Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

VayGren and Mr.Burns: Strong Ties in Finance

July 10, 2024, 10:18 a.m.

Description

F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given, as well as a description of the current version of the BurnsRAT malware, sold on forums and used in attacks on Russian companies.

Date

Published: July 10, 2024, 9:49 a.m.

Created: July 10, 2024, 9:49 a.m.

Modified: July 10, 2024, 10:18 a.m.

Indicators

ebdce7eae3a77ed05ed6279c46a8be8c560085f82ce0f9e4de0ad8c700c16fc4

f7878a67c6de2ff26c79ab890e4a60b76c67a7583c6a24bd96cd93a5f4a0e0aa

e4a91db9e43655931fd3926ec00dbe8a063fbe0d3f0af7d902fd3b9d8281fb3d

e360674d2abf0bea085d01bc3595e19efb3ac061ab8090a32d0c579c621c46f6

d79d130aa4f0b207e741909c45be613a1e3720cb82a0578012cc508c28da6bad

c3b30120feef022d552f85b780d4c988ee82bc07e6b5948db5d32e59d44fa704

c2f97483f8a5a96fa39e8bd3d3458093ac527a8c8efd662e838d95a9bc2354fb

bf9fc94905d75ccf3640d35899d533e50c7ba8bdce396443ae2d0507657a9e81

bbad7c6e8f0d7ae94941257e7ece4d2b144aad56e25760c8876b808f3e8420e6

ba629f7ee519379f1a5a8a4683ee9a48d1b0996268bfaf1162e4bf0f2b792b77

b2193cb3f8bd13c8a5769d5ce499a36b9c44e2eb2800bcdf22320525beaf9586

af8018b310bf030f6feca0f6f23d3e65f8926114d7cd493573badae24f5da0d1

ae9df2b98a9e5561c749cc96a4e24f9d5bb0451889a3924fd7ed73436466495f

ab90f80eee37e16cb3c94f524e2fde3fe13669386512ea36b4ad6ac4d9fbf773

a5eff95e877e7e5e1b8a57e3169cb6f545ae353ed1908840dabb9554ff001500

950bdf0842e513180c42ab3809e57c0779456c51a53e41ce8e833ed36880230e

92d65e200d729beac212563a7559fbdc657a4832d462e02dab4d937b5571983c

90e6c0aed978271769f4fface9a27edbb8d72cd463cfd57b443710aa703a1f98

8e379068eb7e9f9e5635531526dacdc03bf505e67775dd186edba27b33a93805

8b7e5a040f0e468eb540211a3ac73dadd6628177dc09eaff06bfbce10c6eeab9

892a92ce83ed1c9e67c8f7ab0120d1f28e1dfd3a93146da3fde6e9226e22222b

7da756b08230bd426defeaea35588b899057228ac19f3a21625582038e405c76

7a79bb8b4c55f11b463efee0c8cbfaf24c85daac04b67f4f4c25f6851dda57df

7930b4271172eb69e63349282bfe62a111a6e0a8bc8b23ae8729ab6be006ecf5

702db5ce9f9ce7af433146796263c795dfdf065b10e914bc54fd23af5d33e793

6e463e3aafb12ec1fd7ff347038b3df15a93b3b2c506c9d670498b0937d6dce7

6a69e0ebb331aa21614ccc0c4028b5cde242f0710300fe7b441b2017c71a8e16

5f31759d1ac833df5b990b436dabb88cf3e85ba7495440a62364723bc8490907

5170542754aaa8a8585e4d7c12f77deb7fc0cb24ec6626d53e3fa9997e303e77

4c88348d1ef0ff6857f48761ac82d8455661849b34e4f4a6bc07a765818361a3

3d3cef0a4b5c9d56790dbb8c8ac838d42caac2171f5435495682a51c45160bc3

3bced24274a35cd08a3698e32623a14a319fbb60f4f9a950d41834710393c32f

3b8672b2cd5c53f3f4e823ed3873d930b5786a05cc7f2d49b07cb5bda21d933e

382031a229aad519f8d243923e504e8dedf0106f4ce274ab9640ce55542b962d

2e4d3cf89636072438deb7e690ea376e8433c5dc59d8befedc0f5b79ea9a6b7d

2ef38ea449b172cef5e1015bc4b5e37de8ece7d4be087b6bdded5a992493e7aa

2bcfbb053ec4936bded589848b8429cd37b0a7bf5bf85e5e3ace494f4512bfa9

2a82f3e9fc83a6e14c8ff13ed5d450580235981958a7bd262c7ea597e1c94078

20a77d76f250b75309e8ccaf1470d9729dc99b95168085ff30b1e46be6ce2138

1fd5a9570a894c751610c1b49b2f2f00c0c618d365be14a4980f1266a3772c90

1dbce4f525f428cfce626726209ca973f2fdb93cd905a94a1bc538f75e0a16ca

164cabc6b731b2420df8a0fa8e4a2590e45cc027d9cf72ccc74252383ec0f65b

14f5ef72472f64edee2e852d1c677ad4f61b780c3ac93649835c4cc30f5c5b2f

1304a1ec426aa4d39c255aef059bc5b2cb9fef096cd6d136c63ddf8a3b936b96

0576a15f1331d220336163510cc71deb37d1ae0b57ff6ad661c5e547086b57e2

05406c5e034be68b6514fc3ae1b31f603ec7d1865963fe0716ed48605af0fd98

03b11a7319a44c8848d239b8ce49ebb43ebe90dfb9927771a2258bbe3d0e655e

95.217.100.156

91.246.41.200

181.215.235.180

146.185.195.28

https://xak.guru/threads/23230/

https://web-whatsap.online/kopiya_skrinchot_1C.pdf.rar

https://trianglimsk.ru/optata.rar.

