microsoft.com/g/help/index.php 2019-07-11
domain corp-microsoft.com 2019-07-11
domain ipv6-microsoft.org 2019-07-11
FileHash-SHA256 6e820b5732cd8bb95546cf39aeb6babe90cf4cc7dde675b718710babcf1740b5 2019-07-11
FileHash-SHA256 b475f14a1ffdeaf883c73e97724544b9bba0f6c481830bd25e3ba0d0f69b9181 2019-07-11
FileHash-SHA256 fd6c772c31da19a66283af4703d1d5072a9158d03031a4094ac2eb8dccd3d6d1 2019-07-11
domain secure-telemetry.net 2019-07-11
domain services-glbdns2.com 2019-07-11
domain hdfilm-seyret.com 2019-07-11
URL https://services-glbdns2.com/FIGm6uJx0MhjJ2ImOVurJQTs0rRv5Ef2UGoSc 2019-07-11
URL https://hdfilm-seyret.com/help/index.php 2019-07-11
URL https://redmond.corp-microsoft.com/help/index.php 2019-07-11
URL https://secure-telemetry.net/wp-login.php 2019-07-11
hostname win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.5204.toor.win10.ipv6-microsoft.org 2019-07-11
hostname redmond.corp-microsoft.com 2019-07-11
hostname 7812.reg0.5267.toor.win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.5173.toor.win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.5314.toor.win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.5361.toor.win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.4621.toor.win10.ipv6-microsoft.org 2019-07-11
FileHash-SHA1 9c3434ebdf29e5a4762afb610ea59714d8be2392 2019-07-11
FileHash-SHA1 e0f3557ea9f2ba4f7074caa0d0cf3b187c4472ff 2019-07-11
FileHash-SHA1 2f2640720cce2f83ca2f0633330f13651384dd6a 2019-07-11
FileHash-SHA1 b25def9ac34f31b84062a8e8626b2f0ef589921f 2019-07-11
FileHash-SHA1 5e662e84b62ca6bdf6d050a1a4f5db6b28fbb7c5 2019-07-11
FileHash-SHA1 c17c335b7ddb5c8979444ec36ab668ae8e4e0a72 2019-07-11
CVE CVE-2015-2387 2019-07-11
CVE CVE-2019-1132 2019-07-11
FileHash-SHA256 7c7e28254623462d0dd97aec61f7039b1fc8dcaaa6a06fb9cb52075f25b48629 2019-07-12
FileHash-SHA256 9c2a235504003f2cc50c444c4c47b9ac3a16251d47b63313ba9d3ea7bc6011c9 2019-07-12
FileHash-SHA256 25542d4ae765f794e56e2678e60a181ece9de530a145caea12ea1a89aa289dba 2019-07-12
References (1)
↗ https://www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/