← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ThreatFox Hunt: Vidar IOCs - 2026-01-14
WHITE pduggusa 2026-01-14 Modified: 2026-02-13
54
IOCs
HIGH VOLUME
Automated ThreatFox hunt for Vidar indicators. 77 IOCs collected via Pattern 49 intelligence streaming. MITRE ATT&CK: T1555.003, T1539, T1005, T1041. Reference: https://analytics.dugganusa.com
vidarthreatfoxautomated-huntpattern-49dugganusastealercredential-theft
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Vidar
Indicators of Compromise (54)
All URL hostname FileHash-SHA256 FileHash-MD5 domain
TYPEINDICATORDESCRIPTIONCREATED
URL https://sub.erom-e.com/ Vidar botnet_cc - ThreatFox ID: 1701292 2026-01-14
URL https://sub.zeronoiseclassroom.com/ Vidar botnet_cc - ThreatFox ID: 1701293 2026-01-14
hostname sub.erom-e.com Vidar botnet_cc - ThreatFox ID: 1701294 2026-01-14
hostname sub.zeronoiseclassroom.com Vidar botnet_cc - ThreatFox ID: 1701295 2026-01-14
FileHash-SHA256 8e865d2d963d907fcf95533636b20215d783da14258fd1e5a9b3c16bb2692432 Vidar payload - ThreatFox ID: 1731353 2026-01-14
FileHash-MD5 55b197ed70210dbdc9daf83acb21b85f Vidar payload - ThreatFox ID: 1731354 2026-01-14
FileHash-SHA256 ede41efbc1f4da057f99e5ecc2a5fdb0a23746893ccc92f8653868666b970497 Vidar payload - ThreatFox ID: 1731368 2026-01-14
FileHash-MD5 d5bf470fb1d60242547c841bf7a53f11 Vidar payload - ThreatFox ID: 1731369 2026-01-14
FileHash-SHA256 24ade7fdfa0108f3f9bfa63c27aad7651a3ca9cfbda9504c79f9c51ddb65ccfe Vidar payload - ThreatFox ID: 1731371 2026-01-14
FileHash-MD5 d467c925c2347b4fd0bf722d63980d09 Vidar payload - ThreatFox ID: 1731372 2026-01-14
FileHash-SHA256 44a105dba95f0f0970513cdadf4bb799464f442104da7f7ea7c57ed0b29ed1bf Vidar payload - ThreatFox ID: 1731407 2026-01-14
FileHash-MD5 fad85052ca429a973b534e3617d3219d Vidar payload - ThreatFox ID: 1731408 2026-01-14
FileHash-SHA256 5614d13ea00bc8060c4ffa33693fecb3c142713d1b6633f1a211845185b0ea2d Vidar payload - ThreatFox ID: 1731413 2026-01-14
FileHash-MD5 42d0cc442b4c4cdaf5f7def4785f0ba9 Vidar payload - ThreatFox ID: 1731414 2026-01-14
FileHash-SHA256 d23f4f05ca1ca1d698ba18d66771b070c99ec38726acd79548b3441c9a3905a6 Vidar payload - ThreatFox ID: 1731416 2026-01-14
FileHash-MD5 9a56c7a3e41f2b82857a37d29a1e1447 Vidar payload - ThreatFox ID: 1731417 2026-01-14
URL https://med.erom-e.com/ Vidar botnet_cc - ThreatFox ID: 1731487 2026-01-14
URL https://med.zeronoiseclassroom.com/ Vidar botnet_cc - ThreatFox ID: 1731488 2026-01-14
URL https://77.42.75.96/ Vidar botnet_cc - ThreatFox ID: 1731489 2026-01-14
URL https://95.217.25.135/ Vidar botnet_cc - ThreatFox ID: 1731490 2026-01-14
URL https://95.217.243.117/ Vidar botnet_cc - ThreatFox ID: 1731491 2026-01-14
