← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Approaching cyclone: Vortex Werewolf attacks Russia
In December 2025 and January 2026, BI.ZONE Threat Intelligence detected malicious activity by a new cluster Vortex Werewolf (SkyCloak). The attacks targeted Russian government and defense organizations. Our findings indicate that the adversary used phishing emails to deliver malware to the target systems. Victims received messages containing a download link disguised as a Telegram file-sharing URL. Clicking the link triggered the download of two archives — one with a malicious LNK file and another with multiple files, including a PowerShell script.
Indicators of Compromise (133)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 0b6f7356919b9632c1158681ee0462f3 | MD5 of 2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082 | 2026-02-10 | |
| FileHash-MD5 | 1ca4bf328cb4eafb54d97649b6025677 | MD5 of ac8e6a47f795b6ea4bf1ddf2d4079337fd7d3798bcfe8773c28f9d429b83380b | 2026-02-10 | |
| FileHash-MD5 | 2fd70886f3d8712818cc74a4bd941133 | MD5 of aeb3196090cb428bcea45e0cf24d2b53346e244b2115edb176da49ca912d8cdf | 2026-02-10 | |
| FileHash-MD5 | 3c35cf9c69154f8c1eb76c7fc38be426 | MD5 of 7ccf33529389ff080c1aaea1678c9f7a3546ab950670138f8a7f35c7638578cb | 2026-02-10 | |
| FileHash-MD5 | 3c6af5161830ea094bd26b0f173a4ce4 | MD5 of a5c5a64b2da18aac04ddaaa3cd82f09bbad661da4aaca785edcf4bac94cb520a | 2026-02-10 | |
| FileHash-MD5 | 3e3c5471c69e933fcffa4f497ca936b8 | MD5 of 8339333e1a1a8babc3fd72542e8fda58d19dd096cf2463867ca0328348338570 | 2026-02-10 | |
| FileHash-MD5 | 41155d85dbaa61801f95aa183facf4e3 | MD5 of 36d104a18c1e966b11253eb637a452288cb94ce240ee6fff7c2d14d7ae8086ee | 2026-02-10 | |
| FileHash-MD5 | 4300b13d2ff5faa4fc5fc022ba29e280 | MD5 of 1cf423b7b55c2d7018262c847ba58e1955443e1d84ca0bca4f94f2a9cc5794d7 | 2026-02-10 | |
| FileHash-MD5 | 44652be9dc36c33ef0a35d4422523f7c | MD5 of 8f4836cca1850053e87a769a84baed3cdde060ad3fce26f101a20b37375835f1 | 2026-02-10 | |
| FileHash-MD5 | 4d5074d6e0722ceec45a083fa8444164 | MD5 of 42910bf2aa4ac9d62e2b32e6fadc42f11bd7215fee492ecf72cfd6238965d066 | 2026-02-10 | |
| FileHash-MD5 | 57dbf8c275fa56b9a84e9c4b9a35399e | MD5 of fc8a6cc400dd822b6f5fc40c85a547cf7f266169edddb84a90f4b3f25956318c | 2026-02-10 | |
| FileHash-MD5 | 6a72ad3c06a29e12e668e8701daee00e | MD5 of de73c1b5597f091b5e42e5d5b4dc40a46ddee4682308f5bbe010a32ede57b111 | 2026-02-10 | |
| FileHash-MD5 | 7b33938498a8f715e7ceb3fb209f1991 | MD5 of f27f0c47b708cabbc71e78eb28c4871834da0bc35c2693e145c01688d8e1bd13 | 2026-02-10 | |
| FileHash-MD5 | 873480ab887de3a9cbbcccb982747637 | MD5 of 2727d521ef98815ba82b2c2cc504123db59e1e4df487e3d6253280d21d00020e | 2026-02-10 | |
| FileHash-MD5 | 8dbeb747aab3d3814bcee52c3b0f6ee5 | MD5 of 76542efd8113416322268676c8c32fc900661fe17db68a1ac9c2bcdcd936a7a6 | 2026-02-10 | |
| FileHash-MD5 | 99dc0dbaf5bd3918803391ec8d6d802c | MD5 of 85fba8ba8377974392b9147a2adf2d2955e9dfbb8d9e0659c7f90487b1105ae7 | 2026-02-10 | |
| FileHash-MD5 | ab24e08da9e205ee3d3a5a2a05345cb9 | MD5 of b4195e7584ac97d9c444ee6292160c80f9c889e6cba27cc656506d3c5fcffd48 | 2026-02-10 | |
| FileHash-MD5 | ac60971512c77f845cc4ec47400368a6 | MD5 of 8f9029a5d5351078fc2f0b5499557c0f969b337817947314e37b2c7407ae2300 | 2026-02-10 | |
| FileHash-MD5 | cf92899f2cd2db8069d97feba7d754c6 | MD5 of 558df469e8170f63da405ce42cf63900d81f0b38c3a70fa69e48b9aa11735345 | 2026-02-10 | |
| FileHash-MD5 | db79fbd9c7a5df5c71fd97364f3e3de3 | MD5 of 86b1e4e48d1d4ce1acf291b21c2ffa806bca9b6cad6a6519263fa1705486eb94 | 2026-02-10 | |
| FileHash-MD5 | f1bc5841f6d6be1820848a7718bf4cce | MD5 of 44abef9297d6573674b27416435c891317cfb9de8753d075806d5777563e6cc2 | 2026-02-10 | |
| FileHash-MD5 | f2b470dc3fcd8a2fd7860851a81f3eb0 | MD5 of 6efdf511512be5e256951813f2008ce2c4572d6ef191c69a62b7555aa33255ac | 2026-02-10 | |
| FileHash-MD5 | f4d05a5cb783f1cdd179795125d23139 | MD5 of 1280cca4b520bfd018296c4d1645b7c9c8c7c4608752506285dad0e251b22e32 | 2026-02-10 | |
| FileHash-MD5 | f83dfd6fb45acada5e40cdf1d6595999 | MD5 of 4111cda24ef547bc3296024cf94e0a0b43916c46d92f1d5c406ba241dcd6bb23 | 2026-02-10 | |
| FileHash-MD5 | ffefe836255e742abc3dc692d1dda3a4 | MD5 of 1ba396a8cd9af661e0a5ceb1107c787290cff3ab05b70a9c5154f4e040f716be | 2026-02-10 | |
| FileHash-SHA1 | 032b8bdd1de028d36f7c785622d5ea6a17e02f90 | SHA1 of 558df469e8170f63da405ce42cf63900d81f0b38c3a70fa69e48b9aa11735345 | 2026-02-10 | |
| FileHash-SHA1 | 2282e2158b7fb714f77d8b0974d980b87884933f | SHA1 of 8339333e1a1a8babc3fd72542e8fda58d19dd096cf2463867ca0328348338570 | 2026-02-10 | |
| FileHash-SHA1 | 244ab23dcc3298d1de85255a4d9c3331b1bd830e | SHA1 of a5c5a64b2da18aac04ddaaa3cd82f09bbad661da4aaca785edcf4bac94cb520a | 2026-02-10 | |
| FileHash-SHA1 | 2779c0b31e513788f6494a70922e6c7051f4291d | SHA1 of 1cf423b7b55c2d7018262c847ba58e1955443e1d84ca0bca4f94f2a9cc5794d7 | 2026-02-10 | |
| FileHash-SHA1 | 29de6fff67bdd0d8fb8e68476ff1040fde48420a | SHA1 of b4195e7584ac97d9c444ee6292160c80f9c889e6cba27cc656506d3c5fcffd48 | 2026-02-10 | |
| FileHash-SHA1 | 2f5f195fb31a4e457e945387a43d8ec14872d018 | SHA1 of ac8e6a47f795b6ea4bf1ddf2d4079337fd7d3798bcfe8773c28f9d429b83380b | 2026-02-10 | |
| FileHash-SHA1 | 675ce37d4549fb9e2fabee91befa53c0bac157e0 | SHA1 of 8f4836cca1850053e87a769a84baed3cdde060ad3fce26f101a20b37375835f1 | 2026-02-10 | |
| FileHash-SHA1 | 7490e916130a814b1e33c955f4a64ad23c08df5b | SHA1 of 2727d521ef98815ba82b2c2cc504123db59e1e4df487e3d6253280d21d00020e | 2026-02-10 | |
| FileHash-SHA1 | 7b50320a005cf68e5c17d51a8fd8422ceef1611a | SHA1 of 2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082 | 2026-02-10 | |
| FileHash-SHA1 | 854fb7550238d9e4983319540afc4b76f4a74237 | SHA1 of 1280cca4b520bfd018296c4d1645b7c9c8c7c4608752506285dad0e251b22e32 | 2026-02-10 | |
| FileHash-SHA1 | 85d1c4c90242c054b17060885de556dfa5fe4cf9 | SHA1 of 8f9029a5d5351078fc2f0b5499557c0f969b337817947314e37b2c7407ae2300 | 2026-02-10 | |
| FileHash-SHA1 | 863c91ef48d1fed77d260376a464bf0686d8afc6 | SHA1 of 1ba396a8cd9af661e0a5ceb1107c787290cff3ab05b70a9c5154f4e040f716be | 2026-02-10 | |
| FileHash-SHA1 | aaa3b6ca2753ae491b639631c236cae350bdb0f7 | SHA1 of fc8a6cc400dd822b6f5fc40c85a547cf7f266169edddb84a90f4b3f25956318c | 2026-02-10 | |
| FileHash-SHA1 | aba35de9e819396f89f34c03058ebe71a7f98b6b | SHA1 of 42910bf2aa4ac9d62e2b32e6fadc42f11bd7215fee492ecf72cfd6238965d066 | 2026-02-10 | |
| FileHash-SHA1 | b27e572e84fb4ff60af665851c06144b3a0b9d74 | SHA1 of f27f0c47b708cabbc71e78eb28c4871834da0bc35c2693e145c01688d8e1bd13 | 2026-02-10 | |
| FileHash-SHA1 | b2de369415574ffeb3858ff6a6213aa8397a331f | SHA1 of 85fba8ba8377974392b9147a2adf2d2955e9dfbb8d9e0659c7f90487b1105ae7 | 2026-02-10 | |
| FileHash-SHA1 | b6965f18ca1b873636f9debce43a681ff83338d2 | SHA1 of 4111cda24ef547bc3296024cf94e0a0b43916c46d92f1d5c406ba241dcd6bb23 | 2026-02-10 | |
| FileHash-SHA1 | b708bb12f86b0eb55a7f49cec9510efbc6b3e262 | SHA1 of 6efdf511512be5e256951813f2008ce2c4572d6ef191c69a62b7555aa33255ac | 2026-02-10 | |
| FileHash-SHA1 | b8313c106864f1faf1c23d3e8da615a7d5f33945 | SHA1 of 86b1e4e48d1d4ce1acf291b21c2ffa806bca9b6cad6a6519263fa1705486eb94 | 2026-02-10 | |
| FileHash-SHA1 | c2a8dae7ab6ea92dcfecbe2ab6ac7efc289d6a18 | SHA1 of de73c1b5597f091b5e42e5d5b4dc40a46ddee4682308f5bbe010a32ede57b111 | 2026-02-10 | |
| FileHash-SHA1 | cc0752a4bc9482c96f3e4fd852ae3705947d5b83 | SHA1 of 36d104a18c1e966b11253eb637a452288cb94ce240ee6fff7c2d14d7ae8086ee | 2026-02-10 | |
| FileHash-SHA1 | d3b8ac9c6d8b9106fc7964d06121c281d72fef53 | SHA1 of aeb3196090cb428bcea45e0cf24d2b53346e244b2115edb176da49ca912d8cdf | 2026-02-10 | |
| FileHash-SHA1 | e7f20ba2f9c12f164fef37c618481564b4db3399 | SHA1 of 44abef9297d6573674b27416435c891317cfb9de8753d075806d5777563e6cc2 | 2026-02-10 | |
| FileHash-SHA1 | f795880db0974edfc1d44e1d8a1827d029f8beff | SHA1 of 7ccf33529389ff080c1aaea1678c9f7a3546ab950670138f8a7f35c7638578cb | 2026-02-10 | |
| FileHash-SHA1 | fc3b95b64aa817262e1dbb2fbfe6983e70a5f340 | SHA1 of 76542efd8113416322268676c8c32fc900661fe17db68a1ac9c2bcdcd936a7a6 | 2026-02-10 | |
| FileHash-SHA256 | 1280cca4b520bfd018296c4d1645b7c9c8c7c4608752506285dad0e251b22e32 | — | 2026-02-10 | |
| FileHash-SHA256 | 1ba396a8cd9af661e0a5ceb1107c787290cff3ab05b70a9c5154f4e040f716be | — | 2026-02-10 | |
| FileHash-SHA256 | 1cf423b7b55c2d7018262c847ba58e1955443e1d84ca0bca4f94f2a9cc5794d7 | — | 2026-02-10 | |
| FileHash-SHA256 | 2727d521ef98815ba82b2c2cc504123db59e1e4df487e3d6253280d21d00020e | — | 2026-02-10 | |
