mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-03 08:58:21 +00:00
363 lines
26 KiB
Markdown
363 lines
26 KiB
Markdown
# Vidar - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Vidar](https://vuldb.com/?actor.vidar). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.vidar](https://vuldb.com/?actor.vidar)
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Vidar:
|
|
|
|
* [US](https://vuldb.com/?country.us)
|
|
* [GB](https://vuldb.com/?country.gb)
|
|
* [CN](https://vuldb.com/?country.cn)
|
|
* ...
|
|
|
|
There are 18 more country items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Vidar.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [5.42.87.152](https://vuldb.com/?ip.5.42.87.152) | - | - | High
|
|
2 | [5.61.41.224](https://vuldb.com/?ip.5.61.41.224) | - | - | High
|
|
3 | [5.75.128.76](https://vuldb.com/?ip.5.75.128.76) | static.76.128.75.5.clients.your-server.de | - | High
|
|
4 | [5.75.134.193](https://vuldb.com/?ip.5.75.134.193) | static.193.134.75.5.clients.your-server.de | - | High
|
|
5 | [5.75.142.250](https://vuldb.com/?ip.5.75.142.250) | static.250.142.75.5.clients.your-server.de | - | High
|
|
6 | [5.75.147.195](https://vuldb.com/?ip.5.75.147.195) | static.195.147.75.5.clients.your-server.de | - | High
|
|
7 | [5.75.149.127](https://vuldb.com/?ip.5.75.149.127) | static.127.149.75.5.clients.your-server.de | - | High
|
|
8 | [5.75.152.241](https://vuldb.com/?ip.5.75.152.241) | static.241.152.75.5.clients.your-server.de | - | High
|
|
9 | [5.75.159.217](https://vuldb.com/?ip.5.75.159.217) | static.217.159.75.5.clients.your-server.de | - | High
|
|
10 | [5.75.167.38](https://vuldb.com/?ip.5.75.167.38) | static.38.167.75.5.clients.your-server.de | - | High
|
|
11 | [5.75.173.242](https://vuldb.com/?ip.5.75.173.242) | static.242.173.75.5.clients.your-server.de | - | High
|
|
12 | [5.75.182.6](https://vuldb.com/?ip.5.75.182.6) | static.6.182.75.5.clients.your-server.de | - | High
|
|
13 | [5.75.188.254](https://vuldb.com/?ip.5.75.188.254) | static.254.188.75.5.clients.your-server.de | - | High
|
|
14 | [5.75.203.81](https://vuldb.com/?ip.5.75.203.81) | static.81.203.75.5.clients.your-server.de | - | High
|
|
15 | [5.75.208.184](https://vuldb.com/?ip.5.75.208.184) | static.184.208.75.5.clients.your-server.de | - | High
|
|
16 | [5.75.208.196](https://vuldb.com/?ip.5.75.208.196) | static.196.208.75.5.clients.your-server.de | - | High
|
|
17 | [5.75.209.44](https://vuldb.com/?ip.5.75.209.44) | static.44.209.75.5.clients.your-server.de | - | High
|
|
18 | [5.75.209.76](https://vuldb.com/?ip.5.75.209.76) | static.76.209.75.5.clients.your-server.de | - | High
|
|
19 | [5.75.209.169](https://vuldb.com/?ip.5.75.209.169) | static.169.209.75.5.clients.your-server.de | - | High
|
|
20 | [5.75.210.95](https://vuldb.com/?ip.5.75.210.95) | static.95.210.75.5.clients.your-server.de | - | High
|
|
21 | [5.75.211.155](https://vuldb.com/?ip.5.75.211.155) | static.155.211.75.5.clients.your-server.de | - | High
|
|
22 | [5.75.211.167](https://vuldb.com/?ip.5.75.211.167) | static.167.211.75.5.clients.your-server.de | - | High
|
|
23 | [5.75.213.23](https://vuldb.com/?ip.5.75.213.23) | static.23.213.75.5.clients.your-server.de | - | High
|
|
24 | [5.75.213.102](https://vuldb.com/?ip.5.75.213.102) | static.102.213.75.5.clients.your-server.de | - | High
|
|
25 | [5.75.213.157](https://vuldb.com/?ip.5.75.213.157) | static.157.213.75.5.clients.your-server.de | - | High
|
|
26 | [5.75.214.16](https://vuldb.com/?ip.5.75.214.16) | static.16.214.75.5.clients.your-server.de | - | High
|
|
27 | [5.75.234.140](https://vuldb.com/?ip.5.75.234.140) | static.140.234.75.5.clients.your-server.de | - | High
|
|
28 | [5.75.240.14](https://vuldb.com/?ip.5.75.240.14) | static.14.240.75.5.clients.your-server.de | - | High
|
|
29 | [5.75.250.52](https://vuldb.com/?ip.5.75.250.52) | static.52.250.75.5.clients.your-server.de | - | High
|
|
30 | [5.75.253.16](https://vuldb.com/?ip.5.75.253.16) | static.16.253.75.5.clients.your-server.de | - | High
|
|
31 | [5.161.21.185](https://vuldb.com/?ip.5.161.21.185) | static.185.21.161.5.clients.your-server.de | - | High
|
|
32 | [5.161.120.43](https://vuldb.com/?ip.5.161.120.43) | static.43.120.161.5.clients.your-server.de | - | High
|
|
33 | [5.182.36.79](https://vuldb.com/?ip.5.182.36.79) | vm1292775.stark-industries.solutions | - | High
|
|
34 | [5.182.37.147](https://vuldb.com/?ip.5.182.37.147) | vm1157310.stark-industries.solutions | - | High
|
|
35 | [5.182.39.134](https://vuldb.com/?ip.5.182.39.134) | vm784970.stark-industries.solutions | - | High
|
|
36 | [5.182.39.216](https://vuldb.com/?ip.5.182.39.216) | vm1160368.stark-industries.solutions | - | High
|
|
37 | [5.182.39.218](https://vuldb.com/?ip.5.182.39.218) | vm867288.stark-industries.solutions | - | High
|
|
38 | [5.182.39.224](https://vuldb.com/?ip.5.182.39.224) | vm1069181.stark-industries.solutions | - | High
|
|
39 | [5.189.204.39](https://vuldb.com/?ip.5.189.204.39) | vpn684nl.com | - | High
|
|
40 | [5.252.21.207](https://vuldb.com/?ip.5.252.21.207) | vm1107639.stark-industries.solutions | - | High
|
|
41 | [5.252.21.245](https://vuldb.com/?ip.5.252.21.245) | vm1305217.stark-industries.solutions | - | High
|
|
42 | [5.252.22.20](https://vuldb.com/?ip.5.252.22.20) | vm668354.stark-industries.solutions | - | High
|
|
43 | [5.252.22.61](https://vuldb.com/?ip.5.252.22.61) | vm1321945.stark-industries.solutions | - | High
|
|
44 | [5.252.22.196](https://vuldb.com/?ip.5.252.22.196) | vm1288108.stark-industries.solutions | - | High
|
|
45 | [5.252.22.202](https://vuldb.com/?ip.5.252.22.202) | vm1308405.stark-industries.solutions | - | High
|
|
46 | [5.252.22.203](https://vuldb.com/?ip.5.252.22.203) | vm622750.stark-industries.solutions | - | High
|
|
47 | [5.252.23.24](https://vuldb.com/?ip.5.252.23.24) | vm1305376.stark-industries.solutions | - | High
|
|
48 | [5.252.23.34](https://vuldb.com/?ip.5.252.23.34) | slovakkia.thepelic.com | - | High
|
|
49 | [5.252.23.43](https://vuldb.com/?ip.5.252.23.43) | vm1301819.stark-industries.solutions | - | High
|
|
50 | [5.252.23.65](https://vuldb.com/?ip.5.252.23.65) | mail.amazing-accident.info | - | High
|
|
51 | [5.252.23.88](https://vuldb.com/?ip.5.252.23.88) | vm461927.stark-industries.solutions | - | High
|
|
52 | [5.252.23.169](https://vuldb.com/?ip.5.252.23.169) | vm1278098.stark-industries.solutions | - | High
|
|
53 | [5.252.176.49](https://vuldb.com/?ip.5.252.176.49) | no-rdns.mivocloud.com | - | High
|
|
54 | [5.252.177.9](https://vuldb.com/?ip.5.252.177.9) | no-rdns.mivocloud.com | - | High
|
|
55 | [5.252.177.45](https://vuldb.com/?ip.5.252.177.45) | no-rdns.mivocloud.com | - | High
|
|
56 | [5.252.179.201](https://vuldb.com/?ip.5.252.179.201) | no-rdns.mivocloud.com | - | High
|
|
57 | [5.253.18.70](https://vuldb.com/?ip.5.253.18.70) | - | - | High
|
|
58 | [5.253.18.96](https://vuldb.com/?ip.5.253.18.96) | - | - | High
|
|
59 | [5.253.18.97](https://vuldb.com/?ip.5.253.18.97) | - | - | High
|
|
60 | [5.253.18.213](https://vuldb.com/?ip.5.253.18.213) | - | - | High
|
|
61 | [5.254.118.147](https://vuldb.com/?ip.5.254.118.147) | - | - | High
|
|
62 | [5.255.112.241](https://vuldb.com/?ip.5.255.112.241) | - | - | High
|
|
63 | [23.88.36.149](https://vuldb.com/?ip.23.88.36.149) | static.149.36.88.23.clients.your-server.de | - | High
|
|
64 | [23.88.46.113](https://vuldb.com/?ip.23.88.46.113) | static.113.46.88.23.clients.your-server.de | - | High
|
|
65 | [23.88.115.141](https://vuldb.com/?ip.23.88.115.141) | static.141.115.88.23.clients.your-server.de | - | High
|
|
66 | [23.106.122.140](https://vuldb.com/?ip.23.106.122.140) | - | - | High
|
|
67 | [23.145.40.109](https://vuldb.com/?ip.23.145.40.109) | - | - | High
|
|
68 | [37.27.0.69](https://vuldb.com/?ip.37.27.0.69) | static.69.0.27.37.clients.your-server.de | - | High
|
|
69 | [37.27.6.23](https://vuldb.com/?ip.37.27.6.23) | static.23.6.27.37.clients.your-server.de | - | High
|
|
70 | [37.123.196.7](https://vuldb.com/?ip.37.123.196.7) | - | - | High
|
|
71 | [37.220.87.3](https://vuldb.com/?ip.37.220.87.3) | ipn-37-220-87-3.artem-catv.ru | - | High
|
|
72 | [37.220.87.9](https://vuldb.com/?ip.37.220.87.9) | ipn-37-220-87-9.artem-catv.ru | - | High
|
|
73 | [37.220.87.21](https://vuldb.com/?ip.37.220.87.21) | ipn-37-220-87-21.artem-catv.ru | - | High
|
|
74 | [37.220.87.26](https://vuldb.com/?ip.37.220.87.26) | ipn-37-220-87-26.artem-catv.ru | - | High
|
|
75 | [37.220.87.33](https://vuldb.com/?ip.37.220.87.33) | ipn-37-220-87-33.artem-catv.ru | - | High
|
|
76 | [37.220.87.41](https://vuldb.com/?ip.37.220.87.41) | ipn-37-220-87-41.artem-catv.ru | - | High
|
|
77 | [42.186.202.116](https://vuldb.com/?ip.42.186.202.116) | - | - | High
|
|
78 | [45.8.144.14](https://vuldb.com/?ip.45.8.144.14) | vm1326141.stark-industries.solutions | - | High
|
|
79 | [45.8.144.188](https://vuldb.com/?ip.45.8.144.188) | vm1268594.stark-industries.solutions | - | High
|
|
80 | [45.8.144.232](https://vuldb.com/?ip.45.8.144.232) | - | - | High
|
|
81 | [45.8.145.14](https://vuldb.com/?ip.45.8.145.14) | shardeum.syrup.com | - | High
|
|
82 | [45.8.145.83](https://vuldb.com/?ip.45.8.145.83) | vm1268783.stark-industries.solutions | - | High
|
|
83 | [45.8.145.85](https://vuldb.com/?ip.45.8.145.85) | vm1263292.stark-industries.solutions | - | High
|
|
84 | [45.8.145.164](https://vuldb.com/?ip.45.8.145.164) | xenonserv6969.nutsack | - | High
|
|
85 | [45.8.145.230](https://vuldb.com/?ip.45.8.145.230) | vm1078252.stark-industries.solutions | - | High
|
|
86 | [45.8.146.18](https://vuldb.com/?ip.45.8.146.18) | vm1065889.stark-industries.solutions | - | High
|
|
87 | [45.8.147.23](https://vuldb.com/?ip.45.8.147.23) | vm1215388.stark-industries.solutions | - | High
|
|
88 | [45.8.147.51](https://vuldb.com/?ip.45.8.147.51) | mail.talent-flex.live | - | High
|
|
89 | [45.8.147.74](https://vuldb.com/?ip.45.8.147.74) | vm689012.stark-industries.solutions | - | High
|
|
90 | [45.8.147.145](https://vuldb.com/?ip.45.8.147.145) | vm1220510.stark-industries.solutions | - | High
|
|
91 | [45.8.147.151](https://vuldb.com/?ip.45.8.147.151) | vm1044552.stark-industries.solutions | - | High
|
|
92 | [45.8.147.191](https://vuldb.com/?ip.45.8.147.191) | vps.hostry.com | - | High
|
|
93 | [45.8.147.221](https://vuldb.com/?ip.45.8.147.221) | vm713224.stark-industries.solutions | - | High
|
|
94 | [45.8.147.224](https://vuldb.com/?ip.45.8.147.224) | vm1291410.stark-industries.solutions | - | High
|
|
95 | [45.9.190.250](https://vuldb.com/?ip.45.9.190.250) | - | - | High
|
|
96 | [45.9.191.215](https://vuldb.com/?ip.45.9.191.215) | - | - | High
|
|
97 | [45.11.19.78](https://vuldb.com/?ip.45.11.19.78) | - | - | High
|
|
98 | [45.15.156.121](https://vuldb.com/?ip.45.15.156.121) | - | - | High
|
|
99 | [45.61.139.169](https://vuldb.com/?ip.45.61.139.169) | - | - | High
|
|
100 | [45.67.35.153](https://vuldb.com/?ip.45.67.35.153) | destinystats.ru | - | High
|
|
101 | [45.67.229.135](https://vuldb.com/?ip.45.67.229.135) | vm1328071.stark-industries.solutions | - | High
|
|
102 | [45.83.122.248](https://vuldb.com/?ip.45.83.122.248) | xotkdxo.ptr1.ru | - | High
|
|
103 | [45.86.86.144](https://vuldb.com/?ip.45.86.86.144) | jarention.info | - | High
|
|
104 | [45.86.229.188](https://vuldb.com/?ip.45.86.229.188) | - | - | High
|
|
105 | [45.87.154.35](https://vuldb.com/?ip.45.87.154.35) | vm1318841.stark-industries.solutions | - | High
|
|
106 | [45.89.54.52](https://vuldb.com/?ip.45.89.54.52) | sk-gnome-1.gummicube.com | - | High
|
|
107 | [45.89.54.144](https://vuldb.com/?ip.45.89.54.144) | vm609670.stark-industries.solutions | - | High
|
|
108 | [45.89.55.82](https://vuldb.com/?ip.45.89.55.82) | vm720207.stark-industries.solutions | - | High
|
|
109 | [45.89.55.118](https://vuldb.com/?ip.45.89.55.118) | vm1230867.stark-industries.solutions | - | High
|
|
110 | [45.89.55.154](https://vuldb.com/?ip.45.89.55.154) | vm1135907.stark-industries.solutions | - | High
|
|
111 | [45.89.55.158](https://vuldb.com/?ip.45.89.55.158) | mail.elastic-mounds.live | - | High
|
|
112 | [45.89.55.159](https://vuldb.com/?ip.45.89.55.159) | vm1138080.stark-industries.solutions | - | High
|
|
113 | [45.89.55.174](https://vuldb.com/?ip.45.89.55.174) | vm1042352.stark-industries.solutions | - | High
|
|
114 | [45.89.55.176](https://vuldb.com/?ip.45.89.55.176) | vps.hostry.com | - | High
|
|
115 | [45.89.55.177](https://vuldb.com/?ip.45.89.55.177) | vps.hostry.com | - | High
|
|
116 | [45.92.156.110](https://vuldb.com/?ip.45.92.156.110) | - | - | High
|
|
117 | [45.92.156.133](https://vuldb.com/?ip.45.92.156.133) | - | - | High
|
|
118 | [45.95.11.13](https://vuldb.com/?ip.45.95.11.13) | - | - | High
|
|
119 | [45.132.106.60](https://vuldb.com/?ip.45.132.106.60) | vm4387358.34ssd.had.wf | - | High
|
|
120 | [45.136.49.229](https://vuldb.com/?ip.45.136.49.229) | - | - | High
|
|
121 | [45.136.50.120](https://vuldb.com/?ip.45.136.50.120) | mtfhotkzody0.clientesboletos.de | - | High
|
|
122 | [45.142.212.155](https://vuldb.com/?ip.45.142.212.155) | hamed.co | - | High
|
|
123 | [45.142.213.7](https://vuldb.com/?ip.45.142.213.7) | vm1280158.stark-industries.solutions | - | High
|
|
124 | [45.142.213.52](https://vuldb.com/?ip.45.142.213.52) | vm1061668.stark-industries.solutions | - | High
|
|
125 | [45.150.64.207](https://vuldb.com/?ip.45.150.64.207) | server.local | - | High
|
|
126 | [45.153.230.169](https://vuldb.com/?ip.45.153.230.169) | vm1311101.stark-industries.solutions | - | High
|
|
127 | [45.153.230.241](https://vuldb.com/?ip.45.153.230.241) | vm1282051.stark-industries.solutions | - | High
|
|
128 | [45.159.48.224](https://vuldb.com/?ip.45.159.48.224) | - | - | High
|
|
129 | [45.159.248.53](https://vuldb.com/?ip.45.159.248.53) | deserunthvjqu.projectonline.online | - | High
|
|
130 | [45.159.248.173](https://vuldb.com/?ip.45.159.248.173) | vm1273998.stark-industries.solutions | - | High
|
|
131 | [45.159.249.2](https://vuldb.com/?ip.45.159.249.2) | wg-358-9-1.wgnet.work | - | High
|
|
132 | [45.159.249.3](https://vuldb.com/?ip.45.159.249.3) | vm633410.stark-industries.solutions | - | High
|
|
133 | [45.159.249.4](https://vuldb.com/?ip.45.159.249.4) | vm1323066.stark-industries.solutions | - | High
|
|
134 | [45.159.249.5](https://vuldb.com/?ip.45.159.249.5) | vm581344.stark-industries.solutions | - | High
|
|
135 | [45.159.249.133](https://vuldb.com/?ip.45.159.249.133) | vm1323066.stark-industries.solutions | - | High
|
|
136 | [45.159.249.160](https://vuldb.com/?ip.45.159.249.160) | mail.datingmoms.info | - | High
|
|
137 | [45.159.249.181](https://vuldb.com/?ip.45.159.249.181) | vm1266190.stark-industries.solutions | - | High
|
|
138 | [45.159.251.224](https://vuldb.com/?ip.45.159.251.224) | vm1336366.stark-industries.solutions | - | High
|
|
139 | [46.4.4.76](https://vuldb.com/?ip.46.4.4.76) | k92z70.meinserver.io | - | High
|
|
140 | [46.246.98.9](https://vuldb.com/?ip.46.246.98.9) | 46-246-98-9.static.glesys.net | - | High
|
|
141 | [49.12.8.228](https://vuldb.com/?ip.49.12.8.228) | static.228.8.12.49.clients.your-server.de | - | High
|
|
142 | [49.12.9.140](https://vuldb.com/?ip.49.12.9.140) | static.140.9.12.49.clients.your-server.de | - | High
|
|
143 | [49.12.15.204](https://vuldb.com/?ip.49.12.15.204) | static.204.15.12.49.clients.your-server.de | - | High
|
|
144 | [49.12.34.6](https://vuldb.com/?ip.49.12.34.6) | static.6.34.12.49.clients.your-server.de | - | High
|
|
145 | [49.12.72.35](https://vuldb.com/?ip.49.12.72.35) | static.35.72.12.49.clients.your-server.de | - | High
|
|
146 | [49.12.79.235](https://vuldb.com/?ip.49.12.79.235) | static.235.79.12.49.clients.your-server.de | - | High
|
|
147 | [49.12.112.48](https://vuldb.com/?ip.49.12.112.48) | static.48.112.12.49.clients.your-server.de | - | High
|
|
148 | [49.12.113.110](https://vuldb.com/?ip.49.12.113.110) | static.110.113.12.49.clients.your-server.de | - | High
|
|
149 | [49.12.113.223](https://vuldb.com/?ip.49.12.113.223) | static.223.113.12.49.clients.your-server.de | - | High
|
|
150 | [49.12.115.154](https://vuldb.com/?ip.49.12.115.154) | static.154.115.12.49.clients.your-server.de | - | High
|
|
151 | [49.12.116.5](https://vuldb.com/?ip.49.12.116.5) | static.5.116.12.49.clients.your-server.de | - | High
|
|
152 | [49.12.117.107](https://vuldb.com/?ip.49.12.117.107) | static.107.117.12.49.clients.your-server.de | - | High
|
|
153 | [49.12.118.167](https://vuldb.com/?ip.49.12.118.167) | static.167.118.12.49.clients.your-server.de | - | High
|
|
154 | [49.12.118.209](https://vuldb.com/?ip.49.12.118.209) | static.209.118.12.49.clients.your-server.de | - | High
|
|
155 | [49.12.119.56](https://vuldb.com/?ip.49.12.119.56) | static.56.119.12.49.clients.your-server.de | - | High
|
|
156 | [49.12.119.193](https://vuldb.com/?ip.49.12.119.193) | static.193.119.12.49.clients.your-server.de | - | High
|
|
157 | [49.12.196.69](https://vuldb.com/?ip.49.12.196.69) | static.69.196.12.49.clients.your-server.de | - | High
|
|
158 | [49.12.237.50](https://vuldb.com/?ip.49.12.237.50) | static.50.237.12.49.clients.your-server.de | - | High
|
|
159 | [49.13.9.29](https://vuldb.com/?ip.49.13.9.29) | static.29.9.13.49.clients.your-server.de | - | High
|
|
160 | [49.13.50.61](https://vuldb.com/?ip.49.13.50.61) | static.61.50.13.49.clients.your-server.de | - | High
|
|
161 | [49.13.59.137](https://vuldb.com/?ip.49.13.59.137) | static.137.59.13.49.clients.your-server.de | - | High
|
|
162 | [51.195.166.165](https://vuldb.com/?ip.51.195.166.165) | ip165.ip-51-195-166.eu | - | High
|
|
163 | [51.195.166.171](https://vuldb.com/?ip.51.195.166.171) | ip171.ip-51-195-166.eu | - | High
|
|
164 | [51.195.166.189](https://vuldb.com/?ip.51.195.166.189) | ip189.ip-51-195-166.eu | - | High
|
|
165 | [51.195.166.190](https://vuldb.com/?ip.51.195.166.190) | ip190.ip-51-195-166.eu | - | High
|
|
166 | [51.195.166.198](https://vuldb.com/?ip.51.195.166.198) | ertbbcn.beauty | - | High
|
|
167 | [62.204.41.126](https://vuldb.com/?ip.62.204.41.126) | - | - | High
|
|
168 | [64.44.61.136](https://vuldb.com/?ip.64.44.61.136) | 136-61-44-64.reverse-dns | - | High
|
|
169 | ... | ... | ... | ...
|
|
|
|
There are 674 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Vidar_. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
|
3 | T1055 | CWE-74 | Injection | High
|
|
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
6 | ... | ... | ... | ...
|
|
|
|
There are 21 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Vidar. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `//proc/kcore` | Medium
|
|
2 | File | `/about.php` | Medium
|
|
3 | File | `/admin.php/accessory/filesdel.html` | High
|
|
4 | File | `/admin.php/Admin/adminadd.html` | High
|
|
5 | File | `/admin/` | Low
|
|
6 | File | `/Admin/add-student.php` | High
|
|
7 | File | `/admin/api/theme-edit/` | High
|
|
8 | File | `/admin/casedetails.php` | High
|
|
9 | File | `/admin/index3.php` | High
|
|
10 | File | `/admin/photo.php` | High
|
|
11 | File | `/admin/settings/save.php` | High
|
|
12 | File | `/admin/userprofile.php` | High
|
|
13 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
|
14 | File | `/api/baskets/{name}` | High
|
|
15 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
|
16 | File | `/apply.cgi` | Medium
|
|
17 | File | `/card_scan.php` | High
|
|
18 | File | `/catcompany.php` | High
|
|
19 | File | `/cgi-bin/koha/acqui/supplier.pl?op=enter` | High
|
|
20 | File | `/cgi-bin/wlogin.cgi` | High
|
|
21 | File | `/cms/category/list` | High
|
|
22 | File | `/College/admin/teacher.php` | High
|
|
23 | File | `/common/info.cgi` | High
|
|
24 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
|
25 | File | `/cwc/login` | Medium
|
|
26 | File | `/dcim/rack-roles/` | High
|
|
27 | File | `/Default/Bd` | Medium
|
|
28 | File | `/ebics-server/ebics.aspx` | High
|
|
29 | File | `/egroupware/index.php` | High
|
|
30 | File | `/etc/quagga` | Medium
|
|
31 | File | `/forms/doLogin` | High
|
|
32 | File | `/forum/away.php` | High
|
|
33 | File | `/goform/addUserName` | High
|
|
34 | File | `/goform/aspForm` | High
|
|
35 | File | `/goform/delAd` | High
|
|
36 | File | `/goform/wifiSSIDset` | High
|
|
37 | File | `/gpac/src/bifs/unquantize.c` | High
|
|
38 | File | `/h/calendar` | Medium
|
|
39 | File | `/hrm/employeeview.php` | High
|
|
40 | File | `/inc/topBarNav.php` | High
|
|
41 | File | `/index.asp` | Medium
|
|
42 | File | `/index.php` | Medium
|
|
43 | File | `/index.php?app=main&func=passport&action=login` | High
|
|
44 | File | `/jfinal_cms/system/role/list` | High
|
|
45 | File | `/kelas/data` | Medium
|
|
46 | File | `/loginsave.php` | High
|
|
47 | ... | ... | ...
|
|
|
|
There are 410 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://1275.ru/ioc/57/vidar-malware-ioc/
|
|
* https://app.any.run/tasks/08fd0871-2d61-48ea-aca2-81025985d103/
|
|
* https://app.any.run/tasks/0816dca2-2d00-4c07-a3c7-aa537e1951dc
|
|
* https://app.any.run/tasks/1c006936-91b1-46e4-9b3c-12e8d0e137a5
|
|
* https://app.any.run/tasks/2a55452e-05df-4d30-926e-c2dbd12747bd
|
|
* https://app.any.run/tasks/5b493244-4c9a-4448-965b-3e5a259be960
|
|
* https://app.any.run/tasks/6a0a89ef-6667-42ab-8fde-95d66b220656
|
|
* https://app.any.run/tasks/6f7e1487-f3f6-4837-8644-01d63cb11f0c
|
|
* https://app.any.run/tasks/6fc06743-4835-4d4c-b8c6-a2680c336184
|
|
* https://app.any.run/tasks/21da6797-a476-4815-b896-289729daf3fb
|
|
* https://app.any.run/tasks/25aa27e9-a9e9-40cc-9152-d0373b9c7ebb
|
|
* https://app.any.run/tasks/27b0d3a8-c7b6-4996-9b21-ec6c47cee67c
|
|
* https://app.any.run/tasks/32d9092b-d486-41b9-bce0-8cca66582d06
|
|
* https://app.any.run/tasks/47c2c5a4-d752-4ba2-a2d4-15665bd5aac3
|
|
* https://app.any.run/tasks/78e41a16-fef5-4d17-a6a8-32063fa914f9
|
|
* https://app.any.run/tasks/79d2f0e6-2321-417b-82b0-b11d0c408f8d
|
|
* https://app.any.run/tasks/82e3f293-d132-4d72-8638-0edd7a105cc1
|
|
* https://app.any.run/tasks/83de2e9a-8f28-4e9f-b0b9-94ee76fa4caa
|
|
* https://app.any.run/tasks/92d0bc33-e278-4e9b-9f67-5c686bf0b83f
|
|
* https://app.any.run/tasks/244b723c-b1af-4698-97ea-f6fa0176128e
|
|
* https://app.any.run/tasks/534aa4e4-e922-47f8-8fcf-eea8a126410b
|
|
* https://app.any.run/tasks/710f9d6a-6a3d-4a7f-9194-190035fbe60d
|
|
* https://app.any.run/tasks/1636ec22-36f3-424e-b9c5-4e7e83da359e
|
|
* https://app.any.run/tasks/4708f605-0e18-4322-ab54-804300db12ec
|
|
* https://app.any.run/tasks/5411e078-8238-4e04-b753-8b6cbbc77eb3
|
|
* https://app.any.run/tasks/6965a8dd-d2af-4558-af22-0da2a9425595
|
|
* https://app.any.run/tasks/7674c200-bf65-4858-a162-64a3a0f63cf9
|
|
* https://app.any.run/tasks/a84c7bad-9364-435a-bad9-76ee97c08de2
|
|
* https://app.any.run/tasks/a536276d-8b87-4b02-bed5-ca8135a0dbce/
|
|
* https://app.any.run/tasks/aa2c3a0e-dded-4aa8-8fb2-76f7ea2a8696
|
|
* https://app.any.run/tasks/aaac68a1-2e2f-42b8-b66c-1dbb078d2287
|
|
* https://app.any.run/tasks/afe51a8a-d2a8-4d4e-b9cc-01d520bab270
|
|
* https://app.any.run/tasks/b2c173a9-00de-479e-aab8-9cac2f8bfebf
|
|
* https://app.any.run/tasks/b53cc9bc-3b45-4f99-a366-6f4f72af6466
|
|
* https://app.any.run/tasks/b390ac8e-f7b0-405e-af31-6d705b8990a6
|
|
* https://app.any.run/tasks/bf57b840-0a81-4009-bf3f-4f5011cd502a
|
|
* https://app.any.run/tasks/c0f0ed82-a283-4ec9-b77f-59253e844f34
|
|
* https://app.any.run/tasks/c08e7656-ae4f-4caa-a299-25586c0fd5d4
|
|
