← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Detection & Response Chronicles: Exploring Telegram Abuse
WHITE Lunar_spider PetrP.73 2025-12-17 Modified: 2025-12-17
40
IOCs
MEDIUM VOLUME
Adversaries increasingly exploit messaging applications like Telegram for malicious activities due to its features that support anonymity, resilience, and ease of communication. In recent security assessments from NVISO's Security Operations Center (SOC), four distinct intrusion attempts notably utilizing Telegram have been identified since October 2025, underscoring its role in various cyberattack strategies. Telegram acts as a cloud-based messaging platform that facilitates encrypted communications and supports a robust Bot API. This API is frequently co-opted by threat actors who either hard-code bot tokens or leverage particular channels for command-and-control (C2) functions. The platform's characteristics make it appealing for attackers seeking reliable and anonymous ways to execute operations or communicate with compromised systems.
telegramstrongremoteurltelegram abuserequesturldetectionfilenameresponsenvisodecembermalwaremonitoringstealerunionlatrodectushijackloaderlumma stealerravenpowershelldiscordclickpingbackfakeupdates deerstealerrot15
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (40)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 564b8bb06e8d4be6a6a896a0477aa6af MD5 of ddd2dc2ad3441a762830b2cea99abe5fe1d77fa6abe679a2e8a194505ea7d739 2025-12-17
FileHash-MD5 a424fa182a4b2e99e075716214157f2e MD5 of 5b6e8c0b4ad7b0dde555cadbd9e018c34a7b037f27fa47399c7c107a525cfe4d 2025-12-17
FileHash-MD5 caf1f2f767606ab0be0c7857137a5330 MD5 of f27b20cf5f487636d3c622498ce65ca0057dfd590ffc0c72eac5531a20fb73ce 2025-12-17
FileHash-MD5 ea1b79e4ad6a58619a3e355b5ef4f7d8 MD5 of a7835afd2be9d2b8c770633a8b7fcf635d6a6fb232327bb15dad103bfdf7c058 2025-12-17
FileHash-SHA1 14331c241da4b6f0e1e82a2de1a2a9a00608eaac SHA1 of a7835afd2be9d2b8c770633a8b7fcf635d6a6fb232327bb15dad103bfdf7c058 2025-12-17
FileHash-SHA1 4131c6518e487b41353cd6f4cfaf2c73cf37f4bd SHA1 of ddd2dc2ad3441a762830b2cea99abe5fe1d77fa6abe679a2e8a194505ea7d739 2025-12-17
FileHash-SHA1 e7996d302b284d28e909c975c63987b800d1f536 SHA1 of f27b20cf5f487636d3c622498ce65ca0057dfd590ffc0c72eac5531a20fb73ce 2025-12-17
FileHash-SHA1 eb0745d995acdd3832f9d795cd56ccc4bb830128 SHA1 of 5b6e8c0b4ad7b0dde555cadbd9e018c34a7b037f27fa47399c7c107a525cfe4d 2025-12-17
FileHash-SHA256 1ef83ff2f8387eb45a6606980b9bbd45f888e4667bc785a5f78968fa74d17aeb 2025-12-17
FileHash-SHA256 27a088b8423e1856f1c175562cd8aa407f7ad105d9cd30cb53cd0d8b9610496b 2025-12-17
FileHash-SHA256 2833883cf8ecc6a2f8f9e80c5f653a6ee1d80899561c9dd5ac3d85eb3a13d594 2025-12-17
