← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Buhtrap group uses zero‑day in latest espionage campaigns
WHITE BuhTrap AlienVault 2019-07-11 Modified: 2019-07-12
32
IOCs
MEDIUM VOLUME
The Buhtrap group is well known for its targeting of financial institutions and businesses in Russia. However, since late 2015, we have witnessed an interesting change in its traditional targets. From a pure criminal group perpetrating cybercrime for financial gain, its toolset has been expanded with malware used to conduct espionage in Eastern Europe and Central Asia.
russiabuhtrap
Indicators of Compromise (8 / 32 total)
All URL domain FileHash-SHA256 hostname FileHash-SHA1 CVE
TYPEINDICATORDESCRIPTIONCREATED
hostname win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.5204.toor.win10.ipv6-microsoft.org 2019-07-11
hostname redmond.corp-microsoft.com 2019-07-11
hostname 7812.reg0.5267.toor.win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.5173.toor.win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.5314.toor.win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.5361.toor.win10.ipv6-microsoft.org 2019-07-11
hostname 7812.reg0.4621.toor.win10.ipv6-microsoft.org 2019-07-11
References (1)
↗ https://www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/