Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-07-03 08:58:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
b057cc617d
cyber_threat_intelligence/actors/Vidar
History
Marc Ruef b057cc617d Update June 2023
2023-06-16 08:44:29 +02:00
..
README.md Update June 2023 2023-06-16 08:44:29 +02:00

README.md

Vidar - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Vidar. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.vidar

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Vidar:

There are 24 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Vidar.

ID IP address Hostname Campaign Confidence
1 5.61.41.224 - - High
2 5.75.128.76 static.76.128.75.5.clients.your-server.de - High
3 5.75.134.193 static.193.134.75.5.clients.your-server.de - High
4 5.75.147.195 static.195.147.75.5.clients.your-server.de - High
5 5.75.149.127 static.127.149.75.5.clients.your-server.de - High
6 5.75.159.217 static.217.159.75.5.clients.your-server.de - High
7 5.75.167.38 static.38.167.75.5.clients.your-server.de - High
8 5.75.173.242 static.242.173.75.5.clients.your-server.de - High
9 5.75.182.6 static.6.182.75.5.clients.your-server.de - High
10 5.75.188.254 static.254.188.75.5.clients.your-server.de - High
11 5.75.203.81 static.81.203.75.5.clients.your-server.de - High
12 5.75.209.76 static.76.209.75.5.clients.your-server.de - High
13 5.75.209.169 static.169.209.75.5.clients.your-server.de - High
14 5.75.210.95 static.95.210.75.5.clients.your-server.de - High
15 5.75.213.23 static.23.213.75.5.clients.your-server.de - High
16 5.75.213.157 static.157.213.75.5.clients.your-server.de - High
17 5.75.234.140 static.140.234.75.5.clients.your-server.de - High
18 5.75.250.52 static.52.250.75.5.clients.your-server.de - High
19 5.75.253.16 static.16.253.75.5.clients.your-server.de - High
20 5.161.21.185 static.185.21.161.5.clients.your-server.de - High
21 5.161.120.43 static.43.120.161.5.clients.your-server.de - High
22 5.182.36.79 vm1292775.stark-industries.solutions - High
23 5.182.37.147 vm1157310.stark-industries.solutions - High
24 5.182.39.134 vm784970.stark-industries.solutions - High
25 5.182.39.216 vm1160368.stark-industries.solutions - High
26 5.182.39.218 vm867288.stark-industries.solutions - High
27 5.182.39.224 vm1069181.stark-industries.solutions - High
28 5.189.204.39 vpn684nl.com - High
29 5.252.21.207 vm1107639.stark-industries.solutions - High
30 5.252.21.245 vm1305217.stark-industries.solutions - High
31 5.252.22.20 vm668354.stark-industries.solutions - High
32 5.252.22.61 vm1321945.stark-industries.solutions - High
33 5.252.22.196 vm1288108.stark-industries.solutions - High
34 5.252.22.202 vm1308405.stark-industries.solutions - High
35 5.252.22.203 vm622750.stark-industries.solutions - High
36 5.252.23.24 vm1305376.stark-industries.solutions - High
37 5.252.23.34 slovakkia.thepelic.com - High
38 5.252.23.43 vm1301819.stark-industries.solutions - High
39 5.252.23.65 mail.amazing-accident.info - High
40 5.252.23.88 vm461927.stark-industries.solutions - High
41 5.252.23.169 vm1278098.stark-industries.solutions - High
42 5.252.177.9 no-rdns.mivocloud.com - High
43 5.252.177.45 no-rdns.mivocloud.com - High
44 5.253.18.70 - - High
45 5.253.18.96 - - High
46 5.253.18.97 - - High
47 5.253.18.213 - - High
48 5.254.118.147 - - High
49 5.255.112.241 - - High
50 23.88.36.149 static.149.36.88.23.clients.your-server.de - High
51 23.88.46.113 static.113.46.88.23.clients.your-server.de - High
52 23.88.115.141 static.141.115.88.23.clients.your-server.de - High
53 23.106.122.140 - - High
54 23.145.40.109 - - High
55 37.123.196.7 - - High
56 37.220.87.3 ipn-37-220-87-3.artem-catv.ru - High
57 37.220.87.9 ipn-37-220-87-9.artem-catv.ru - High
58 37.220.87.21 ipn-37-220-87-21.artem-catv.ru - High
59 37.220.87.26 ipn-37-220-87-26.artem-catv.ru - High
60 37.220.87.33 ipn-37-220-87-33.artem-catv.ru - High
61 37.220.87.41 ipn-37-220-87-41.artem-catv.ru - High
62 42.186.202.116 - - High
63 45.8.144.14 vm1326141.stark-industries.solutions - High
64 45.8.144.188 vm1268594.stark-industries.solutions - High
65 45.8.144.232 - - High
66 45.8.145.14 shardeum.syrup.com - High
67 45.8.145.83 vm1268783.stark-industries.solutions - High
68 45.8.145.85 vm1263292.stark-industries.solutions - High
69 45.8.145.164 xenonserv6969.nutsack - High
70 45.8.145.230 vm1078252.stark-industries.solutions - High
71 45.8.146.18 vm1065889.stark-industries.solutions - High
72 45.8.147.23 vm1215388.stark-industries.solutions - High
73 45.8.147.51 mail.talent-flex.live - High
74 45.8.147.74 vm689012.stark-industries.solutions - High
75 45.8.147.145 vm1220510.stark-industries.solutions - High
76 45.8.147.151 vm1044552.stark-industries.solutions - High
77 45.8.147.191 vps.hostry.com - High
78 45.8.147.221 vm713224.stark-industries.solutions - High
79 45.8.147.224 vm1291410.stark-industries.solutions - High
80 45.9.190.250 - - High
81 45.9.191.215 - - High
82 45.11.19.78 - - High
83 45.15.156.121 - - High
84 45.61.139.169 - - High
85 45.67.35.153 destinystats.ru - High
86 45.67.229.135 vm1328071.stark-industries.solutions - High
87 45.83.122.248 xotkdxo.ptr1.ru - High
88 45.86.229.188 - - High
89 45.87.154.35 vm1318841.stark-industries.solutions - High
90 45.89.54.52 sk-gnome-1.gummicube.com - High
91 45.89.54.144 vm609670.stark-industries.solutions - High
92 45.89.55.82 vm720207.stark-industries.solutions - High
93 45.89.55.118 vm1230867.stark-industries.solutions - High
94 45.89.55.154 vm1135907.stark-industries.solutions - High
95 45.89.55.158 mail.elastic-mounds.live - High
96 45.89.55.159 vm1138080.stark-industries.solutions - High
97 45.89.55.174 vm1042352.stark-industries.solutions - High
98 45.89.55.176 vps.hostry.com - High
99 45.89.55.177 vps.hostry.com - High
100 45.92.156.110 - - High
101 45.92.156.133 - - High
102 45.95.11.13 - - High
103 45.132.106.60 vm4387358.34ssd.had.wf - High
104 45.136.50.120 mtfhotkzody0.clientesboletos.de - High
105 45.142.212.155 hamed.co - High
106 45.142.213.7 vm1280158.stark-industries.solutions - High
107 45.142.213.52 vm1061668.stark-industries.solutions - High
108 45.150.64.207 server.local - High
109 45.153.230.169 vm1311101.stark-industries.solutions - High
110 45.153.230.241 vm1282051.stark-industries.solutions - High
111 45.159.48.224 - - High
112 45.159.248.53 deserunthvjqu.projectonline.online - High
113 45.159.248.173 vm1273998.stark-industries.solutions - High
114 45.159.249.2 wg-358-9-1.wgnet.work - High
115 45.159.249.3 vm633410.stark-industries.solutions - High
116 45.159.249.4 vm1323066.stark-industries.solutions - High
117 45.159.249.5 vm581344.stark-industries.solutions - High
118 45.159.249.133 vm1323066.stark-industries.solutions - High
119 45.159.249.160 mail.datingmoms.info - High
120 45.159.249.181 vm1266190.stark-industries.solutions - High
121 45.159.251.224 vm1336366.stark-industries.solutions - High
122 46.4.4.76 k92z70.meinserver.io - High
123 46.246.98.9 46-246-98-9.static.glesys.net - High
124 49.12.8.228 static.228.8.12.49.clients.your-server.de - High
125 49.12.9.140 static.140.9.12.49.clients.your-server.de - High
126 49.12.15.204 static.204.15.12.49.clients.your-server.de - High
127 49.12.34.6 static.6.34.12.49.clients.your-server.de - High
128 49.12.72.35 static.35.72.12.49.clients.your-server.de - High
129 49.12.79.235 static.235.79.12.49.clients.your-server.de - High
130 49.12.112.48 static.48.112.12.49.clients.your-server.de - High
131 49.12.113.110 static.110.113.12.49.clients.your-server.de - High
132 49.12.113.223 static.223.113.12.49.clients.your-server.de - High
133 49.12.115.154 static.154.115.12.49.clients.your-server.de - High
134 49.12.116.5 static.5.116.12.49.clients.your-server.de - High
135 49.12.117.107 static.107.117.12.49.clients.your-server.de - High
136 49.12.118.167 static.167.118.12.49.clients.your-server.de - High
137 49.12.118.209 static.209.118.12.49.clients.your-server.de - High
138 49.12.119.56 static.56.119.12.49.clients.your-server.de - High
139 49.12.119.193 static.193.119.12.49.clients.your-server.de - High
140 49.12.196.69 static.69.196.12.49.clients.your-server.de - High
141 49.12.237.50 static.50.237.12.49.clients.your-server.de - High
142 51.195.166.165 ip165.ip-51-195-166.eu - High
143 51.195.166.171 ip171.ip-51-195-166.eu - High
144 51.195.166.189 ip189.ip-51-195-166.eu - High
145 51.195.166.190 ip190.ip-51-195-166.eu - High
146 51.195.166.198 ertbbcn.beauty - High
147 62.204.41.126 - - High
148 64.44.61.136 136-61-44-64.reverse-dns - High
149 64.44.167.153 153-167-44-64.reverse-dns - High
150 64.44.177.137 - - High
151 65.21.5.148 server.seematti.com - High
152 65.21.58.6 static.6.58.21.65.clients.your-server.de - High
153 65.21.63.71 static.71.63.21.65.clients.your-server.de - High
154 65.21.119.56 - - High
155 ... ... ... ...

There are 614 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Vidar. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 21 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Vidar. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .procmailrc Medium
2 File /.env Low
3 File /?ajax-request=jnews High
4 File /about.php Medium
5 File /admin.php Medium
6 File /admin.php/accessory/filesdel.html High
7 File /admin/ Low
8 File /Admin/add-student.php High
9 File /admin/api/theme-edit/ High
10 File /admin/casedetails.php High
11 File /admin/index3.php High
12 File /admin/photo.php High
13 File /adms/admin/?page=vehicles/view_transaction High
14 File /api/RecordingList/DownloadRecord?file= High
15 File /apply.cgi Medium
16 File /card_scan.php High
17 File /catcompany.php High
18 File /cgi-bin/koha/acqui/supplier.pl?op=enter High
19 File /cgi-bin/wlogin.cgi High
20 File /cms/category/list High
21 File /common/info.cgi High
22 File /Config/SaveUploadedHotspotLogoFile High
23 File /cwc/login Medium
24 File /dashboard/view-chair-list.php High
25 File /Default/Bd Medium
26 File /download Medium
27 File /ebics-server/ebics.aspx High
28 File /egroupware/index.php High
29 File /etc/hosts Medium
30 File /etc/quagga Medium
31 File /forms/doLogin High
32 File /forum/away.php High
33 File /h/calendar Medium
34 File /hrm/employeeview.php High
35 File /index.php Medium
36 File /loginsave.php High
37 File /nova/bin/console High
38 File /nova/bin/detnet High
39 File /out.php Medium
40 File /param.file.tgz High
41 File /product_list.php High
42 File /public_html/users.php High
43 File /req_password_user.php High
44 File /rom-0 Low
45 File /secure/QueryComponent!Default.jspa High
46 ... ... ...

There are 395 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!