← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
VayGren and Mr.Burns: Strong Ties in Finance
WHITE VasyGrek AlienVault 2024-07-10 Modified: 2024-08-09
223
IOCs
HIGH VOLUME
F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given, as well as a description of the current version of the BurnsRAT malware, sold on forums and used in attacks on Russian companies.
purecryptermetastealerpurelogsburnsratteamviewerave mariawarzoneratredline stealer
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
BurnsRAT PureCrypter PureLogs MetaStealer WarzoneRAT - S0670 Ave Maria RedLine Stealer RMS TeamViewer
Indicators of Compromise (53 / 223 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://sk-krona.fun/panel/uploads/Etqslnpm.mp4 2024-07-10
URL http://vip22gr.ru/framework/ 2024-07-10
URL http://360mediashare.com/1/command.php 2024-07-10
URL http://360mediashare.com/2/command.php 2024-07-10
URL http://360mediashare.com/2/command.php. 2024-07-10
URL http://91.246.41.200:5554 2024-07-10
URL http://91.246.41.200:56001 2024-07-10
URL http://91.246.41.200:56002 2024-07-10
URL http://91.246.41.200:56003 2024-07-10
URL http://91.246.41.200:58001 2024-07-10
URL http://91.246.41.200:58002 2024-07-10
URL http://91.246.41.200:58003 2024-07-10
URL http://91.246.41.200:7702 2024-07-10
URL http://vip23newtop.fun/framework/. 2024-07-10
URL https://bussines-raff.fun/22012024BUILD.exe 2024-07-10
URL https://bussines-raff.fun/BLD.exe 2024-07-10
URL https://bussines-raff.fun/MetaKript.exe 2024-07-10
URL https://doc-1c.fun/panel/uploads/Hnxuy.vdf 2024-07-10
URL https://doc2024.ru/2024bldrms.exe 2024-07-10
URL https://downlod-bussines.ru/koriya_akt_upd_1C.PDF.rar 2024-07-10
URL https://downlod-bussines.ru/panel/uploads/Yppohxqf.vdf 2024-07-10
URL https://saitraif.ru/22012024BUILD.exe 2024-07-10
URL https://saitraif.ru/panel/uploads/Ahjhcuubue.mp3 2024-07-10
URL https://saitraif.ru/panel/uploads/Asvchn.wav 2024-07-10
URL https://saitraif.ru/panel/uploads/Awrxzkoc.mp3 2024-07-10
URL https://saitraif.ru/panel/uploads/Hyfhtwkc.mp3 2024-07-10
URL https://saitraif.ru/panel/uploads/Kjpdz.mp4 2024-07-10
URL https://saitraif.ru/panel/uploads/Lexhwif.pdf 2024-07-10
URL https://saitraif.ru/panel/uploads/Qxudsj.mp4 2024-07-10
URL https://saitraif.ru/panel/uploads/Qzvldxefss.mp4 2024-07-10
URL https://saitraif.ru/panel/uploads/Xkwjbhibh.dat 2024-07-10
URL https://sk-krona.fun/panel/uploads/Awdiaz.pdf 2024-07-10
URL https://sk-krona.fun/panel/uploads/Cvevg.mp3 2024-07-10
URL https://sk-krona.fun/panel/uploads/Dscxqvi.mp4 2024-07-10
URL https://sk-krona.fun/panel/uploads/Dzyhmzjdtpz.wav 2024-07-10
URL https://sk-krona.fun/panel/uploads/Fhzcvdiuu.wav 2024-07-10
URL https://sk-krona.fun/panel/uploads/Fxeiroo.mp3 2024-07-10
URL https://sk-krona.fun/panel/uploads/Ljncj.dat 2024-07-10
URL https://sk-krona.fun/panel/uploads/Nsvozql.mp4 2024-07-10
URL https://sk-krona.fun/panel/uploads/Oguqs.mp4 2024-07-10
URL https://sk-krona.fun/panel/uploads/Qydultut.dat 2024-07-10
URL https://sk-krona.fun/panel/uploads/Seancczvbv.wav 2024-07-10
URL https://sk-krona.fun/panel/uploads/Tvmjmv.mp4 2024-07-10
URL https://sk-krona.fun/panel/uploads/Vfqegoe.dat 2024-07-10
URL https://sk-krona.fun/panel/uploads/Vgnaahn.mp3 2024-07-10
URL https://sk-krona.fun/panel/uploads/Wfbitmtjlzd.dat 2024-07-10
URL https://sk-krona.fun/panel/uploads/Wllyqo.mp4 2024-07-10
URL https://sk-krona.fun/panel/uploads/Xzkxso.mp3 2024-07-10
URL https://sk-krona.fun/panel/uploads/Zofrj.dat 2024-07-10
URL https://trianglimsk.ru/_Release.exe 2024-07-10
URL https://trianglimsk.ru/optata.rar. 2024-07-10
URL https://web-whatsap.online/kopiya_skrinchot_1C.pdf.rar 2024-07-10
URL https://xak.guru/threads/23230/ 2024-07-10
References (1)
↗ https://www.facct.ru/blog/vasygrek-and-mr-burns/