https://trianglimsk.ru/_Release.exe

https://sk-krona.fun/panel/uploads/Zofrj.dat

https://sk-krona.fun/panel/uploads/Xzkxso.mp3

https://sk-krona.fun/panel/uploads/Wllyqo.mp4

https://sk-krona.fun/panel/uploads/Wfbitmtjlzd.dat

https://sk-krona.fun/panel/uploads/Vgnaahn.mp3

https://sk-krona.fun/panel/uploads/Vfqegoe.dat

https://sk-krona.fun/panel/uploads/Tvmjmv.mp4

https://sk-krona.fun/panel/uploads/Seancczvbv.wav

https://sk-krona.fun/panel/uploads/Qydultut.dat

https://sk-krona.fun/panel/uploads/Oguqs.mp4

https://sk-krona.fun/panel/uploads/Nsvozql.mp4

https://sk-krona.fun/panel/uploads/Ljncj.dat

https://sk-krona.fun/panel/uploads/Fxeiroo.mp3

https://sk-krona.fun/panel/uploads/Fhzcvdiuu.wav

https://sk-krona.fun/panel/uploads/Dscxqvi.mp4

https://sk-krona.fun/panel/uploads/Dzyhmzjdtpz.wav

https://sk-krona.fun/panel/uploads/Cvevg.mp3

https://saitraif.ru/panel/uploads/Xkwjbhibh.dat

https://sk-krona.fun/panel/uploads/Awdiaz.pdf

https://saitraif.ru/panel/uploads/Qzvldxefss.mp4

https://saitraif.ru/panel/uploads/Qxudsj.mp4

https://saitraif.ru/panel/uploads/Lexhwif.pdf

https://saitraif.ru/panel/uploads/Kjpdz.mp4

https://saitraif.ru/panel/uploads/Hyfhtwkc.mp3

https://saitraif.ru/panel/uploads/Awrxzkoc.mp3

https://saitraif.ru/panel/uploads/Asvchn.wav

https://saitraif.ru/panel/uploads/Ahjhcuubue.mp3

https://saitraif.ru/22012024BUILD.exe

https://downlod-bussines.ru/panel/uploads/Yppohxqf.vdf

https://downlod-bussines.ru/koriya_akt_upd_1C.PDF.rar

https://doc2024.ru/2024bldrms.exe

https://doc-1c.fun/panel/uploads/Hnxuy.vdf

https://bussines-raff.fun/MetaKript.exe

https://bussines-raff.fun/BLD.exe

https://bussines-raff.fun/22012024BUILD.exe

http://vip23newtop.fun/framework/.

http://91.246.41.200:7702

http://91.246.41.200:58003

http://91.246.41.200:58002

http://91.246.41.200:58001

http://91.246.41.200:56003

http://91.246.41.200:56002

http://91.246.41.200:56001

http://91.246.41.200:5554

http://360mediashare.com/2/command.php.

http://360mediashare.com/2/command.php

http://360mediashare.com/1/command.php

http://vip22gr.ru/framework/

https://sk-krona.fun/panel/uploads/Etqslnpm.mp4

sonofabitch@ua.fm

mrburns@exploit.im

oplata.pdf.com

doc20032024.pdf.com

2024.pdf.com

1c.pdf.com

xaker.name

windowsactivate.link

vip23newtop.fun

vip22gr.ru

trianglimsk.ru

sk-krona.fun

saitraif.ru

prologic.su

office360share.com

office360.icu

natgeo.pro

mts2015stm.ru

msupdate.icu

liveupdate.online

downlod-bussines.ru

doc2024.ru

doc-1c.fun

bussines-raff.fun

98347r483df2grg5tg.com

360mediashare.com

047856232.com

Attack Patterns

TeamViewer

RMS

BurnsRAT

WarzoneRAT - S0670

PureLogs

Ave Maria

MetaStealer

RedLine Stealer

PureCrypter

VasyGrek

T1217

T1569.002

T1543.003

T1552.001

T1036.004

T1573.001

T1555.003

T1027.002

T1055.002

T1497.001

T1059.003

T1566.002

T1571

T1547.001

T1095

T1113

T1071.001

T1518.001

T1036.005

T1070.004

T1204.002

T1574.001

T1005

T1574

T1082

T1105

T1566.001

T1083

T1219

T1033

T1041

Additional Informations

Finance