Analysis of a large resilient infrastructure distributing Raccoon and Vidar stealers

SEKOIA.IO analysts unveiled a large and resilient infrastructure used to distribute Raccoon and Vidar stealers, likely since early 2020. The associated infection chain, leveraging this infrastructure of over 250 domains, uses about a hundred of fake cracked software catalogue websites that redirect to several links before downloading the payload hosted on file share platforms, such as GitHub. We published a FLINT that presents the current infection chain, distributed payloads and the whole infrastructure tracked by SEKOIA.IO. ![changelog_flint_2023_001.png](BASE/products/901462981/changelog/15298/inline-d9dd7025c7e2f4f9c8d80802d6b0b064.jpg) Related resources: * [FLINT 2023-001 - Unveiling of a large resilient infrastructure distributing infostealers]( * [Infrastructure page in the Intelligence Center](