3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Vidar Stealer

Vidar Stealer

ID: a5f09faf59527c9f13c715253f52dc7141500
Crimeware Banking Malware Botnet Spyware/Stealer
Threat types: Malware, Credential Theft, Data Exfiltration
Unknown
Updated: 2026-03-03
Created: 2025-10-24
Progress: 67% Completeness: 66% Freshness: 70%
Operation zone:
Aliases Limited alias preview
Vidar VidarStealer
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Vidar is a Windows infostealer commonly described as MaaS. It steals browser credentials and session artifacts, payment/autofill data, and crypto wallet artifacts; it exfiltrates over HTTP/S to operator infrastructure and may be used to deliver follow-on payloads (including ransomware) depending on the operator.


Technique Technique name Tactics Evidence
T1204 User Execution TA0002
  • 2024-06-19 — User-driven download/execution as observed in fake IT support delivery case. · ref
T1566 Phishing TA0001
  • 2024-07-02 — INFERENCE (confidence: medium): Commodity lure distribution (phishing/malvertising/fake support) is a common delivery posture for Vidar campaigns. · ref
T1555 Credentials from Password Stores TA0006
  • 2024-07-02 — Browser credential theft and password store access are core Vidar behaviors. · ref
T1056 Input Capture TA0006 TA0009
  • 2025-10-21 — INFERENCE (confidence: medium): Some modern variants implement deeper interception of secrets (reported in recent variant analyses); treat as variant-dependent. · ref
T1071.001 Web Protocols TA0011
  • 2024-07-02 — Exfiltration and C2 over web protocols (HTTP/S) are consistent with Vidar operation. · ref
T1041 Exfiltration Over C2 Channel TA0010
  • 2024-07-02 — INFERENCE (confidence: high): Data exfiltration of stealer logs occurs over the same C2 channel. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-04T00:38:05+00:00

Vidar Stealer - Malware / Infostealer (MaaS)

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Vidar Stealer

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Vidar Stealer


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-04T00:38:56+00:00

IOC Appendix — Vidar Stealer

Classification: Unclassified / OSINT — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-04T00:39:09+00:00

OSINT Library — Vidar Stealer


2025-10-21 — Trend Micro Research — “Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.