← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Approaching Cyclone: Vortex Werewolf Attacks Russia
WHITE Vortex Werewolf AlienVault 2026-01-29 Modified: 2026-02-28
64
IOCs
HIGH VOLUME
A new cluster is spreading malware through phishing attacks targeting Russia. The attack methodology involves fake pages that imitate file downloads from Telegram. The article likely details the structure of these attacks, providing insights into how the malicious actors are exploiting user trust in the popular messaging platform to deliver their payload. This emerging threat, dubbed Vortex Werewolf, appears to be a sophisticated campaign specifically targeting Russian users or entities.
russiaphishingcyclonetelegramfile downloadsfake pages
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (64)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 111ea773e331412d06b1e8725df275f8 2026-01-29
FileHash-MD5 2fd70886f3d8712818cc74a4bd941133 2026-01-29
FileHash-MD5 3e3c5471c69e933fcffa4f497ca936b8 2026-01-29
FileHash-MD5 41155d85dbaa61801f95aa183facf4e3 2026-01-29
FileHash-MD5 4300b13d2ff5faa4fc5fc022ba29e280 2026-01-29
FileHash-MD5 44652be9dc36c33ef0a35d4422523f7c 2026-01-29
FileHash-MD5 8dbeb747aab3d3814bcee52c3b0f6ee5 2026-01-29
FileHash-MD5 cf92899f2cd2db8069d97feba7d754c6 2026-01-29
FileHash-SHA1 032b8bdd1de028d36f7c785622d5ea6a17e02f90 2026-01-29
FileHash-SHA1 2282e2158b7fb714f77d8b0974d980b87884933f 2026-01-29
FileHash-SHA1 2779c0b31e513788f6494a70922e6c7051f4291d 2026-01-29
FileHash-SHA1 675ce37d4549fb9e2fabee91befa53c0bac157e0 2026-01-29
FileHash-SHA1 cc0752a4bc9482c96f3e4fd852ae3705947d5b83 2026-01-29
FileHash-SHA1 d3b8ac9c6d8b9106fc7964d06121c281d72fef53 2026-01-29
FileHash-SHA1 fc3b95b64aa817262e1dbb2fbfe6983e70a5f340 2026-01-29
FileHash-SHA256 1280cca4b520bfd018296c4d1645b7c9c8c7c4608752506285dad0e251b22e32 2026-01-29
FileHash-SHA256 1ba396a8cd9af661e0a5ceb1107c787290cff3ab05b70a9c5154f4e040f716be 2026-01-29
FileHash-SHA256 1cf423b7b55c2d7018262c847ba58e1955443e1d84ca0bca4f94f2a9cc5794d7 2026-01-29
FileHash-SHA256 2727d521ef98815ba82b2c2cc504123db59e1e4df487e3d6253280d21d00020e 2026-01-29
FileHash-SHA256 2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082 2026-01-29
FileHash-SHA256 36d104a18c1e966b11253eb637a452288cb94ce240ee6fff7c2d14d7ae8086ee 2026-01-29
FileHash-SHA256 4111cda24ef547bc3296024cf94e0a0b43916c46d92f1d5c406ba241dcd6bb23 2026-01-29
FileHash-SHA256 42910bf2aa4ac9d62e2b32e6fadc42f11bd7215fee492ecf72cfd6238965d066 2026-01-29
FileHash-SHA256 44abef9297d6573674b27416435c891317cfb9de8753d075806d5777563e6cc2 2026-01-29
FileHash-SHA256 558df469e8170f63da405ce42cf63900d81f0b38c3a70fa69e48b9aa11735345 2026-01-29
FileHash-SHA256 6efdf511512be5e256951813f2008ce2c4572d6ef191c69a62b7555aa33255ac 2026-01-29
FileHash-SHA256 76542efd8113416322268676c8c32fc900661fe17db68a1ac9c2bcdcd936a7a6 2026-01-29
FileHash-SHA256 7ccf33529389ff080c1aaea1678c9f7a3546ab950670138f8a7f35c7638578cb 2026-01-29