| FileHash-SHA256 | 2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082 | — | 2026-02-10 | |
| FileHash-SHA256 | 36d104a18c1e966b11253eb637a452288cb94ce240ee6fff7c2d14d7ae8086ee | — | 2026-02-10 | |
| FileHash-SHA256 | 4111cda24ef547bc3296024cf94e0a0b43916c46d92f1d5c406ba241dcd6bb23 | — | 2026-02-10 | |
| FileHash-SHA256 | 42910bf2aa4ac9d62e2b32e6fadc42f11bd7215fee492ecf72cfd6238965d066 | — | 2026-02-10 | |
| FileHash-SHA256 | 44abef9297d6573674b27416435c891317cfb9de8753d075806d5777563e6cc2 | — | 2026-02-10 | |
| FileHash-SHA256 | 558df469e8170f63da405ce42cf63900d81f0b38c3a70fa69e48b9aa11735345 | — | 2026-02-10 | |
| FileHash-SHA256 | 6efdf511512be5e256951813f2008ce2c4572d6ef191c69a62b7555aa33255ac | — | 2026-02-10 | |
| FileHash-SHA256 | 76542efd8113416322268676c8c32fc900661fe17db68a1ac9c2bcdcd936a7a6 | — | 2026-02-10 | |
| FileHash-SHA256 | 7ccf33529389ff080c1aaea1678c9f7a3546ab950670138f8a7f35c7638578cb | — | 2026-02-10 | |
| FileHash-SHA256 | 8339333e1a1a8babc3fd72542e8fda58d19dd096cf2463867ca0328348338570 | — | 2026-02-10 | |
| FileHash-SHA256 | 85fba8ba8377974392b9147a2adf2d2955e9dfbb8d9e0659c7f90487b1105ae7 | — | 2026-02-10 | |
| FileHash-SHA256 | 86b1e4e48d1d4ce1acf291b21c2ffa806bca9b6cad6a6519263fa1705486eb94 | — | 2026-02-10 | |
| FileHash-SHA256 | 8f4836cca1850053e87a769a84baed3cdde060ad3fce26f101a20b37375835f1 | — | 2026-02-10 | |
| FileHash-SHA256 | 8f9029a5d5351078fc2f0b5499557c0f969b337817947314e37b2c7407ae2300 | — | 2026-02-10 | |
| FileHash-SHA256 | a5c5a64b2da18aac04ddaaa3cd82f09bbad661da4aaca785edcf4bac94cb520a | — | 2026-02-10 | |
| FileHash-SHA256 | ac8e6a47f795b6ea4bf1ddf2d4079337fd7d3798bcfe8773c28f9d429b83380b | — | 2026-02-10 | |
| FileHash-SHA256 | aeb3196090cb428bcea45e0cf24d2b53346e244b2115edb176da49ca912d8cdf | — | 2026-02-10 | |
| FileHash-SHA256 | b4195e7584ac97d9c444ee6292160c80f9c889e6cba27cc656506d3c5fcffd48 | — | 2026-02-10 | |
| FileHash-SHA256 | de73c1b5597f091b5e42e5d5b4dc40a46ddee4682308f5bbe010a32ede57b111 | — | 2026-02-10 | |
| FileHash-SHA256 | f27f0c47b708cabbc71e78eb28c4871834da0bc35c2693e145c01688d8e1bd13 | — | 2026-02-10 | |
| FileHash-SHA256 | fc8a6cc400dd822b6f5fc40c85a547cf7f266169edddb84a90f4b3f25956318c | — | 2026-02-10 | |
| URL | http://103.17.154.137:443 | — | 2026-02-10 | |
| URL | http://156.67.24.236:33333 | — | 2026-02-10 | |
| URL | http://156.67.24.239:33333 | — | 2026-02-10 | |
| URL | http://158.174.146.87:7800 | — | 2026-02-10 | |
| URL | http://176.169.236.210:4431 | — | 2026-02-10 | |
| URL | http://185.177.207.101:12346 | — | 2026-02-10 | |
| URL | http://185.177.207.103:12346 | — | 2026-02-10 | |
| URL | http://185.177.207.132:8443 | — | 2026-02-10 | |
| URL | http://185.177.207.18:30196 | — | 2026-02-10 | |
| URL | http://185.177.207.216:11216 | — | 2026-02-10 | |
| URL | http://185.177.207.62:40393 | — | 2026-02-10 | |
