Vidar stealer campaign targeting Baltic region and NATO entities

This report analyzes a Vidar Stealer sample (SHA256 b115531ef...) and describes its string decryption, hostname-based filtering of stolen credentials, and dual C2 behavior where alternate C2 endpoints are fetched from Mastodon profiles; it enumerates targeted government-related hostnames, Mastodon profile proxies, two C2 IPs, and a large set of sample hashes and feeds linking the campaign to other stealers and loaders.