FileHash-SHA256 2e9bc236ed69946a7a725f829fda01ba5a25d665b718856688fe15281b5fa4e3 2025-12-17
FileHash-SHA256 39aa2461340f99d7ae34ff1ddd21ff79876e5c446cea46530aa5704e46745720 2025-12-17
FileHash-SHA256 54d7b90ffd220ebe13f4c442a5651c4f210dc33a7fff15bc61ab3c0725567011 2025-12-17
FileHash-SHA256 59b779d411e102edd031eb91bc5e2ee8dd761083325fb63d86d0543f8d2e563f 2025-12-17
FileHash-SHA256 5b6e8c0b4ad7b0dde555cadbd9e018c34a7b037f27fa47399c7c107a525cfe4d 2025-12-17
FileHash-SHA256 621a32b0567925697ce84be2ee4bf2c706a710cee1a18e003cb10ed17ad0a0c4 2025-12-17
FileHash-SHA256 63153f4ab529e0c70a8489e1a5c41d0acdaa397eb21874b70870f767daa41c2e 2025-12-17
FileHash-SHA256 65aefc7aaaca79c2c523e804854f5c76b856886045af97596d72ca7795386ed2 2025-12-17
FileHash-SHA256 678734515c98ec65235f1b4c962b9db97dd4852c28b7bd93ddf146da9ede153c 2025-12-17
FileHash-SHA256 7b653d6b7dfde03b8b1900dd13d6829b4ccd46a7d2e60aa03e596aa57135c23a 2025-12-17
FileHash-SHA256 862f99df04b04edc83f38586d27325c7db63c49f0f0abf89c514df5671eb6800 2025-12-17
FileHash-SHA256 8eb7256460131595447780e4cb0879b085143a1d2f782a2dd0c793a924ac133a 2025-12-17
FileHash-SHA256 9a6f2d283179844e447636e00ce29d2ca0f0cdb65116dda8e4760ff0edfe5549 2025-12-17
FileHash-SHA256 9d38f11c79700f28101ab4d980c01d8cf7445c984b33c23b6817873bfe514a4d 2025-12-17
FileHash-SHA256 a7835afd2be9d2b8c770633a8b7fcf635d6a6fb232327bb15dad103bfdf7c058 2025-12-17
FileHash-SHA256 bcc329b95d3a43ca50e85a79a57fa01258fccdbe57cc7c46b75c6822fa5dd96b 2025-12-17
FileHash-SHA256 c355ebc20f08f969a82e5b1097b36efda199a4074d8e06bc92eb01851e5bc372 2025-12-17
FileHash-SHA256 c47fd78b9615a1edafc395ced3d2ea2224a566d51ecf61e94e271f6b0bdd2ce1 2025-12-17
FileHash-SHA256 c50d152c029e9dad1d766dc4810731908d27f7bbec57398d54b1e054db0ed1c2 2025-12-17
FileHash-SHA256 cc03103ef9c657206199777e022794a5c144b8f2eb6a7bf1e5f9ab6cca7120c5 2025-12-17
FileHash-SHA256 ddd2dc2ad3441a762830b2cea99abe5fe1d77fa6abe679a2e8a194505ea7d739 2025-12-17
FileHash-SHA256 e77879d397e226aef7af9455f1001b74580d56481ef19477e1c5c6515199ab76 2025-12-17
FileHash-SHA256 f276691509e71e0a6e51c8b8af2807ad40d45bce4874e9cadce7836b813879c4 2025-12-17
FileHash-SHA256 f27b20cf5f487636d3c622498ce65ca0057dfd590ffc0c72eac5531a20fb73ce 2025-12-17
FileHash-SHA256 f2f4f3e55afa957eaa958be66ea35a8519298b120123573c79bab802d4e86c54 2025-12-17
FileHash-SHA256 f51bb24baf8f5d5703e0eaa17fd216024890189fad8909ba781314fa1e0a72e3 2025-12-17
FileHash-SHA256 f5977751fe62846a0f1d1f8c694bc1c212d253a0aecaeb5e7f4c231700e0cd22 2025-12-17
domain statswpmy.com 2025-12-17
domain trackingmyadsas.com 2025-12-17
References (1)
↗ https://blog.nviso.eu/2025/12/16/the-detection-response-chronicles-exploring-telegram-abuse/