
COMING SOONIntermediatePRO
Vidar: Fake Notepad++ Malvertising to Data Theft
A developer searched for a popular code editor, clicked a paid search ad, and ran an installer that was not the real thing. Follow the chain from a typosquatted landing page through a dynamic-DNS payload host to the Vidar stealer's dead-drop C2 resolution, then pin down the single hosting address that carried both the stolen data and the malware's orders.
50m
6 tasks
50 points
ProLaunches tomorrow
Jul 3, 2026
View Pro plansFriday, July 3, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
SIEMXDRFirewall
What you'll investigate
6 objectives unlock when this operation goes live.
1Open the case
2Recover the landing page
3Find the payload host
4Fingerprint the installer
5Classify the initial access
6Cut off command-and-control
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever