Pulse Detail — Threat Intelligence

PULSE NAME

VayGren and Mr.Burns: Strong Ties in Finance

WHITE VasyGrek AlienVault 2024-07-10 Modified: 2024-08-09

223

IOCs

HIGH VOLUME

F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given, as well as a description of the current version of the BurnsRAT malware, sold on forums and used in attacks on Russian companies.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1113 T1033 T1036.005 T1204.002 T1573.001 T1543.003 T1497.001 T1566.002 T1566.001 T1574.001 T1082 T1005 T1219 T1555.003 T1217 T1083 T1036.004 T1055.002 T1552.001 T1041 T1547.001 T1574 T1571 T1095 T1518.001 T1059.003 T1070.004 T1027.002 T1071.001 T1105 T1569.002

MALWARE FAMILIES

BurnsRAT PureCrypter PureLogs MetaStealer WarzoneRAT - S0670 Ave Maria RedLine Stealer RMS TeamViewer

Indicators of Compromise (49 / 223 total)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	02af288ea97c1f2c5cda007556541865614f9651	—	2024-07-10
FileHash-SHA1	03738a14c114e3943e71d759370d3cf101d3b0be	—	2024-07-10
FileHash-SHA1	0f33cd7f5590b21cbee1903b6d7bf23116b10e4b	—	2024-07-10
FileHash-SHA1	1244a28c79de7b7c7397f5528ca61bb70063616c	—	2024-07-10
FileHash-SHA1	170936e8bb0416bb981203120fd1cbdf52dc895e	—	2024-07-10
FileHash-SHA1	1a112352b29beb301569db5aa3a68ba25444ca40	—	2024-07-10
FileHash-SHA1	1d037180c68a2ec137072eca680a606d7371d0ff	—	2024-07-10
FileHash-SHA1	241d2b9fdb8574575a9f2f3bc2961e0ed55a0492	—	2024-07-10
FileHash-SHA1	262a18976fa412c22b37c726e74b9e3032da5d86	—	2024-07-10
FileHash-SHA1	295eb9c2a473ff1538326db149b35e04008ea596	—	2024-07-10
FileHash-SHA1	323af4cac603074f692985844d01cb26c86f3522	—	2024-07-10
FileHash-SHA1	4812625252165982da23875c469666425ce4866e	—	2024-07-10
FileHash-SHA1	49d95a7cc045171acbf7512585b0b985f2853e60	—	2024-07-10
FileHash-SHA1	568a3145a417a581ba1a598bfc32532f3f7b1389	—	2024-07-10
FileHash-SHA1	5bb8e9ed257652a014d886b22d2813b5c91e4b2d	—	2024-07-10
FileHash-SHA1	6a8f24a31de20027a9f4ba5b6adf9e661edf7480	—	2024-07-10
FileHash-SHA1	6ce51b3292808cb2eb799765ed38473ab99e6b80	—	2024-07-10
FileHash-SHA1	6d0f2e87292b7c030e95eb7835e8cc5c3841ada3	—	2024-07-10
FileHash-SHA1	765923456afd71ec15a2b9c6cfbffb043bc1e5ef	—	2024-07-10
FileHash-SHA1	76a60f60240e89d7d2c2546f8f88e6909b13cb3b	—	2024-07-10
FileHash-SHA1	7748abc3eb9af0cfce0572ad7bed3ff06f952a6d	—	2024-07-10
FileHash-SHA1	775ce50b7f006437298dcdd57683f60292ce9a32	—	2024-07-10
FileHash-SHA1	776ac3ff6c2a03cf2a34643baec5d2acc5b453d2	—	2024-07-10
FileHash-SHA1	7d870123308a441ddcdd98322298df01476a4ed3	—	2024-07-10
FileHash-SHA1	80b18e38a2ab147e66985767a5b79dda0cdc920f	—	2024-07-10
FileHash-SHA1	8837178f21e0948850ce4c5ba4f5a1779ea0e858	—	2024-07-10
FileHash-SHA1	8f54ccc1f2256516d146e2e709d75e949fdf6695	—	2024-07-10
FileHash-SHA1	932465c82e28ebb3b3959567340f157d3aaf83b2	—	2024-07-10
FileHash-SHA1	942d9edeada9547014c163120429831d126d9747	—	2024-07-10
FileHash-SHA1	973124cd723f1d7d6b94a59f97dfa7fb5020c4ea	—	2024-07-10
FileHash-SHA1	984c74fcf8bb3a60ea950000193b36d07f702c4c	—	2024-07-10
FileHash-SHA1	9ac45907fafefd800d3f8bcc3829a6d64d29c488	—	2024-07-10
FileHash-SHA1	9b4ee2ec7c44ad294b083afbba283a7ca8f200f9	—	2024-07-10
FileHash-SHA1	9dd39d2c4def476e987e77f6593e7b6feff86dda	—	2024-07-10
FileHash-SHA1	9dd6485f1d25bc3f9d6858b9f3b3707cf0901660	—	2024-07-10
FileHash-SHA1	9e3853f0ab22f3de04ff7763610ebb4a3a1e6aff	—	2024-07-10
FileHash-SHA1	a2e55e3699e86ecaa4114aca86e91031f7ad68dc	—	2024-07-10
FileHash-SHA1	adad70901e50be0d5bae17f493bf4b1565cb6113	—	2024-07-10
FileHash-SHA1	b497ec56e8a3237457868c0b3760712f41211307	—	2024-07-10
FileHash-SHA1	b605d04601280a904de71581901479d7c2b34bf5	—	2024-07-10
FileHash-SHA1	b6e45d958e870ee770284578a761df9628c2ed36	—	2024-07-10
FileHash-SHA1	b8a9479f9031b7106915d40a0a1ec733e192be0a	—	2024-07-10
FileHash-SHA1	bed38e377263954e5948193ccd55e8ba59e5372a	—	2024-07-10
FileHash-SHA1	c39bfe69da4f01c1fdee76bcab255f78953c944a	—	2024-07-10
FileHash-SHA1	c3f51e15b43b521d2e68efd353849ebd03e937ee	—	2024-07-10
FileHash-SHA1	cb5b0c2f596d5e8f62d5c9ed07e1f18260acdf03	—	2024-07-10
FileHash-SHA1	decbf9e9b2893379710687b8db4baac25553e9d7	—	2024-07-10
FileHash-SHA1	e961421fdc72cd6abe737ed3d9db5ed5cb311ec4	—	2024-07-10
FileHash-SHA1	f9737d2ada4de632e0213d09fd90d329113918f1	—	2024-07-10

References (1)

↗ https://www.facct.ru/blog/vasygrek-and-mr-burns/