FileHash-SHA256 8339333e1a1a8babc3fd72542e8fda58d19dd096cf2463867ca0328348338570 2026-01-29
FileHash-SHA256 85fba8ba8377974392b9147a2adf2d2955e9dfbb8d9e0659c7f90487b1105ae7 2026-01-29
FileHash-SHA256 86b1e4e48d1d4ce1acf291b21c2ffa806bca9b6cad6a6519263fa1705486eb94 2026-01-29
FileHash-SHA256 8f4836cca1850053e87a769a84baed3cdde060ad3fce26f101a20b37375835f1 2026-01-29
FileHash-SHA256 8f9029a5d5351078fc2f0b5499557c0f969b337817947314e37b2c7407ae2300 2026-01-29
FileHash-SHA256 a5c5a64b2da18aac04ddaaa3cd82f09bbad661da4aaca785edcf4bac94cb520a 2026-01-29
FileHash-SHA256 ac8e6a47f795b6ea4bf1ddf2d4079337fd7d3798bcfe8773c28f9d429b83380b 2026-01-29
FileHash-SHA256 aeb3196090cb428bcea45e0cf24d2b53346e244b2115edb176da49ca912d8cdf 2026-01-29
FileHash-SHA256 b4195e7584ac97d9c444ee6292160c80f9c889e6cba27cc656506d3c5fcffd48 2026-01-29
FileHash-SHA256 de73c1b5597f091b5e42e5d5b4dc40a46ddee4682308f5bbe010a32ede57b111 2026-01-29
FileHash-SHA256 f27f0c47b708cabbc71e78eb28c4871834da0bc35c2693e145c01688d8e1bd13 2026-01-29
FileHash-SHA256 fc8a6cc400dd822b6f5fc40c85a547cf7f266169edddb84a90f4b3f25956318c 2026-01-29
URL https://telegram-files.trustedfiles.org/?cuid=vG7LLN&cloud_access=E20340B73A&tuid=2bWqrF&hash=d3BdF6F9Bd&folder=520e66fe3F 2026-01-29
URL https://telegram-files.trustedfiles.org/?folder=009c027D11&tuid=1MM5Jx&cloud_access=f8CfeE6518&hash=a9D53e2Cd9&cuid=vG7LLN 2026-01-29
URL https://telegram-files.trustedfiles.org/?nash=2BC8BD579d&cloud_access=06c434ED64&tuid=efGVBj&folder=8057d1704f&cuid=3e12KE 2026-01-29
URL https://telegram-files.trustedfiles.org/telegram/api/v1/file/111ea773e331412d06b1e8725df275f8/3e12KE/efGVBj/ 2026-01-29
URL https://telegram-share.documtransfer.net/?folder=5f6a307A22&hash=4C90FCcEB9&cuid=VxBY1g&cloud_access=BEeB5A09Ad&tuid=2CbRT0 2026-01-29
URL https://tg-media.guardedcloud.net/?access_hash=ceFFc8F817&cuid=nghdRm&code=A824c7d9D3&tuid=SuCmHG 2026-01-29
domain 2zrek3mkl72d5b6evpkx2rz2glzrltiorgblpfb2ttg6lacwlsdk4iqd.onion 2026-01-29
domain 3lfdhuojbznd4fmunkkzr2m5zbnaibwuyvenclsoxvapylqv4pdldqad.onion 2026-01-29
domain amvlfdftchgyoie7femnnivsfnqzizrljm5rbixgsxpzgdavdtkhtlad.onion 2026-01-29
domain biavid.info 2026-01-29
domain clgkhqmtssx4dgvhq5r4kb4anid4n375d2z5mqspuob3iyqvzyrxhoqd.onion 2026-01-29
domain documshare.org 2026-01-29
domain documtransfer.net 2026-01-29
domain guardedcloud.net 2026-01-29
domain safedatabox.net 2026-01-29
domain trustedfiles.org 2026-01-29
hostname docs-telegram.guardedcloud.net 2026-01-29
hostname sectgfiles.biavid.info 2026-01-29
hostname telegram-files.trustedfiles.org 2026-01-29
hostname telegram-share.documtransfer.net 2026-01-29
hostname telegram.guardedcloud.net 2026-01-29
hostname teleinfo.safedatabox.net 2026-01-29
hostname tg-box.documshare.org 2026-01-29
hostname tg-media.guardedcloud.net 2026-01-29
References (1)
↗ https://bi.zone/expertise/blog/nadvigayushchiysya-tsiklon-vortex-werewolf-atakuet-rossiyu/