URL https://65.109.243.72/ Vidar botnet_cc - ThreatFox ID: 1731492 2026-01-14
URL https://77.105.161.124/ Vidar botnet_cc - ThreatFox ID: 1731493 2026-01-14
URL https://77.105.161.99/ Vidar botnet_cc - ThreatFox ID: 1731494 2026-01-14
URL https://95.217.246.160/ Vidar botnet_cc - ThreatFox ID: 1731495 2026-01-14
URL https://138.226.237.179/ Vidar botnet_cc - ThreatFox ID: 1731496 2026-01-14
URL https://138.226.237.199/ Vidar botnet_cc - ThreatFox ID: 1731497 2026-01-14
URL https://188.93.233.111/ Vidar botnet_cc - ThreatFox ID: 1731498 2026-01-14
hostname med.erom-e.com Vidar botnet_cc - ThreatFox ID: 1731499 2026-01-14
hostname med.zeronoiseclassroom.com Vidar botnet_cc - ThreatFox ID: 1731500 2026-01-14
domain iploits.com Vidar payload_delivery - ThreatFox ID: 1731572 2026-01-14
hostname nom.erom-e.com Vidar botnet_cc - ThreatFox ID: 1731582 2026-01-14
hostname nom.zeronoiseclassroom.com Vidar botnet_cc - ThreatFox ID: 1731583 2026-01-14
URL https://nom.erom-e.com/ Vidar botnet_cc - ThreatFox ID: 1731584 2026-01-14
URL https://nom.zeronoiseclassroom.com/ Vidar botnet_cc - ThreatFox ID: 1731585 2026-01-14
URL https://gts.erom-e.com/ Vidar botnet_cc - ThreatFox ID: 1731597 2026-01-14
URL https://gts.zeronoiseclassroom.com/ Vidar botnet_cc - ThreatFox ID: 1731598 2026-01-14
hostname gts.erom-e.com Vidar botnet_cc - ThreatFox ID: 1731599 2026-01-14
hostname gts.zeronoiseclassroom.com Vidar botnet_cc - ThreatFox ID: 1731600 2026-01-14
URL https://xrx.erom-e.com/ Vidar botnet_cc - ThreatFox ID: 1732148 2026-01-14
URL https://xrx.zeronoiseclassroom.com/ Vidar botnet_cc - ThreatFox ID: 1732149 2026-01-14
URL https://65.109.240.131/ Vidar botnet_cc - ThreatFox ID: 1732150 2026-01-14
URL https://138.226.237.200/ Vidar botnet_cc - ThreatFox ID: 1732151 2026-01-14
URL https://138.226.236.140/ Vidar botnet_cc - ThreatFox ID: 1732152 2026-01-14
URL https://95.85.230.160/ Vidar botnet_cc - ThreatFox ID: 1732153 2026-01-14
URL https://46.62.237.55/ Vidar botnet_cc - ThreatFox ID: 1732154 2026-01-14
URL https://138.226.237.203/ Vidar botnet_cc - ThreatFox ID: 1732155 2026-01-14
URL https://95.217.27.5/ Vidar botnet_cc - ThreatFox ID: 1732156 2026-01-14
hostname xrx.erom-e.com Vidar botnet_cc - ThreatFox ID: 1732160 2026-01-14
hostname xrx.zeronoiseclassroom.com Vidar botnet_cc - ThreatFox ID: 1732161 2026-01-14
URL https://dre.erom-e.com/ Vidar botnet_cc - ThreatFox ID: 1732178 2026-01-14
URL https://dre.zeronoiseclassroom.com/ Vidar botnet_cc - ThreatFox ID: 1732179 2026-01-14
hostname dre.erom-e.com Vidar botnet_cc - ThreatFox ID: 1732180 2026-01-14
hostname dre.zeronoiseclassroom.com Vidar botnet_cc - ThreatFox ID: 1732181 2026-01-14
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch