Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
====================================================================================================================================================
Indicator								Detection name			Description
====================================================================================================================================================
Files
====================================================================================================================================================
Dropper Payloads

52e83c718ca96a12b98c5b31af177204145837f4208b0ee0c8e9c2b454795a64	Trojan.Win64.VIDAR.CL
17145a933525ca8a6f29a818cf0fd94c37f20836090791bec349ae6e705670d4	Trojan.Win64.VIDAR.CL
7d5e84dd59165422f31a5a0e53aabba657a6fbccc304e8649f72d49e468ae91a	Trojan.Win64.VIDAR.CL
249058ce8dc6e74cff9fb84d4d32c82e371265b40d02bb70b7955dceea008139	Trojan.Win64.VIDAR.CL
789835888a76eca8cc9e8625004607be99a90ec9f7a4db06c568a69ccb76bd60	Trojan.Win64.VIDAR.CL
80920e8843ead75c58d56f55d351dbff01ccf9f28090e401479f21d651190b41	Trojan.Win64.VIDAR.CL
cce96b39831ce36b9fd1262a7cf4024218dbb3e2c7f1829c261cf79e5c9b50a8	Trojan.Win64.VIDAR.CL
0f69513905b9aeca9ad2659ae16f4363ac03a359abeac9ac05cab70a50f17b65	Trojan.Win64.VIDAR.CL
537243230e14fb0f82bee8f51cac2e1d7ae955bb497c78b109972df51690edcf	Trojan.Win64.VIDAR.CL
2a4a8f58ad259bde54e9d37cc4a86563797c99a5dc31a0ae39a92f7807b846b9	Trojan.Win64.VIDAR.CL
8090c3ecad7e4559ead21be02c564d20329e21fe3f449bcd9dbd8734f041aebd	Trojan.Win64.VIDAR.CL
18467faa4fa10ea30fef2012fbd2c36f31407d0466b4e880dd1b6e1e37c9aff6	Trojan.Win64.VIDAR.CL
96db6133e7ca04264ffdf18928c394376323c283a82e8106feec2ac28ee21eeb	Trojan.Win64.VIDAR.CL
36c4bb55b7e4c072e0cbc344d85b3530aca8f0237cc4669aecdd4dd8f67ab43a	Trojan.Win64.VIDAR.CL
87133e737b2892cebee006068b341012e2c07db1526c08d0a13d0e0cf11d25d1	Trojan.Win64.VIDAR.CL
44d40a9e59f08252a22939f76c92362c15a1ffab0dd3a4e3414bf4a5adc5d7c4	Trojan.Win64.VIDAR.CL
f96d80f7702cb1d5a340ab774e759e3357790c131cfac14a018716813dbc54dd	Trojan.Win64.VIDAR.CL
385d00d5dcefa918858e1d2d6623e7d1155f972b694f48944f98fcceb2624211	Trojan.Win64.VIDAR.CL
b73bd2e4cb16e9036aa7125587c5b3289e17e62f8831de1f9709896797435b82	Trojan.Win64.VIDAR.CL
518ff5fbfa4296abf38dfc342107f70e1491a7460978da6315a75175fb70e2b3	Trojan.Win64.VIDAR.CL
30be8190db0627a363927be8b8c8f38f31891fb8958b3691944b69533f6770b3	Trojan.Win64.VIDAR.CL
0b6ed577b993fd81e14f9abbef710e881629b8521580f3a127b2184685af7e05	Trojan.Win64.VIDAR.CL 

Parent Archives

a803e68ba6c00cd435d2f8c13087d778552f13ebc3354dc91b4638efdf1d03b0	ClaudeCode_x64.7z
afa34c71a45f21d599c0bd90ac9026f68727aab0019c3b378956401475180c9c	ClaudeCode_x64.7z
06f63fe3eba5a2d1e2177d49f25721c2bdd90f3c46f19e29740899fa908453bf	ClaudeCode_x64.7z
a91db63f47be1a86e7b67eb9245ec673bd916c136614d1bbe3ad224fd2e56e81	ClaudeCode_x64.7z
a181785b9f4e5b7186bf70aa23c8cabd5cc853d023c9a16225de882a7a1a737d	claude-cowork-win-x64.7z
81abcdbad6597af9edd4c1b5de6af94f288609a4238033e8c7d703ca4fe5118e	opus-4-6-x64.7z
92ea932a9fde49bffe94442c956df51d5e24b790dce0987413dcfd2bd6533006	opus-4-6-x64.7z
65953a2916844c386fea0b3399618e1b1d5ee8d0cc7d5a1de0ac7e35ea02b90d	CopilotCowork_x64.7z
839ec43959d298599c05bb20003487a76ceefed9fb0bdfae780f14009d5cd47d	KawaiiGPT_x64.7z
8595715812ca39aefe2eba284aee8036463c35b594e528f9372386c1db7ad813	WormGPT_x64.7z
802355ad0d78f9a33ac7cee8f3b2bd09a0c0258bddfab502ed284e4a1b0b97ea	NemoClaw_x64.7z
e29ad19eb8558def511aeb450287b80bbf92a2ff5d92401df200863ce25631db	nanobot_x64.7z
96384813d1fa06eb4cf98b0ae4c91817d540014dc7b2be645c6c43acec0f8e53	OpenClaw_x64.7z
bebfe4ad683680d4fc433fa8d418e9bbd8e5c3468e5c4a6827a7eaab81f19a5f	clawdbot_x64.7z
192f893bad1b188f6a95b59ce92170dd037bf8a0b9b271557f8add0bea09b1e4	SimpleClaw_x64.7z
879430b25ffdc2ff52e083bace983e6915c2c74e0825c6e52d2c7436ab8d64a9	perplexity_computer_x64.7z
54d69b135e557bebf9bb6c837544d057194d53b695aa9c73013196501894df3b	voicemod_x64.7z
9644f44d3f7d25bc91c74d52c76ef48e2a74e5e0c07d78892f708266129e7dcc	voicemod_x64.zip
b285d84ac95b277fd9518a25793536f17a053f18ec4bf4b7bd0143c0eec6c1b4	LTX-2.3_x64.7z
80d6b8d37d86543ff72614f63a6dab5828e4dd54a1af5836c157bde764f5a865	OrcaSlicer_x64.7z
905f5697b42d00081c7f564631506f891fea3babc639655df9a3979c983abe00	iRemovalPro_x64.7z
4adb51eb159b99cba7dc3749325348836827f43cedc45672df16c408d864f28c	iRemovalPro_x64.7z
aa5823a9338dddc56ed8512605e5c25b2b1c030f8fcc27594604e3c3611412c5	hyperliquid-bot_x64.7z
9b8ce5fb1572d76340886e04d0e8d3318ef01ffe55d6efa5e8fb5c4ae4980b3c	bbg_free_x64.7z
4c1577d5fb6e36ad863ac0168a82bb40db707d5427a16bc5510ce7d8f17a54b0	bbg_free_x64.7z
bef345a58bead10b9b556a64788a4ee948e86403af142223659f7add09ec6779	YouTube_Downloader_x64.7z
03a0a9948a220b635ba3dbf71e64a5dfcc0a4a4efcce76ff9f3d664faef68a3e	seedance_x64.7z
1fe8a6df98ac1984daaba257504ba00b2932021ba264a49ff70e797d1a8b83e6	seedance_x64.7z
7b072c13bae667ee4a077b48e3572468672b8593fb9b7adcf93230daf2c69e87	SoraRemover_x64.7z
6c446cd445e76874c2606b5cb355e033a61514f8ea0fe94f0c0c31ee702ea8f2	Z_image.7z
c9486f3249f9fd37073142bea47debb9aa11a4de5cfeb12078a59749a5a12407	Z_image_x64.7z
4183fa32ceee134369924cf1124e7db0fda8d748511b6d3b327ae35e990f54e9	MALWARE_CLAUDECODE.7z



====================================================================================================================================================
URLs
====================================================================================================================================================
C&C servers
hxxps[://]rti[.]cargomanbd[.]com					Vidar C&C server
147[.]45[.]197[.]92:443							GhostSocks C&C server
94[.]228[.]161[.]88:443							GhostSocks C&C server
hxxps[://]steamcommunity[.]com/profiles/76561198721263282		Vidar dead drop resolver		
hxxps[://]telegram[.]me/g1n3sss						Vidar dead drop resolver

Distribution URLs
github[.]com/leaked-claude-code/leaked-claude-code			Claude Code
github[.]com/my3jie/leaked-claude-code					Claude Code
github[.]com/OtisChin/open-claude-code					OpenClaudeCode
github[.]com/Kawaii-GPT-ai/KawaiiGPT					KawaiiGPT
github[.]com/ai-wormGPT/wormGPT						WormGPT
github[.]com/claude-ai-opus-4-6/claude-opus-4.6				Claude Opus 4.6
github[.]com/realtime-voice-changer-app/realtime-voice-changer		Voicemod
github[.]com/LTX-desktop/LTX-2.3					LTX Video
github[.]com/nvidia-nemoclaw/NemoClaw					NemoClaw