Pulse Detail — Threat Intelligence

PULSE NAME

VayGren and Mr.Burns: Strong Ties in Finance

WHITE VasyGrek AlienVault 2024-07-10 Modified: 2024-08-09

223

IOCs

HIGH VOLUME

F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given, as well as a description of the current version of the BurnsRAT malware, sold on forums and used in attacks on Russian companies.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1113 T1033 T1036.005 T1204.002 T1573.001 T1543.003 T1497.001 T1566.002 T1566.001 T1574.001 T1082 T1005 T1219 T1555.003 T1217 T1083 T1036.004 T1055.002 T1552.001 T1041 T1547.001 T1574 T1571 T1095 T1518.001 T1059.003 T1070.004 T1027.002 T1071.001 T1105 T1569.002

MALWARE FAMILIES

BurnsRAT PureCrypter PureLogs MetaStealer WarzoneRAT - S0670 Ave Maria RedLine Stealer RMS TeamViewer

Indicators of Compromise (47 / 223 total)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	03b11a7319a44c8848d239b8ce49ebb43ebe90dfb9927771a2258bbe3d0e655e	—	2024-07-10
FileHash-SHA256	05406c5e034be68b6514fc3ae1b31f603ec7d1865963fe0716ed48605af0fd98	—	2024-07-10
FileHash-SHA256	0576a15f1331d220336163510cc71deb37d1ae0b57ff6ad661c5e547086b57e2	—	2024-07-10
FileHash-SHA256	1304a1ec426aa4d39c255aef059bc5b2cb9fef096cd6d136c63ddf8a3b936b96	—	2024-07-10
FileHash-SHA256	14f5ef72472f64edee2e852d1c677ad4f61b780c3ac93649835c4cc30f5c5b2f	—	2024-07-10
FileHash-SHA256	164cabc6b731b2420df8a0fa8e4a2590e45cc027d9cf72ccc74252383ec0f65b	—	2024-07-10
FileHash-SHA256	1dbce4f525f428cfce626726209ca973f2fdb93cd905a94a1bc538f75e0a16ca	—	2024-07-10
FileHash-SHA256	1fd5a9570a894c751610c1b49b2f2f00c0c618d365be14a4980f1266a3772c90	—	2024-07-10
FileHash-SHA256	20a77d76f250b75309e8ccaf1470d9729dc99b95168085ff30b1e46be6ce2138	—	2024-07-10
FileHash-SHA256	2a82f3e9fc83a6e14c8ff13ed5d450580235981958a7bd262c7ea597e1c94078	—	2024-07-10
FileHash-SHA256	2bcfbb053ec4936bded589848b8429cd37b0a7bf5bf85e5e3ace494f4512bfa9	—	2024-07-10
FileHash-SHA256	2e4d3cf89636072438deb7e690ea376e8433c5dc59d8befedc0f5b79ea9a6b7d	—	2024-07-10
FileHash-SHA256	2ef38ea449b172cef5e1015bc4b5e37de8ece7d4be087b6bdded5a992493e7aa	—	2024-07-10
FileHash-SHA256	382031a229aad519f8d243923e504e8dedf0106f4ce274ab9640ce55542b962d	—	2024-07-10
FileHash-SHA256	3b8672b2cd5c53f3f4e823ed3873d930b5786a05cc7f2d49b07cb5bda21d933e	—	2024-07-10
FileHash-SHA256	3bced24274a35cd08a3698e32623a14a319fbb60f4f9a950d41834710393c32f	—	2024-07-10
FileHash-SHA256	3d3cef0a4b5c9d56790dbb8c8ac838d42caac2171f5435495682a51c45160bc3	—	2024-07-10
FileHash-SHA256	4c88348d1ef0ff6857f48761ac82d8455661849b34e4f4a6bc07a765818361a3	—	2024-07-10
FileHash-SHA256	5170542754aaa8a8585e4d7c12f77deb7fc0cb24ec6626d53e3fa9997e303e77	—	2024-07-10
