Pulse Detail — Threat Intelligence

PULSE NAME

VayGren and Mr.Burns: Strong Ties in Finance

WHITE VasyGrek AlienVault 2024-07-10 Modified: 2024-08-09

223

IOCs

HIGH VOLUME

F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given, as well as a description of the current version of the BurnsRAT malware, sold on forums and used in attacks on Russian companies.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1113 T1033 T1036.005 T1204.002 T1573.001 T1543.003 T1497.001 T1566.002 T1566.001 T1574.001 T1082 T1005 T1219 T1555.003 T1217 T1083 T1036.004 T1055.002 T1552.001 T1041 T1547.001 T1574 T1571 T1095 T1518.001 T1059.003 T1070.004 T1027.002 T1071.001 T1105 T1569.002

MALWARE FAMILIES

BurnsRAT PureCrypter PureLogs MetaStealer WarzoneRAT - S0670 Ave Maria RedLine Stealer RMS TeamViewer

Indicators of Compromise (223)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://sk-krona.fun/panel/uploads/Etqslnpm.mp4	—	2024-07-10
URL	http://vip22gr.ru/framework/	—	2024-07-10
FileHash-MD5	0496ec9393b9228f1cf3439046309cf0	—	2024-07-10
FileHash-MD5	1025ca24a5aee6ae898adf31ac936f82	—	2024-07-10
FileHash-MD5	18851fd2d0d031743f6bf27201e8a914	—	2024-07-10
FileHash-MD5	2302efee7f01875df7afa6b03301b93e	—	2024-07-10
FileHash-MD5	2369d0794f9187a3e26d96cba5efad87	—	2024-07-10
FileHash-MD5	2408a9f118f416e0afafa0a087c13919	—	2024-07-10
FileHash-MD5	2590bce206b06ca1fa45cc216eb8f6b0	—	2024-07-10
FileHash-MD5	2c49f46aceb1c8b62f8c47711b381f5c	—	2024-07-10
FileHash-MD5	39560b75207987740cff07366cc0a065	—	2024-07-10
FileHash-MD5	396457dacbfd2a64e92e331fc0fdf668	—	2024-07-10
FileHash-MD5	41d7820cf6e3b3ce7596d3be4288342f	—	2024-07-10
FileHash-MD5	443c21697f08a23157486b8492dfb44b	—	2024-07-10
FileHash-MD5	47fe2868fa59d70b1c615b46f02e27a0	—	2024-07-10
FileHash-MD5	4c3fbe8680b7884411a9309fd5f83041	—	2024-07-10
FileHash-MD5	4e0ef11e1d050f98ee93a7d06ea870e0	—	2024-07-10
FileHash-MD5	59c026895ad8330163a201e537687dec	—	2024-07-10
FileHash-MD5	5c6f7f172b6f04ab797fd8747149a434	—	2024-07-10
FileHash-MD5	6108c4dfc40c5059db5851144367ada3	—	2024-07-10
FileHash-MD5	61a4082007b8319b8b747a3a7ddd447b	—	2024-07-10
FileHash-MD5	62405fd0301bff88cc14af75572c92c4	—	2024-07-10
FileHash-MD5	674a9b5e930b050364b04b8a5a1c3698	—	2024-07-10
FileHash-MD5	68eb514040a2e8de71c3baeda73a532a	—	2024-07-10
FileHash-MD5	6ccc365c4292f53b65325a9b72fd29b6	—	2024-07-10
FileHash-MD5	6e3328ba891a8325e2ff4e7af7bfc609	—	2024-07-10
FileHash-MD5	6fdc656c8bcfe6f4658b3fa3216ab9d2	—	2024-07-10
FileHash-MD5	795e591f905ffb771eea7118407e823a	—	2024-07-10
FileHash-MD5	7bdaafec94c18e94c67629a8617167b4	—	2024-07-10
