← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ThreatFox Hunt: Vidar IOCs - 2026-01-24
WHITE pduggusa 2026-01-24 Modified: 2026-02-23
57
IOCs
HIGH VOLUME
Automated ThreatFox hunt for Vidar indicators. 74 IOCs collected via Pattern 49 intelligence streaming. MITRE ATT&CK: T1555.003, T1539, T1005, T1041. Reference: https://analytics.dugganusa.com
vidarthreatfoxautomated-huntpattern-49dugganusastealercredential-theft
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Vidar
Indicators of Compromise (57)
All hostname URL FileHash-SHA256 FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
hostname ddy.alipico.com Vidar botnet_cc - ThreatFox ID: 1735357 2026-01-24
URL https://ddy.alipico.com/ Vidar botnet_cc - ThreatFox ID: 1735358 2026-01-24
URL https://tvelkor.mobilefoundationrepair.com/ Vidar botnet_cc - ThreatFox ID: 1735483 2026-01-24
URL https://jth.yago.fun/ Vidar botnet_cc - ThreatFox ID: 1735484 2026-01-24
URL https://213.165.74.206/ Vidar botnet_cc - ThreatFox ID: 1735485 2026-01-24
URL https://77.42.48.195/ Vidar botnet_cc - ThreatFox ID: 1735486 2026-01-24
URL https://194.87.77.26/ Vidar botnet_cc - ThreatFox ID: 1735487 2026-01-24
URL https://178.17.59.196/ Vidar botnet_cc - ThreatFox ID: 1735488 2026-01-24
hostname jth.yago.fun Vidar botnet_cc - ThreatFox ID: 1735489 2026-01-24
hostname tvelkor.mobilefoundationrepair.com Vidar botnet_cc - ThreatFox ID: 1735490 2026-01-24
URL https://cki.sodstreams.com/ Vidar botnet_cc - ThreatFox ID: 1735566 2026-01-24
URL https://cki.bexca.org/ Vidar botnet_cc - ThreatFox ID: 1735567 2026-01-24
URL https://cki.yago.fun/ Vidar botnet_cc - ThreatFox ID: 1735568 2026-01-24
URL https://d2d.yago.fun/ Vidar botnet_cc - ThreatFox ID: 1735569 2026-01-24
URL https://cki.alipico.com/ Vidar botnet_cc - ThreatFox ID: 1735570 2026-01-24
URL https://jth.alipico.com/ Vidar botnet_cc - ThreatFox ID: 1735571 2026-01-24
URL https://hrm.alipico.com/ Vidar botnet_cc - ThreatFox ID: 1735572 2026-01-24
URL https://stm.alipico.com/ Vidar botnet_cc - ThreatFox ID: 1735573 2026-01-24
URL https://d2d.alipico.com/ Vidar botnet_cc - ThreatFox ID: 1735574 2026-01-24
hostname cki.sodstreams.com Vidar botnet_cc - ThreatFox ID: 1735575 2026-01-24
hostname cki.bexca.org Vidar botnet_cc - ThreatFox ID: 1735576 2026-01-24
hostname cki.yago.fun Vidar botnet_cc - ThreatFox ID: 1735577 2026-01-24
hostname d2d.yago.fun Vidar botnet_cc - ThreatFox ID: 1735578 2026-01-24
hostname cki.alipico.com Vidar botnet_cc - ThreatFox ID: 1735579 2026-01-24
hostname jth.alipico.com Vidar botnet_cc - ThreatFox ID: 1735580 2026-01-24
hostname hrm.alipico.com Vidar botnet_cc - ThreatFox ID: 1735581 2026-01-24
hostname stm.alipico.com Vidar botnet_cc - ThreatFox ID: 1735582 2026-01-24
hostname d2d.alipico.com Vidar botnet_cc - ThreatFox ID: 1735583 2026-01-24
FileHash-SHA256 fc6fb83b3816de43439cff9fa9aeb7aa9091c6407e80ff9d6e50bffc900ef6bc Vidar payload - ThreatFox ID: 1735765 2026-01-24
FileHash-MD5 642d0b10fd04b51b60662a9a902025c7 Vidar payload - ThreatFox ID: 1735766 2026-01-24
FileHash-SHA256 5d9d38fc6078247e95656f42369af5ffde457b4bab83679e860776ca26378576 Vidar payload - ThreatFox ID: 1735777 2026-01-24
FileHash-MD5 bbef5e097987e72a2da600021bb9053b Vidar payload - ThreatFox ID: 1735778 2026-01-24
FileHash-SHA256 91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f Vidar payload - ThreatFox ID: 1735858 2026-01-24
FileHash-MD5 4212832505c40663f887c6197d19c2f8 Vidar payload - ThreatFox ID: 1735859 2026-01-24
URL https://77.42.48.199/ Vidar botnet_cc - ThreatFox ID: 1736040 2026-01-24
URL https://138.226.236.106/ Vidar botnet_cc - ThreatFox ID: 1736041 2026-01-24
URL https://77.42.48.197/ Vidar botnet_cc - ThreatFox ID: 1736042 2026-01-24
URL https://192.177.26.143/ Vidar botnet_cc - ThreatFox ID: 1736043 2026-01-24
URL https://65.109.240.214/ Vidar botnet_cc - ThreatFox ID: 1736044 2026-01-24
URL https://138.226.237.10/ Vidar botnet_cc - ThreatFox ID: 1736045 2026-01-24
URL https://94.141.122.173/ Vidar botnet_cc - ThreatFox ID: 1736046 2026-01-24
URL https://138.226.237.99/ Vidar botnet_cc - ThreatFox ID: 1736047 2026-01-24
URL https://65.108.121.254/ Vidar botnet_cc - ThreatFox ID: 1736048 2026-01-24
URL https://lat.sodstreams.com/ Vidar botnet_cc - ThreatFox ID: 1736049 2026-01-24
URL https://lat.bexca.org/ Vidar botnet_cc - ThreatFox ID: 1736050 2026-01-24
URL https://bos.sodstreams.com/ Vidar botnet_cc - ThreatFox ID: 1736051 2026-01-24
URL https://bos.bexca.org/ Vidar botnet_cc - ThreatFox ID: 1736052 2026-01-24
hostname bos.sodstreams.com Vidar botnet_cc - ThreatFox ID: 1736053 2026-01-24
hostname bos.bexca.org Vidar botnet_cc - ThreatFox ID: 1736054 2026-01-24
hostname lat.sodstreams.com Vidar botnet_cc - ThreatFox ID: 1736055 2026-01-24
hostname lat.bexca.org Vidar botnet_cc - ThreatFox ID: 1736056 2026-01-24
URL https://steamcommunity.com/profiles/76561198745091601 Vidar botnet_cc - ThreatFox ID: 1736194 2026-01-24
URL https://telegram.me/n1ds03 Vidar botnet_cc - ThreatFox ID: 1736195 2026-01-24
URL https://cbb.borendrokontho.com/ Vidar botnet_cc - ThreatFox ID: 1736196 2026-01-24
URL https://cbb.lidiia.com.ua/ Vidar botnet_cc - ThreatFox ID: 1736197 2026-01-24
hostname cbb.borendrokontho.com Vidar botnet_cc - ThreatFox ID: 1736198 2026-01-24
hostname cbb.lidiia.com.ua Vidar botnet_cc - ThreatFox ID: 1736199 2026-01-24
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch