Pulse Detail — Threat Intelligence

PULSE NAME

VayGren and Mr.Burns: Strong Ties in Finance

WHITE VasyGrek AlienVault 2024-07-10 Modified: 2024-08-09

223

IOCs

HIGH VOLUME

F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given, as well as a description of the current version of the BurnsRAT malware, sold on forums and used in attacks on Russian companies.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1113 T1033 T1036.005 T1204.002 T1573.001 T1543.003 T1497.001 T1566.002 T1566.001 T1574.001 T1082 T1005 T1219 T1555.003 T1217 T1083 T1036.004 T1055.002 T1552.001 T1041 T1547.001 T1574 T1571 T1095 T1518.001 T1059.003 T1070.004 T1027.002 T1071.001 T1105 T1569.002

MALWARE FAMILIES

BurnsRAT PureCrypter PureLogs MetaStealer WarzoneRAT - S0670 Ave Maria RedLine Stealer RMS TeamViewer

Indicators of Compromise (47 / 223 total)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	0496ec9393b9228f1cf3439046309cf0	—	2024-07-10
FileHash-MD5	1025ca24a5aee6ae898adf31ac936f82	—	2024-07-10
FileHash-MD5	18851fd2d0d031743f6bf27201e8a914	—	2024-07-10
FileHash-MD5	2302efee7f01875df7afa6b03301b93e	—	2024-07-10
FileHash-MD5	2369d0794f9187a3e26d96cba5efad87	—	2024-07-10
FileHash-MD5	2408a9f118f416e0afafa0a087c13919	—	2024-07-10
FileHash-MD5	2590bce206b06ca1fa45cc216eb8f6b0	—	2024-07-10
FileHash-MD5	2c49f46aceb1c8b62f8c47711b381f5c	—	2024-07-10
FileHash-MD5	39560b75207987740cff07366cc0a065	—	2024-07-10
FileHash-MD5	396457dacbfd2a64e92e331fc0fdf668	—	2024-07-10
FileHash-MD5	41d7820cf6e3b3ce7596d3be4288342f	—	2024-07-10
FileHash-MD5	443c21697f08a23157486b8492dfb44b	—	2024-07-10
FileHash-MD5	47fe2868fa59d70b1c615b46f02e27a0	—	2024-07-10
FileHash-MD5	4c3fbe8680b7884411a9309fd5f83041	—	2024-07-10
FileHash-MD5	4e0ef11e1d050f98ee93a7d06ea870e0	—	2024-07-10
FileHash-MD5	59c026895ad8330163a201e537687dec	—	2024-07-10
FileHash-MD5	5c6f7f172b6f04ab797fd8747149a434	—	2024-07-10
FileHash-MD5	6108c4dfc40c5059db5851144367ada3	—	2024-07-10
FileHash-MD5	61a4082007b8319b8b747a3a7ddd447b	—	2024-07-10
FileHash-MD5	62405fd0301bff88cc14af75572c92c4	—	2024-07-10
FileHash-MD5	674a9b5e930b050364b04b8a5a1c3698	—	2024-07-10
FileHash-MD5	68eb514040a2e8de71c3baeda73a532a	—	2024-07-10
FileHash-MD5	6ccc365c4292f53b65325a9b72fd29b6	—	2024-07-10
FileHash-MD5	6e3328ba891a8325e2ff4e7af7bfc609	—	2024-07-10
FileHash-MD5	6fdc656c8bcfe6f4658b3fa3216ab9d2	—	2024-07-10
FileHash-MD5	795e591f905ffb771eea7118407e823a	—	2024-07-10
FileHash-MD5	7bdaafec94c18e94c67629a8617167b4	—	2024-07-10
FileHash-MD5	7d387e6c53133c0685ea924d384a275d	—	2024-07-10
FileHash-MD5	81b461acf35d806e837998e03f998411	—	2024-07-10
FileHash-MD5	822d07d8923b178ccc860507241a27e0	—	2024-07-10
FileHash-MD5	92e369d9f73725dc37120c07aaa2266e	—	2024-07-10
FileHash-MD5	a0cdd68d18c64290d15b212d2d97d2c7	—	2024-07-10
FileHash-MD5	abb08e75460981a042d68990b90416e6	—	2024-07-10
FileHash-MD5	ad2d13ce6ad39c20cd75864f0a7afe2c	—	2024-07-10
FileHash-MD5	aec2bf913aa709a117324629aa61a06f	—	2024-07-10
FileHash-MD5	b17b57f48e086e4b42788500378439b9	—	2024-07-10
FileHash-MD5	b29a40737e23a194b02f26cca6676d6e	—	2024-07-10
FileHash-MD5	b4a9522a14bf3dcfbccaa46ec30bdc04	—	2024-07-10
FileHash-MD5	b6c680597e614011b43f2f038d6a5c63	—	2024-07-10
FileHash-MD5	b7caee106dd0930f0d8997847ac20752	—	2024-07-10
FileHash-MD5	b91a1ac8f85543ff0aeb329e639ebfba	—	2024-07-10
FileHash-MD5	beb42f19b0176e111f76e4d7d8afa57e	—	2024-07-10
FileHash-MD5	cb66d957827558cf1da14a7b1540be18	—	2024-07-10
FileHash-MD5	cd4c9b1f46e779b910cdccc3abbc5926	—	2024-07-10
FileHash-MD5	e29390d236e45d2eff2511d5cc945848	—	2024-07-10
FileHash-MD5	f75f4caba62e00381830e0f868737eac	—	2024-07-10
FileHash-MD5	fc8e27119efd36aa6c0b392ec24c2330	—	2024-07-10

References (1)

↗ https://www.facct.ru/blog/vasygrek-and-mr-burns/