FileHash-MD5	7d387e6c53133c0685ea924d384a275d	—	2024-07-10
FileHash-MD5	81b461acf35d806e837998e03f998411	—	2024-07-10
FileHash-MD5	822d07d8923b178ccc860507241a27e0	—	2024-07-10
FileHash-MD5	92e369d9f73725dc37120c07aaa2266e	—	2024-07-10
FileHash-MD5	a0cdd68d18c64290d15b212d2d97d2c7	—	2024-07-10
FileHash-MD5	abb08e75460981a042d68990b90416e6	—	2024-07-10
FileHash-MD5	ad2d13ce6ad39c20cd75864f0a7afe2c	—	2024-07-10
FileHash-MD5	aec2bf913aa709a117324629aa61a06f	—	2024-07-10
FileHash-MD5	b17b57f48e086e4b42788500378439b9	—	2024-07-10
FileHash-MD5	b29a40737e23a194b02f26cca6676d6e	—	2024-07-10
FileHash-MD5	b4a9522a14bf3dcfbccaa46ec30bdc04	—	2024-07-10
FileHash-MD5	b6c680597e614011b43f2f038d6a5c63	—	2024-07-10
FileHash-MD5	b7caee106dd0930f0d8997847ac20752	—	2024-07-10
FileHash-MD5	b91a1ac8f85543ff0aeb329e639ebfba	—	2024-07-10
FileHash-MD5	beb42f19b0176e111f76e4d7d8afa57e	—	2024-07-10
FileHash-MD5	cb66d957827558cf1da14a7b1540be18	—	2024-07-10
FileHash-MD5	cd4c9b1f46e779b910cdccc3abbc5926	—	2024-07-10
FileHash-MD5	e29390d236e45d2eff2511d5cc945848	—	2024-07-10
FileHash-MD5	f75f4caba62e00381830e0f868737eac	—	2024-07-10
FileHash-MD5	fc8e27119efd36aa6c0b392ec24c2330	—	2024-07-10
FileHash-SHA1	02af288ea97c1f2c5cda007556541865614f9651	—	2024-07-10
FileHash-SHA1	03738a14c114e3943e71d759370d3cf101d3b0be	—	2024-07-10
FileHash-SHA1	0f33cd7f5590b21cbee1903b6d7bf23116b10e4b	—	2024-07-10
FileHash-SHA1	1244a28c79de7b7c7397f5528ca61bb70063616c	—	2024-07-10
FileHash-SHA1	170936e8bb0416bb981203120fd1cbdf52dc895e	—	2024-07-10
FileHash-SHA1	1a112352b29beb301569db5aa3a68ba25444ca40	—	2024-07-10
FileHash-SHA1	1d037180c68a2ec137072eca680a606d7371d0ff	—	2024-07-10
FileHash-SHA1	241d2b9fdb8574575a9f2f3bc2961e0ed55a0492	—	2024-07-10
FileHash-SHA1	262a18976fa412c22b37c726e74b9e3032da5d86	—	2024-07-10
FileHash-SHA1	295eb9c2a473ff1538326db149b35e04008ea596	—	2024-07-10
FileHash-SHA1	323af4cac603074f692985844d01cb26c86f3522	—	2024-07-10
FileHash-SHA1	4812625252165982da23875c469666425ce4866e	—	2024-07-10
FileHash-SHA1	49d95a7cc045171acbf7512585b0b985f2853e60	—	2024-07-10
FileHash-SHA1	568a3145a417a581ba1a598bfc32532f3f7b1389	—	2024-07-10
FileHash-SHA1	5bb8e9ed257652a014d886b22d2813b5c91e4b2d	—	2024-07-10
FileHash-SHA1	6a8f24a31de20027a9f4ba5b6adf9e661edf7480	—	2024-07-10
FileHash-SHA1	6ce51b3292808cb2eb799765ed38473ab99e6b80	—	2024-07-10
FileHash-SHA1	6d0f2e87292b7c030e95eb7835e8cc5c3841ada3	—	2024-07-10
FileHash-SHA1	765923456afd71ec15a2b9c6cfbffb043bc1e5ef	—	2024-07-10
FileHash-SHA1	76a60f60240e89d7d2c2546f8f88e6909b13cb3b	—	2024-07-10
FileHash-SHA1	7748abc3eb9af0cfce0572ad7bed3ff06f952a6d	—	2024-07-10
FileHash-SHA1	775ce50b7f006437298dcdd57683f60292ce9a32	—	2024-07-10
FileHash-SHA1	776ac3ff6c2a03cf2a34643baec5d2acc5b453d2	—	2024-07-10
FileHash-SHA1	7d870123308a441ddcdd98322298df01476a4ed3	—	2024-07-10
FileHash-SHA1	80b18e38a2ab147e66985767a5b79dda0cdc920f	—	2024-07-10
FileHash-SHA1	8837178f21e0948850ce4c5ba4f5a1779ea0e858	—	2024-07-10
FileHash-SHA1	8f54ccc1f2256516d146e2e709d75e949fdf6695	—	2024-07-10
FileHash-SHA1	932465c82e28ebb3b3959567340f157d3aaf83b2	—	2024-07-10
FileHash-SHA1	942d9edeada9547014c163120429831d126d9747	—	2024-07-10
FileHash-SHA1	973124cd723f1d7d6b94a59f97dfa7fb5020c4ea	—	2024-07-10
FileHash-SHA1	984c74fcf8bb3a60ea950000193b36d07f702c4c	—	2024-07-10
FileHash-SHA1	9ac45907fafefd800d3f8bcc3829a6d64d29c488	—	2024-07-10
FileHash-SHA1	9b4ee2ec7c44ad294b083afbba283a7ca8f200f9	—	2024-07-10
FileHash-SHA1	9dd39d2c4def476e987e77f6593e7b6feff86dda	—	2024-07-10
FileHash-SHA1	9dd6485f1d25bc3f9d6858b9f3b3707cf0901660	—	2024-07-10
FileHash-SHA1	9e3853f0ab22f3de04ff7763610ebb4a3a1e6aff	—	2024-07-10
FileHash-SHA1	a2e55e3699e86ecaa4114aca86e91031f7ad68dc	—	2024-07-10
FileHash-SHA1	adad70901e50be0d5bae17f493bf4b1565cb6113	—	2024-07-10
FileHash-SHA1	b497ec56e8a3237457868c0b3760712f41211307	—	2024-07-10
FileHash-SHA1	b605d04601280a904de71581901479d7c2b34bf5	—	2024-07-10
FileHash-SHA1	b6e45d958e870ee770284578a761df9628c2ed36	—	2024-07-10
FileHash-SHA1	b8a9479f9031b7106915d40a0a1ec733e192be0a	—	2024-07-10
FileHash-SHA1	bed38e377263954e5948193ccd55e8ba59e5372a	—	2024-07-10
FileHash-SHA1	c39bfe69da4f01c1fdee76bcab255f78953c944a	—	2024-07-10
FileHash-SHA1	c3f51e15b43b521d2e68efd353849ebd03e937ee	—	2024-07-10
FileHash-SHA1	cb5b0c2f596d5e8f62d5c9ed07e1f18260acdf03	—	2024-07-10
FileHash-SHA1	decbf9e9b2893379710687b8db4baac25553e9d7	—	2024-07-10
FileHash-SHA1	e961421fdc72cd6abe737ed3d9db5ed5cb311ec4	—	2024-07-10
FileHash-SHA1	f9737d2ada4de632e0213d09fd90d329113918f1	—	2024-07-10
FileHash-SHA256	03b11a7319a44c8848d239b8ce49ebb43ebe90dfb9927771a2258bbe3d0e655e	—	2024-07-10
FileHash-SHA256	05406c5e034be68b6514fc3ae1b31f603ec7d1865963fe0716ed48605af0fd98	—	2024-07-10
FileHash-SHA256	0576a15f1331d220336163510cc71deb37d1ae0b57ff6ad661c5e547086b57e2	—	2024-07-10
FileHash-SHA256	1304a1ec426aa4d39c255aef059bc5b2cb9fef096cd6d136c63ddf8a3b936b96	—	2024-07-10
FileHash-SHA256	14f5ef72472f64edee2e852d1c677ad4f61b780c3ac93649835c4cc30f5c5b2f	—	2024-07-10
FileHash-SHA256	164cabc6b731b2420df8a0fa8e4a2590e45cc027d9cf72ccc74252383ec0f65b	—	2024-07-10
FileHash-SHA256	1dbce4f525f428cfce626726209ca973f2fdb93cd905a94a1bc538f75e0a16ca	—	2024-07-10
FileHash-SHA256	1fd5a9570a894c751610c1b49b2f2f00c0c618d365be14a4980f1266a3772c90	—	2024-07-10
FileHash-SHA256	20a77d76f250b75309e8ccaf1470d9729dc99b95168085ff30b1e46be6ce2138	—	2024-07-10
FileHash-SHA256	2a82f3e9fc83a6e14c8ff13ed5d450580235981958a7bd262c7ea597e1c94078	—	2024-07-10
FileHash-SHA256	2bcfbb053ec4936bded589848b8429cd37b0a7bf5bf85e5e3ace494f4512bfa9	—	2024-07-10
FileHash-SHA256	2e4d3cf89636072438deb7e690ea376e8433c5dc59d8befedc0f5b79ea9a6b7d	—	2024-07-10
FileHash-SHA256	2ef38ea449b172cef5e1015bc4b5e37de8ece7d4be087b6bdded5a992493e7aa	—	2024-07-10
FileHash-SHA256	382031a229aad519f8d243923e504e8dedf0106f4ce274ab9640ce55542b962d	—	2024-07-10
FileHash-SHA256	3b8672b2cd5c53f3f4e823ed3873d930b5786a05cc7f2d49b07cb5bda21d933e	—	2024-07-10
FileHash-SHA256	3bced24274a35cd08a3698e32623a14a319fbb60f4f9a950d41834710393c32f	—	2024-07-10
FileHash-SHA256	3d3cef0a4b5c9d56790dbb8c8ac838d42caac2171f5435495682a51c45160bc3	—	2024-07-10
FileHash-SHA256	4c88348d1ef0ff6857f48761ac82d8455661849b34e4f4a6bc07a765818361a3	—	2024-07-10
FileHash-SHA256	5170542754aaa8a8585e4d7c12f77deb7fc0cb24ec6626d53e3fa9997e303e77	—	2024-07-10
FileHash-SHA256	5f31759d1ac833df5b990b436dabb88cf3e85ba7495440a62364723bc8490907	—	2024-07-10
FileHash-SHA256	6a69e0ebb331aa21614ccc0c4028b5cde242f0710300fe7b441b2017c71a8e16	—	2024-07-10
FileHash-SHA256	6e463e3aafb12ec1fd7ff347038b3df15a93b3b2c506c9d670498b0937d6dce7	—	2024-07-10
FileHash-SHA256	702db5ce9f9ce7af433146796263c795dfdf065b10e914bc54fd23af5d33e793	—	2024-07-10
FileHash-SHA256	7930b4271172eb69e63349282bfe62a111a6e0a8bc8b23ae8729ab6be006ecf5	—	2024-07-10
FileHash-SHA256	7a79bb8b4c55f11b463efee0c8cbfaf24c85daac04b67f4f4c25f6851dda57df	—	2024-07-10
FileHash-SHA256	7da756b08230bd426defeaea35588b899057228ac19f3a21625582038e405c76	—	2024-07-10
FileHash-SHA256	892a92ce83ed1c9e67c8f7ab0120d1f28e1dfd3a93146da3fde6e9226e22222b	—	2024-07-10
FileHash-SHA256	8b7e5a040f0e468eb540211a3ac73dadd6628177dc09eaff06bfbce10c6eeab9	—	2024-07-10
FileHash-SHA256	8e379068eb7e9f9e5635531526dacdc03bf505e67775dd186edba27b33a93805	—	2024-07-10
FileHash-SHA256	90e6c0aed978271769f4fface9a27edbb8d72cd463cfd57b443710aa703a1f98	—	2024-07-10
FileHash-SHA256	92d65e200d729beac212563a7559fbdc657a4832d462e02dab4d937b5571983c	—	2024-07-10
FileHash-SHA256	950bdf0842e513180c42ab3809e57c0779456c51a53e41ce8e833ed36880230e	—	2024-07-10
FileHash-SHA256	a5eff95e877e7e5e1b8a57e3169cb6f545ae353ed1908840dabb9554ff001500	—	2024-07-10
FileHash-SHA256	ab90f80eee37e16cb3c94f524e2fde3fe13669386512ea36b4ad6ac4d9fbf773	—	2024-07-10
FileHash-SHA256	ae9df2b98a9e5561c749cc96a4e24f9d5bb0451889a3924fd7ed73436466495f	—	2024-07-10
