C2 powered by Steam

The report documents an investigation into Vidar infostealer activity discovered via a MalwareBazaar hash and VirusTotal relations, linking infrastructure to Steam community usernames that include IP addresses in a consistent pattern. It highlights TTPs like DLL sideloading and fake distribution, shares IOCs including a SHA-256 sample and IPs (some active with redirection), and notes clustering within AS24940 while calling for further automated analysis.