* https://app.any.run/tasks/c4b0f3c5-2f0d-4827-9277-baa8c2b398c6
|
|
* https://app.any.run/tasks/c7f5c77e-0c4c-463b-9f97-eb0223ef7a1b
|
|
* https://app.any.run/tasks/c41378a5-ebec-4ab5-aaa3-bcf7faf257f4
|
|
* https://app.any.run/tasks/c617219a-02a8-4317-8d6b-8d9d48eb2c95
|
|
* https://app.any.run/tasks/d2db16c6-abfd-4884-b37e-d27aea8a5ff7
|
|
* https://app.any.run/tasks/d52cb789-2716-4309-bc14-d25f0deabb6f
|
|
* https://app.any.run/tasks/e299dfa8-191f-400f-aa6c-7aaf037d65e2
|
|
* https://app.any.run/tasks/ef2adbda-cbaa-4c29-a57a-429d5eeeff76
|
|
* https://app.any.run/tasks/f3f0d1e6-1a2c-4674-81da-f145bc5da18e
|
|
* https://app.any.run/tasks/f23b0b06-9466-4aa8-a999-a0dc32dacc8b
|
|
* https://app.any.run/tasks/fccd4880-6888-40fd-afac-13f3a5c07eca
|
|
* https://asec.ahnlab.com/en/39370/
|
|
* https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers/
|
|
* https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/
|
|
* https://threatfox.abuse.ch
|
|
* https://tria.ge/211109-dtalyaeef6
|
|
* https://tria.ge/211227-sfrevsbcfq/behavioral1
|
|
* https://tria.ge/220103-239z6aacbq/behavioral1
|
|
* https://tria.ge/220110-s5jfjsegcr/behavioral1
|
|
* https://tria.ge/220118-jfshgsabc2/behavioral1
|
|
* https://tria.ge/220128-vxczxahdg9/behavioral1
|
|
* https://tria.ge/220202-tvxqvsagdj/behavioral1#report
|
|
* https://tria.ge/220215-t2ylqsacfl/behavioral2
|
|
* https://tria.ge/220220-hx3t4shhd9/behavioral1
|
|
* https://tria.ge/220228-wkvvmagccr/behavioral1
|
|
* https://tria.ge/220308-jlz5hsffck/behavioral1
|
|
* https://tria.ge/220311-nwmdmacdan/behavioral2
|
|
* https://tria.ge/220316-1hgx7sgha3/behavioral2
|
|
* https://tria.ge/221217-a5secaag8v/behavioral2
|
|
* https://tria.ge/230101-s3fa4sca97/behavioral2
|
|
* https://tria.ge/230704-yaszdsaa4t/behavioral2
|
|
* https://twitter.com/crep1x/status/1544226366136139784
|
|
* https://twitter.com/crep1x/status/1544987007218339840
|
|
* https://twitter.com/crep1x/status/1546509697997488129
|
|
* https://twitter.com/crep1x/status/1549656201004306432
|
|
* https://twitter.com/crep1x/status/1555536183454830593
|
|
* https://twitter.com/crep1x/status/1612199364805660673
|
|
* https://twitter.com/Ishusoka/status/1609633768158990337
|
|
* https://twitter.com/S2W_Official/status/1401915001921626114
|
|
* https://www.joesandbox.com/analysis/855604/1/html
|
|
* https://www.team-cymru.com/post/darth-vidar-the-aesir-strike-back
|
|
* https://www.virustotal.com/gui/file/201bd5eab33a1a80befba08dbac2b23b46d8d2fad90dd567e78fb35bbab76559/behavior/C2AE
|
|
* https://www.virustotal.com/gui/file/2084f6652ba0078d12b6d929b05b27948587c8e7113e187b28adba6b95f87741
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|