FileHash-SHA256	af8018b310bf030f6feca0f6f23d3e65f8926114d7cd493573badae24f5da0d1	—	2024-07-10
FileHash-SHA256	b2193cb3f8bd13c8a5769d5ce499a36b9c44e2eb2800bcdf22320525beaf9586	—	2024-07-10
FileHash-SHA256	ba629f7ee519379f1a5a8a4683ee9a48d1b0996268bfaf1162e4bf0f2b792b77	—	2024-07-10
FileHash-SHA256	bbad7c6e8f0d7ae94941257e7ece4d2b144aad56e25760c8876b808f3e8420e6	—	2024-07-10
FileHash-SHA256	bf9fc94905d75ccf3640d35899d533e50c7ba8bdce396443ae2d0507657a9e81	—	2024-07-10
FileHash-SHA256	c2f97483f8a5a96fa39e8bd3d3458093ac527a8c8efd662e838d95a9bc2354fb	—	2024-07-10
FileHash-SHA256	c3b30120feef022d552f85b780d4c988ee82bc07e6b5948db5d32e59d44fa704	—	2024-07-10
FileHash-SHA256	d79d130aa4f0b207e741909c45be613a1e3720cb82a0578012cc508c28da6bad	—	2024-07-10
FileHash-SHA256	e360674d2abf0bea085d01bc3595e19efb3ac061ab8090a32d0c579c621c46f6	—	2024-07-10
FileHash-SHA256	e4a91db9e43655931fd3926ec00dbe8a063fbe0d3f0af7d902fd3b9d8281fb3d	—	2024-07-10
FileHash-SHA256	ebdce7eae3a77ed05ed6279c46a8be8c560085f82ce0f9e4de0ad8c700c16fc4	—	2024-07-10
FileHash-SHA256	f7878a67c6de2ff26c79ab890e4a60b76c67a7583c6a24bd96cd93a5f4a0e0aa	—	2024-07-10
URL	http://360mediashare.com/1/command.php	—	2024-07-10
URL	http://360mediashare.com/2/command.php	—	2024-07-10
URL	http://360mediashare.com/2/command.php.	—	2024-07-10
URL	http://91.246.41.200:5554	—	2024-07-10
URL	http://91.246.41.200:56001	—	2024-07-10
URL	http://91.246.41.200:56002	—	2024-07-10
URL	http://91.246.41.200:56003	—	2024-07-10
URL	http://91.246.41.200:58001	—	2024-07-10
URL	http://91.246.41.200:58002	—	2024-07-10
URL	http://91.246.41.200:58003	—	2024-07-10
URL	http://91.246.41.200:7702	—	2024-07-10
URL	http://vip23newtop.fun/framework/.	—	2024-07-10
URL	https://bussines-raff.fun/22012024BUILD.exe	—	2024-07-10
URL	https://bussines-raff.fun/BLD.exe	—	2024-07-10
URL	https://bussines-raff.fun/MetaKript.exe	—	2024-07-10
URL	https://doc-1c.fun/panel/uploads/Hnxuy.vdf	—	2024-07-10
URL	https://doc2024.ru/2024bldrms.exe	—	2024-07-10
URL	https://downlod-bussines.ru/koriya_akt_upd_1C.PDF.rar	—	2024-07-10
URL	https://downlod-bussines.ru/panel/uploads/Yppohxqf.vdf	—	2024-07-10
URL	https://saitraif.ru/22012024BUILD.exe	—	2024-07-10
URL	https://saitraif.ru/panel/uploads/Ahjhcuubue.mp3	—	2024-07-10
URL	https://saitraif.ru/panel/uploads/Asvchn.wav	—	2024-07-10
URL	https://saitraif.ru/panel/uploads/Awrxzkoc.mp3	—	2024-07-10
URL	https://saitraif.ru/panel/uploads/Hyfhtwkc.mp3	—	2024-07-10
URL	https://saitraif.ru/panel/uploads/Kjpdz.mp4	—	2024-07-10
URL	https://saitraif.ru/panel/uploads/Lexhwif.pdf	—	2024-07-10
URL	https://saitraif.ru/panel/uploads/Qxudsj.mp4	—	2024-07-10
URL	https://saitraif.ru/panel/uploads/Qzvldxefss.mp4	—	2024-07-10
URL	https://saitraif.ru/panel/uploads/Xkwjbhibh.dat	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Awdiaz.pdf	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Cvevg.mp3	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Dscxqvi.mp4	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Dzyhmzjdtpz.wav	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Fhzcvdiuu.wav	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Fxeiroo.mp3	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Ljncj.dat	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Nsvozql.mp4	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Oguqs.mp4	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Qydultut.dat	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Seancczvbv.wav	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Tvmjmv.mp4	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Vfqegoe.dat	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Vgnaahn.mp3	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Wfbitmtjlzd.dat	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Wllyqo.mp4	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Xzkxso.mp3	—	2024-07-10
URL	https://sk-krona.fun/panel/uploads/Zofrj.dat	—	2024-07-10
URL	https://trianglimsk.ru/_Release.exe	—	2024-07-10
URL	https://trianglimsk.ru/optata.rar.	—	2024-07-10
URL	https://web-whatsap.online/kopiya_skrinchot_1C.pdf.rar	—	2024-07-10
URL	https://xak.guru/threads/23230/	—	2024-07-10
domain	047856232.com	—	2024-07-10
domain	360mediashare.com	—	2024-07-10
domain	98347r483df2grg5tg.com	—	2024-07-10
domain	bussines-raff.fun	—	2024-07-10
domain	doc-1c.fun	—	2024-07-10
domain	doc2024.ru	—	2024-07-10
domain	downlod-bussines.ru	—	2024-07-10
domain	liveupdate.online	—	2024-07-10
domain	msupdate.icu	—	2024-07-10
domain	mts2015stm.ru	—	2024-07-10
domain	natgeo.pro	—	2024-07-10
domain	office360.icu	—	2024-07-10
domain	office360share.com	—	2024-07-10
domain	prologic.su	—	2024-07-10
domain	saitraif.ru	—	2024-07-10
domain	sk-krona.fun	—	2024-07-10
domain	trianglimsk.ru	—	2024-07-10
domain	vip22gr.ru	—	2024-07-10
domain	vip23newtop.fun	—	2024-07-10
domain	windowsactivate.link	—	2024-07-10
domain	xaker.name	—	2024-07-10
email	mrburns@exploit.im	—	2024-07-10
email	sonofabitch@ua.fm	—	2024-07-10
hostname	1c.pdf.com	—	2024-07-10
hostname	2024.pdf.com	—	2024-07-10
hostname	doc20032024.pdf.com	—	2024-07-10
hostname	oplata.pdf.com	—	2024-07-10

References (1)

↗ https://www.facct.ru/blog/vasygrek-and-mr-burns/