← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - “Chaos is a ladder”: Vidar’s recent rise to the top
WHITE celestre 2026-04-28 Modified: 2026-05-28
20
IOCs
MEDIUM VOLUME
Infostealer is still an important threat. The year 2025 saw many shifts in the ecosystem, mainly due to international police operations leading to the takedowns of stealer infrastructure. Lumma and Rhadamanthys were the main ones affected, but the chaos resulting from their downfall created more opportunities for their competitors.
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (20)
All FileHash-MD5 FileHash-SHA1 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 a72f693b77cbaeafea19dc3ac83a5b07 2026-04-28
FileHash-SHA1 a8dd417fdac8c47b8c4b0630c3dca337ce4f873c 2026-04-28
URL http://159.69.103.251/relations 2026-04-28
URL http://213.159.75.95/relations 2026-04-28
URL http://65.109.242.143/relations 2026-04-28
URL http://91.142.72.234/relations 2026-04-28
URL http://sec.com/ 2026-04-28
URL http://v.top/uFJrXt/builder?hash=443_d29f5f7c045713f2ddc1bb1b43faa920&download=1 2026-04-28
URL https://www.dllme.com/dll/files/msedge_elf 2026-04-28
URL https://www.ontinue.com/resource/blog-vidar-stealer-malware-analysis/ 2026-04-28
domain githab.com 2026-04-28
domain grow.com 2026-04-28
domain witter.co 2026-04-28
hostname chi.botick.top 2026-04-28
hostname gpu.orca-trade.com 2026-04-28
hostname gz.technicalprorj.xyz 2026-04-28
hostname pre.automanpk.com 2026-04-28
hostname wto.azl.one 2026-04-28
hostname www.dllme.com 2026-04-28
hostname www.ontinue.com 2026-04-28
References (1)
↗ https://www.intrinsec.com/wp-content/uploads/2026/04/TLP_CLEAR-20260424-New_Vidar.pdf