Thursday, November 30, 2023

Tracking Vidar Infrastructure with Censys

The Vidar malware, an evolution of the Arkei information stealer, is notable for its capability to extract information from 2FA Software and the Tor Browser. Vidar's Command and Control (C2) servers are known to use HTTP over TLS, a secure communication protocol, and they include hardcoded subject and issuer-distinguished names on their certificates. This technique enhances the stealthiness of the malware's communications and makes it more challenging to detect and analyze its network activities.

Censys, a cybersecurity platform that specializes in tracking and analyzing internet assets and infrastructures, has been instrumental in tracking the infrastructure used by the Vidar malware. This tracking is a part of a broader strategy in cybersecurity known as Advanced Persistent Infrastructure Tracking. The use of Open Source Intelligence (OSINT) services, like those offered by Censys, is critical in identifying and monitoring the servers and other internet infrastructure that malicious actors use to conduct their activities.

This kind of infrastructure tracking is essential in understanding the scope and methodology of large-scale cyber campaigns. The more extensive the campaign, the more servers and other internet infrastructure are typically required. By monitoring these infrastructures, cybersecurity experts can gain insights into the scale of an attack, the methods used by attackers, and potential ways to mitigate these threats.

The Vidar malware's use of sophisticated techniques for data exfiltration and its ability to target secure software such as 2FA and the Tor Browser highlight the increasing complexity of threats in the cyber landscape. Such threats necessitate advanced tools and methodologies for detection and analysis, emphasizing the importance of platforms like Censys in modern cybersecurity operations

IoC

URL

  • www.avisclair.com
  • join.naxtm.cfd

IPv4

  • 95.217.244.44
  • 94.130.188.233
  • 89.38.135.11
  • 65.108.152.136
  • 49.12.119.148
  • 195.201.46.42
  • 189.116.12.49
  • 173.251.201.195

REFERENCES

  • https://censys.com/tracking-vidar-infrastructure/#:~:text=Tracking%20Vidar%20Infrastructure%20Vidar%2C%20a,distinguished%20names%20%28DNs%29%20on%20certificates
  • https://www.securitricks.com/tracking-vidar-infrastructure-with-censys-friday-november-24-2023/#:~:text=Tracking%20Vidar%20Infrastructure%20with%20Censys,24T11%3A01%3A45.850Z.%20Modified
  • https://censys.com/advanced-persistent-infrastructure-tracking/#:~:text=Advanced%20Persistent%20Infrastructure%20Tracking%20December,the%20more%20servers%20are%20needed
  • https://otx.alienvault.com/pulse/6560829a84f4d4c9903e5443

TAGS

Vidar

at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

En el contexto creciente de convergencia entre sistemas industriales, inteligencia artificial (IA) y digitalización, la gestión del riesgo c...