← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ThreatFox Hunt: Vidar IOCs - 2026-01-10
WHITE pduggusa 2026-01-10 Modified: 2026-02-09
23
IOCs
MEDIUM VOLUME
Automated ThreatFox hunt for Vidar indicators. 32 IOCs collected via Pattern 49 intelligence streaming. MITRE ATT&CK: T1555.003, T1539, T1005, T1041. Reference: https://analytics.dugganusa.com
vidarthreatfoxautomated-huntpattern-49dugganusastealercredential-theft
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Vidar
Indicators of Compromise (23)
All URL hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://fir.azl.one/ Vidar botnet_cc - ThreatFox ID: 1693421 2026-01-10
URL https://fir.mir-massage.kiev.ua/ Vidar botnet_cc - ThreatFox ID: 1693422 2026-01-10
URL https://95.217.27.206/ Vidar botnet_cc - ThreatFox ID: 1693423 2026-01-10
URL https://77.42.70.191/ Vidar botnet_cc - ThreatFox ID: 1693424 2026-01-10
URL https://95.217.242.119/ Vidar botnet_cc - ThreatFox ID: 1693425 2026-01-10
URL https://65.109.187.78/ Vidar botnet_cc - ThreatFox ID: 1693426 2026-01-10
URL https://95.216.178.137/ Vidar botnet_cc - ThreatFox ID: 1693427 2026-01-10
URL https://5.75.173.180/ Vidar botnet_cc - ThreatFox ID: 1693428 2026-01-10
URL https://138.226.237.95/ Vidar botnet_cc - ThreatFox ID: 1693429 2026-01-10
URL https://138.226.236.189/ Vidar botnet_cc - ThreatFox ID: 1693430 2026-01-10
hostname fir.azl.one Vidar botnet_cc - ThreatFox ID: 1693431 2026-01-10
hostname fir.mir-massage.kiev.ua Vidar botnet_cc - ThreatFox ID: 1693432 2026-01-10
URL https://wde.azl.one/ Vidar botnet_cc - ThreatFox ID: 1700075 2026-01-10
URL https://wde.mir-massage.kiev.ua/ Vidar botnet_cc - ThreatFox ID: 1700076 2026-01-10
hostname wde.azl.one Vidar botnet_cc - ThreatFox ID: 1700077 2026-01-10
hostname wde.mir-massage.kiev.ua Vidar botnet_cc - ThreatFox ID: 1700078 2026-01-10
URL https://wto.azl.one/ Vidar botnet_cc - ThreatFox ID: 1700091 2026-01-10
URL https://wto.mir-massage.kiev.ua/ Vidar botnet_cc - ThreatFox ID: 1700092 2026-01-10
hostname wto.azl.one Vidar botnet_cc - ThreatFox ID: 1700093 2026-01-10
hostname wto.mir-massage.kiev.ua Vidar botnet_cc - ThreatFox ID: 1700094 2026-01-10
URL https://138.226.237.121/ Vidar botnet_cc - ThreatFox ID: 1700198 2026-01-10
URL https://138.226.237.187/ Vidar botnet_cc - ThreatFox ID: 1700358 2026-01-10
URL http://195.201.252.143:80 Vidar botnet_cc - ThreatFox ID: 1700402 2026-01-10
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch