← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ThreatFox Hunt: Vidar IOCs - 2026-01-21
WHITE pduggusa 2026-01-21 Modified: 2026-02-20
55
IOCs
HIGH VOLUME
Automated ThreatFox hunt for Vidar indicators. 81 IOCs collected via Pattern 49 intelligence streaming. MITRE ATT&CK: T1555.003, T1539, T1005, T1041. Reference: https://analytics.dugganusa.com
vidarthreatfoxautomated-huntpattern-49dugganusastealercredential-theft
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Vidar
Indicators of Compromise (55)
All FileHash-SHA256 FileHash-MD5 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 33448e03ab7973452032086db5dcb22e7526fe5b46df093902986664072bb12a Vidar payload - ThreatFox ID: 1734523 2026-01-21
FileHash-MD5 7fe37b3e7604a0f714f6f6feabc81d78 Vidar payload - ThreatFox ID: 1734524 2026-01-21
FileHash-SHA256 54e4089e639414f6d454ea7e9a3169708107acd15a3f8f748c12cf4387e86e42 Vidar payload - ThreatFox ID: 1734538 2026-01-21
FileHash-MD5 6a37e2d60f2af6cdc262dc06c78d748f Vidar payload - ThreatFox ID: 1734539 2026-01-21
FileHash-SHA256 86c9d0d28a988120f1468234c540a82b74e66dafee270eb74203b270fbdb9fb0 Vidar payload - ThreatFox ID: 1734544 2026-01-21
FileHash-MD5 b0d0f0e4a228486bf7cacb522cbc9142 Vidar payload - ThreatFox ID: 1734545 2026-01-21
FileHash-SHA256 40c3a49250d7f32d136650b63c36ab6dfd807d60168d3c47eda86529fa474a16 Vidar payload - ThreatFox ID: 1734553 2026-01-21
FileHash-MD5 a7e8405b18a70f3edee0a6771f037ae8 Vidar payload - ThreatFox ID: 1734554 2026-01-21
FileHash-SHA256 dafdf94c3d01770c7974486d8157d862930f8479ebefb2ca1b7d06b568606ba3 Vidar payload - ThreatFox ID: 1734556 2026-01-21
FileHash-MD5 ed98d401f10ce37a14b11efea97e0af6 Vidar payload - ThreatFox ID: 1734557 2026-01-21
FileHash-SHA256 0318a89256b75a6fd0602afbb733a3c0a9bba80042668d18ef85125e13e4973f Vidar payload - ThreatFox ID: 1734580 2026-01-21
FileHash-MD5 1942e8f698c4c3951b326f5fd1889064 Vidar payload - ThreatFox ID: 1734581 2026-01-21
FileHash-SHA256 0ebcd7ff923895b82a6c145831763e3fca1fb121249855c29c9a3f16331d418a Vidar payload - ThreatFox ID: 1734583 2026-01-21
FileHash-MD5 c8d9ad858a92f86cd38987377c70f02e Vidar payload - ThreatFox ID: 1734584 2026-01-21
FileHash-SHA256 03c8932f50c4f2b9140ecc5baa6418a6552246ef740d72b589eca06f0ff83e25 Vidar payload - ThreatFox ID: 1734586 2026-01-21
FileHash-MD5 88d4fde9d1db9e04482219236c0cdcf1 Vidar payload - ThreatFox ID: 1734587 2026-01-21
FileHash-SHA256 4345527311dc16afb1bff6cf166bac5edbdd1a50962e76401a67525bfc81d12c Vidar payload - ThreatFox ID: 1734604 2026-01-21
FileHash-MD5 838b339d9cea29114ee65c5c354e29d9 Vidar payload - ThreatFox ID: 1734605 2026-01-21
URL https://fettorer.mobilefoundationrepair.com/ Vidar botnet_cc - ThreatFox ID: 1734861 2026-01-21
URL https://zak.agfoodpos.com/ Vidar botnet_cc - ThreatFox ID: 1734862 2026-01-21
URL https://sixoro.mobilefoundationrepair.com/ Vidar botnet_cc - ThreatFox ID: 1734863 2026-01-21
URL https://d2d.agfoodpos.com/ Vidar botnet_cc - ThreatFox ID: 1734864 2026-01-21
URL https://severo.mobilefoundationrepair.com/ Vidar botnet_cc - ThreatFox ID: 1734865 2026-01-21
URL https://78.47.103.17/ Vidar botnet_cc - ThreatFox ID: 1734866 2026-01-21
URL https://77.42.49.39/ Vidar botnet_cc - ThreatFox ID: 1734867 2026-01-21
URL https://193.221.201.197/ Vidar botnet_cc - ThreatFox ID: 1734868 2026-01-21
URL https://49.13.37.244/ Vidar botnet_cc - ThreatFox ID: 1734869 2026-01-21
URL https://77.42.49.40/ Vidar botnet_cc - ThreatFox ID: 1734870 2026-01-21
URL https://116.202.184.153/ Vidar botnet_cc - ThreatFox ID: 1734871 2026-01-21
hostname d2d.agfoodpos.com Vidar botnet_cc - ThreatFox ID: 1734872 2026-01-21
hostname severo.mobilefoundationrepair.com Vidar botnet_cc - ThreatFox ID: 1734873 2026-01-21
hostname zak.agfoodpos.com Vidar botnet_cc - ThreatFox ID: 1734874 2026-01-21
hostname sixoro.mobilefoundationrepair.com Vidar botnet_cc - ThreatFox ID: 1734875 2026-01-21
hostname fettorer.mobilefoundationrepair.com Vidar botnet_cc - ThreatFox ID: 1734876 2026-01-21
URL https://stm.agfoodpos.com/ Vidar botnet_cc - ThreatFox ID: 1735079 2026-01-21
URL https://tenoro.mobilefoundationrepair.com/ Vidar botnet_cc - ThreatFox ID: 1735080 2026-01-21
URL https://hrm.yago.fun/ Vidar botnet_cc - ThreatFox ID: 1735081 2026-01-21
URL https://77.42.48.196/ Vidar botnet_cc - ThreatFox ID: 1735082 2026-01-21
URL https://195.201.47.94/ Vidar botnet_cc - ThreatFox ID: 1735083 2026-01-21
URL https://192.177.26.99/ Vidar botnet_cc - ThreatFox ID: 1735084 2026-01-21
URL https://138.226.237.208/ Vidar botnet_cc - ThreatFox ID: 1735085 2026-01-21
URL https://77.42.48.198/ Vidar botnet_cc - ThreatFox ID: 1735086 2026-01-21
URL https://138.226.237.209/ Vidar botnet_cc - ThreatFox ID: 1735087 2026-01-21
URL https://77.42.48.193/ Vidar botnet_cc - ThreatFox ID: 1735088 2026-01-21
URL https://77.42.49.41/ Vidar botnet_cc - ThreatFox ID: 1735089 2026-01-21
URL https://77.42.48.192/ Vidar botnet_cc - ThreatFox ID: 1735090 2026-01-21
URL https://77.42.48.194/ Vidar botnet_cc - ThreatFox ID: 1735091 2026-01-21
URL https://138.226.237.210/ Vidar botnet_cc - ThreatFox ID: 1735092 2026-01-21
hostname hrm.yago.fun Vidar botnet_cc - ThreatFox ID: 1735093 2026-01-21
hostname tenoro.mobilefoundationrepair.com Vidar botnet_cc - ThreatFox ID: 1735094 2026-01-21
hostname stm.agfoodpos.com Vidar botnet_cc - ThreatFox ID: 1735095 2026-01-21
URL https://ddy.yago.fun/ Vidar botnet_cc - ThreatFox ID: 1735270 2026-01-21
URL https://elevor.mobilefoundationrepair.com/ Vidar botnet_cc - ThreatFox ID: 1735271 2026-01-21
hostname ddy.yago.fun Vidar botnet_cc - ThreatFox ID: 1735272 2026-01-21
hostname elevor.mobilefoundationrepair.com Vidar botnet_cc - ThreatFox ID: 1735273 2026-01-21
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch