Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-07-05 18:01:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
4357a66095
cyber_threat_intelligence/actors/Vidar/README.md
Marc Ruef 4357a66095 Update June 2023
2023-06-06 10:26:07 +02:00

22 KiB
Raw Blame History

Vidar - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Vidar. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.vidar

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Vidar:

There are 24 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Vidar.

ID IP address Hostname Campaign Confidence
1 5.61.41.224 - - High
2 5.75.128.76 static.76.128.75.5.clients.your-server.de - High
3 5.75.134.193 static.193.134.75.5.clients.your-server.de - High
4 5.75.147.195 static.195.147.75.5.clients.your-server.de - High
5 5.75.149.127 static.127.149.75.5.clients.your-server.de - High
6 5.75.159.217 static.217.159.75.5.clients.your-server.de - High
7 5.75.167.38 static.38.167.75.5.clients.your-server.de - High
8 5.75.173.242 static.242.173.75.5.clients.your-server.de - High
9 5.75.182.6 static.6.182.75.5.clients.your-server.de - High
10 5.75.188.254 static.254.188.75.5.clients.your-server.de - High
11 5.75.203.81 static.81.203.75.5.clients.your-server.de - High
12 5.75.209.76 static.76.209.75.5.clients.your-server.de - High
13 5.75.210.95 static.95.210.75.5.clients.your-server.de - High
14 5.75.213.23 static.23.213.75.5.clients.your-server.de - High
15 5.75.234.140 static.140.234.75.5.clients.your-server.de - High
16 5.75.250.52 static.52.250.75.5.clients.your-server.de - High
17 5.75.253.16 static.16.253.75.5.clients.your-server.de - High
18 5.161.21.185 static.185.21.161.5.clients.your-server.de - High
19 5.161.120.43 static.43.120.161.5.clients.your-server.de - High
20 5.182.36.79 vm1292775.stark-industries.solutions - High
21 5.182.37.147 vm1157310.stark-industries.solutions - High
22 5.182.39.134 vm784970.stark-industries.solutions - High
23 5.182.39.216 vm1160368.stark-industries.solutions - High
24 5.182.39.218 vm867288.stark-industries.solutions - High
25 5.182.39.224 vm1069181.stark-industries.solutions - High
26 5.189.204.39 vpn684nl.com - High
27 5.252.21.207 vm1107639.stark-industries.solutions - High
28 5.252.21.245 vm1305217.stark-industries.solutions - High
29 5.252.22.20 vm668354.stark-industries.solutions - High
30 5.252.22.61 vm1321945.stark-industries.solutions - High
31 5.252.22.196 vm1288108.stark-industries.solutions - High
32 5.252.22.202 vm1308405.stark-industries.solutions - High
33 5.252.22.203 vm622750.stark-industries.solutions - High
34 5.252.23.24 vm1305376.stark-industries.solutions - High
35 5.252.23.34 slovakkia.thepelic.com - High
36 5.252.23.43 vm1301819.stark-industries.solutions - High
37 5.252.23.65 mail.amazing-accident.info - High
38 5.252.23.88 vm461927.stark-industries.solutions - High
39 5.252.23.169 vm1278098.stark-industries.solutions - High
40 5.252.177.9 no-rdns.mivocloud.com - High
41 5.252.177.45 no-rdns.mivocloud.com - High
42 5.253.18.70 - - High
43 5.253.18.96 - - High
44 5.253.18.97 - - High
45 5.253.18.213 - - High
46 5.254.118.147 - - High
47 5.255.112.241 - - High
48 23.88.36.149 static.149.36.88.23.clients.your-server.de - High
49 23.88.46.113 static.113.46.88.23.clients.your-server.de - High
50 23.88.115.141 static.141.115.88.23.clients.your-server.de - High
51 23.106.122.140 - - High
52 23.145.40.109 - - High
53 37.123.196.7 - - High
54 37.220.87.3 ipn-37-220-87-3.artem-catv.ru - High
55 37.220.87.9 ipn-37-220-87-9.artem-catv.ru - High
56 37.220.87.21 ipn-37-220-87-21.artem-catv.ru - High
57 37.220.87.26 ipn-37-220-87-26.artem-catv.ru - High
58 37.220.87.33 ipn-37-220-87-33.artem-catv.ru - High
59 37.220.87.41 ipn-37-220-87-41.artem-catv.ru - High
60 42.186.202.116 - - High
61 45.8.144.14 vm1326141.stark-industries.solutions - High
62 45.8.144.188 vm1268594.stark-industries.solutions - High
63 45.8.144.232 - - High
64 45.8.145.14 shardeum.syrup.com - High
65 45.8.145.83 vm1268783.stark-industries.solutions - High
66 45.8.145.85 vm1263292.stark-industries.solutions - High
67 45.8.145.164 xenonserv6969.nutsack - High
68 45.8.145.230 vm1078252.stark-industries.solutions - High
69 45.8.146.18 vm1065889.stark-industries.solutions - High
70 45.8.147.23 vm1215388.stark-industries.solutions - High
71 45.8.147.51 mail.talent-flex.live - High
72 45.8.147.74 vm689012.stark-industries.solutions - High
73 45.8.147.145 vm1220510.stark-industries.solutions - High
74 45.8.147.151 vm1044552.stark-industries.solutions - High
75 45.8.147.191 vps.hostry.com - High
76 45.8.147.221 vm713224.stark-industries.solutions - High
77 45.8.147.224 vm1291410.stark-industries.solutions - High
78 45.9.190.250 - - High
79 45.9.191.215 - - High
80 45.11.19.78 - - High
81 45.15.156.121 - - High
82 45.61.139.169 - - High
83 45.67.35.153 destinystats.ru - High
84 45.67.229.135 vm1328071.stark-industries.solutions - High
85 45.83.122.248 xotkdxo.ptr1.ru - High
86 45.86.229.188 - - High
87 45.87.154.35 vm1318841.stark-industries.solutions - High
88 45.89.54.52 sk-gnome-1.gummicube.com - High
89 45.89.54.144 vm609670.stark-industries.solutions - High
90 45.89.55.82 vm720207.stark-industries.solutions - High
91 45.89.55.118 vm1230867.stark-industries.solutions - High
92 45.89.55.154 vm1135907.stark-industries.solutions - High
93 45.89.55.158 mail.elastic-mounds.live - High
94 45.89.55.159 vm1138080.stark-industries.solutions - High
95 45.89.55.174 vm1042352.stark-industries.solutions - High
96 45.89.55.176 vps.hostry.com - High
97 45.89.55.177 vps.hostry.com - High
98 45.92.156.110 - - High
99 45.92.156.133 - - High
100 45.95.11.13 - - High
101 45.132.106.60 vm4387358.34ssd.had.wf - High
102 45.136.50.120 mtfhotkzody0.clientesboletos.de - High
103 45.142.212.155 hamed.co - High
104 45.142.213.7 vm1280158.stark-industries.solutions - High
105 45.142.213.52 vm1061668.stark-industries.solutions - High
106 45.150.64.207 server.local - High
107 45.153.230.169 vm1311101.stark-industries.solutions - High
108 45.153.230.241 vm1282051.stark-industries.solutions - High
109 45.159.48.224 - - High
110 45.159.248.53 deserunthvjqu.projectonline.online - High
111 45.159.248.173 vm1273998.stark-industries.solutions - High
112 45.159.249.2 wg-358-9-1.wgnet.work - High
113 45.159.249.3 vm633410.stark-industries.solutions - High
114 45.159.249.4 vm1323066.stark-industries.solutions - High
115 45.159.249.5 vm581344.stark-industries.solutions - High
116 45.159.249.133 vm1323066.stark-industries.solutions - High
117 45.159.249.160 mail.datingmoms.info - High
118 45.159.249.181 vm1266190.stark-industries.solutions - High
119 45.159.251.224 vm1336366.stark-industries.solutions - High
120 46.4.4.76 k92z70.meinserver.io - High
121 46.246.98.9 46-246-98-9.static.glesys.net - High
122 49.12.8.228 static.228.8.12.49.clients.your-server.de - High
123 49.12.9.140 static.140.9.12.49.clients.your-server.de - High
124 49.12.15.204 static.204.15.12.49.clients.your-server.de - High
125 49.12.34.6 static.6.34.12.49.clients.your-server.de - High
126 49.12.72.35 static.35.72.12.49.clients.your-server.de - High
127 49.12.79.235 static.235.79.12.49.clients.your-server.de - High
128 49.12.112.48 static.48.112.12.49.clients.your-server.de - High
129 49.12.113.110 static.110.113.12.49.clients.your-server.de - High
130 49.12.113.223 static.223.113.12.49.clients.your-server.de - High
131 49.12.115.154 static.154.115.12.49.clients.your-server.de - High
132 49.12.116.5 static.5.116.12.49.clients.your-server.de - High
133 49.12.117.107 static.107.117.12.49.clients.your-server.de - High
134 49.12.118.167 static.167.118.12.49.clients.your-server.de - High
135 49.12.118.209 static.209.118.12.49.clients.your-server.de - High
136 49.12.119.56 static.56.119.12.49.clients.your-server.de - High
137 49.12.119.193 static.193.119.12.49.clients.your-server.de - High
138 49.12.196.69 static.69.196.12.49.clients.your-server.de - High
139 49.12.237.50 static.50.237.12.49.clients.your-server.de - High
140 51.195.166.165 ip165.ip-51-195-166.eu - High
141 51.195.166.171 ip171.ip-51-195-166.eu - High
142 51.195.166.189 ip189.ip-51-195-166.eu - High
143 51.195.166.190 ip190.ip-51-195-166.eu - High
144 51.195.166.198 ertbbcn.beauty - High
145 62.204.41.126 - - High
146 64.44.61.136 136-61-44-64.reverse-dns - High
147 64.44.167.153 153-167-44-64.reverse-dns - High
148 64.44.177.137 - - High
149 65.21.5.148 server.seematti.com - High
150 65.21.58.6 static.6.58.21.65.clients.your-server.de - High
151 65.21.63.71 static.71.63.21.65.clients.your-server.de - High
152 ... ... ... ...

There are 604 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Vidar. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 21 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Vidar. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .procmailrc Medium
2 File /.env Low
3 File /?ajax-request=jnews High
4 File /about.php Medium
5 File /admin.php Medium
6 File /admin.php/accessory/filesdel.html High
7 File /admin/ Low
8 File /Admin/add-student.php High
9 File /admin/api/theme-edit/ High
10 File /admin/casedetails.php High
11 File /admin/index3.php High
12 File /admin/photo.php High
13 File /adms/admin/?page=vehicles/view_transaction High
14 File /api/RecordingList/DownloadRecord?file= High
15 File /apply.cgi Medium
16 File /card_scan.php High
17 File /catcompany.php High
18 File /cgi-bin/koha/acqui/supplier.pl?op=enter High
19 File /cgi-bin/wlogin.cgi High
20 File /cms/category/list High
21 File /common/info.cgi High
22 File /Config/SaveUploadedHotspotLogoFile High
23 File /cwc/login Medium
24 File /dashboard/view-chair-list.php High
25 File /Default/Bd Medium
26 File /download Medium
27 File /ebics-server/ebics.aspx High
28 File /egroupware/index.php High
29 File /etc/hosts Medium
30 File /etc/quagga Medium
31 File /forms/doLogin High
32 File /forum/away.php High
33 File /h/calendar Medium
34 File /hrm/employeeview.php High
35 File /inc/extensions.php High
36 File /index.php Medium
37 File /loginsave.php High
38 File /nova/bin/console High
39 File /nova/bin/detnet High
40 File /out.php Medium
41 File /param.file.tgz High
42 File /product_list.php High
43 File /public_html/users.php High
44 File /req_password_user.php High
45 File /rom-0 Low
46 ... ... ...

There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!