While working on our automatic configuration extractors, we came across a rather strange-looking Vidar sample.
The decrypted strings included domain names of such organizations as the NATO Strategic Communications Centre of Excellence, Border Guard of Poland, Estonia and Latvia, and Ministry of the Interior of Lithuania.
Automatically extracted strings from a Vidar sample
List of targeted hostnames:
ccdcoe.ee ccdcoe.org stratcomcoe.org enseccoe.org sab.gov.lv midd.gov.lv dp.gov.lv rs.gov.lv …