FileHash-SHA256	5f31759d1ac833df5b990b436dabb88cf3e85ba7495440a62364723bc8490907	—	2024-07-10
FileHash-SHA256	6a69e0ebb331aa21614ccc0c4028b5cde242f0710300fe7b441b2017c71a8e16	—	2024-07-10
FileHash-SHA256	6e463e3aafb12ec1fd7ff347038b3df15a93b3b2c506c9d670498b0937d6dce7	—	2024-07-10
FileHash-SHA256	702db5ce9f9ce7af433146796263c795dfdf065b10e914bc54fd23af5d33e793	—	2024-07-10
FileHash-SHA256	7930b4271172eb69e63349282bfe62a111a6e0a8bc8b23ae8729ab6be006ecf5	—	2024-07-10
FileHash-SHA256	7a79bb8b4c55f11b463efee0c8cbfaf24c85daac04b67f4f4c25f6851dda57df	—	2024-07-10
FileHash-SHA256	7da756b08230bd426defeaea35588b899057228ac19f3a21625582038e405c76	—	2024-07-10
FileHash-SHA256	892a92ce83ed1c9e67c8f7ab0120d1f28e1dfd3a93146da3fde6e9226e22222b	—	2024-07-10
FileHash-SHA256	8b7e5a040f0e468eb540211a3ac73dadd6628177dc09eaff06bfbce10c6eeab9	—	2024-07-10
FileHash-SHA256	8e379068eb7e9f9e5635531526dacdc03bf505e67775dd186edba27b33a93805	—	2024-07-10
FileHash-SHA256	90e6c0aed978271769f4fface9a27edbb8d72cd463cfd57b443710aa703a1f98	—	2024-07-10
FileHash-SHA256	92d65e200d729beac212563a7559fbdc657a4832d462e02dab4d937b5571983c	—	2024-07-10
FileHash-SHA256	950bdf0842e513180c42ab3809e57c0779456c51a53e41ce8e833ed36880230e	—	2024-07-10
FileHash-SHA256	a5eff95e877e7e5e1b8a57e3169cb6f545ae353ed1908840dabb9554ff001500	—	2024-07-10
FileHash-SHA256	ab90f80eee37e16cb3c94f524e2fde3fe13669386512ea36b4ad6ac4d9fbf773	—	2024-07-10
FileHash-SHA256	ae9df2b98a9e5561c749cc96a4e24f9d5bb0451889a3924fd7ed73436466495f	—	2024-07-10
FileHash-SHA256	af8018b310bf030f6feca0f6f23d3e65f8926114d7cd493573badae24f5da0d1	—	2024-07-10
FileHash-SHA256	b2193cb3f8bd13c8a5769d5ce499a36b9c44e2eb2800bcdf22320525beaf9586	—	2024-07-10
FileHash-SHA256	ba629f7ee519379f1a5a8a4683ee9a48d1b0996268bfaf1162e4bf0f2b792b77	—	2024-07-10
FileHash-SHA256	bbad7c6e8f0d7ae94941257e7ece4d2b144aad56e25760c8876b808f3e8420e6	—	2024-07-10
FileHash-SHA256	bf9fc94905d75ccf3640d35899d533e50c7ba8bdce396443ae2d0507657a9e81	—	2024-07-10
FileHash-SHA256	c2f97483f8a5a96fa39e8bd3d3458093ac527a8c8efd662e838d95a9bc2354fb	—	2024-07-10
FileHash-SHA256	c3b30120feef022d552f85b780d4c988ee82bc07e6b5948db5d32e59d44fa704	—	2024-07-10
FileHash-SHA256	d79d130aa4f0b207e741909c45be613a1e3720cb82a0578012cc508c28da6bad	—	2024-07-10
FileHash-SHA256	e360674d2abf0bea085d01bc3595e19efb3ac061ab8090a32d0c579c621c46f6	—	2024-07-10
FileHash-SHA256	e4a91db9e43655931fd3926ec00dbe8a063fbe0d3f0af7d902fd3b9d8281fb3d	—	2024-07-10
FileHash-SHA256	ebdce7eae3a77ed05ed6279c46a8be8c560085f82ce0f9e4de0ad8c700c16fc4	—	2024-07-10
FileHash-SHA256	f7878a67c6de2ff26c79ab890e4a60b76c67a7583c6a24bd96cd93a5f4a0e0aa	—	2024-07-10

References (1)

↗ https://www.facct.ru/blog/vasygrek-and-mr-burns/