| URL | http://185.177.207.63:6340 | — | 2026-02-10 | |
| URL | http://188.116.26.254:23452 | — | 2026-02-10 | |
| URL | http://188.245.88.107:44536 | — | 2026-02-10 | |
| URL | http://190.62.5.156:49201 | — | 2026-02-10 | |
| URL | http://193.138.81.106:8443 | — | 2026-02-10 | |
| URL | http://198.98.53.149:443 | — | 2026-02-10 | |
| URL | http://24.134.5.121:8989 | — | 2026-02-10 | |
| URL | http://38.242.242.79:27751 | — | 2026-02-10 | |
| URL | http://45.76.185.188:4444 | — | 2026-02-10 | |
| URL | http://45.76.46.212:8443 | — | 2026-02-10 | |
| URL | http://5.22.221.14:3031 | — | 2026-02-10 | |
| URL | http://70.34.216.248:28509 | — | 2026-02-10 | |
| URL | http://72.10.162.51:12693 | — | 2026-02-10 | |
| URL | http://73.94.43.159:26820 | — | 2026-02-10 | |
| URL | http://77.128.112.133:587 | — | 2026-02-10 | |
| URL | http://78.159.118.224:19998 | — | 2026-02-10 | |
| URL | http://78.63.213.108:9130 | — | 2026-02-10 | |
| URL | http://82.117.243.191:3443 | — | 2026-02-10 | |
| URL | http://85.117.251.69:44821 | — | 2026-02-10 | |
| URL | http://86.206.9.78:12345 | — | 2026-02-10 | |
| URL | http://87.106.143.190:23188 | — | 2026-02-10 | |
| URL | http://87.106.159.211:25047 | — | 2026-02-10 | |
| URL | http://89.116.48.119:32278 | — | 2026-02-10 | |
| URL | http://95.179.192.8:8080 | — | 2026-02-10 | |
| URL | https://telegram-files.trustedfiles.org/?cuid=vG7LLN&cloud_access=E20340B73A&tuid=2bWqrF&hash=d3BdF6F9Bd&folder=520e66fe3F | — | 2026-02-10 | |
| URL | https://telegram-files.trustedfiles.org/?folder=009c027D11&tuid=1MM5Jx&cloud_access=f8CfeE6518&hash=a9D53e2Cd9&cuid=vG7LLN | — | 2026-02-10 | |
| URL | https://telegram-files.trustedfiles.org/?nash=2BC8BD579d&cloud_access=06c434ED64&tuid=efGVBj&folder=8057d1704f&cuid=3e12KE | — | 2026-02-10 | |
| URL | https://telegram-share.documtransfer.net/?folder=5f6a307A22&hash=4C90FCcEB9&cuid=VxBY1g&cloud_access=BEeB5A09Ad&tuid=2CbRT0 | — | 2026-02-10 | |
| URL | https://tg-media.guardedcloud.net/?access_hash=ceFFc8F817&cuid=nghdRm&code=A824c7d9D3&tuid=SuCmHG | — | 2026-02-10 | |
| domain | 2zrek3mkl72d5b6evpkx2rz2glzrltiorgblpfb2ttg6lacwlsdk4iqd.onion | — | 2026-02-10 | |
| domain | 3lfdhuojbznd4fmunkkzr2m5zbnaibwuyvenclsoxvapylqv4pdldqad.onion | — | 2026-02-10 | |
| domain | amvlfdftchgyoie7femnnivsfnqzizrljm5rbixgsxpzgdavdtkhtlad.onion | — | 2026-02-10 | |
| domain | biavid.info | — | 2026-02-10 | |
| domain | clgkhqmtssx4dgvhq5r4kb4anid4n375d2z5mqspuob3iyqvzyrxhoqd.onion | — | 2026-02-10 | |
| domain | documshare.org | — | 2026-02-10 | |
| domain | documtransfer.net | — | 2026-02-10 | |
| domain | guardedcloud.net | — | 2026-02-10 | |
| domain | safedatabox.net | — | 2026-02-10 | |
| domain | trustedfiles.org | — | 2026-02-10 | |
| hostname | docs-telegram.guardedcloud.net | — | 2026-02-10 | |
| hostname | sectgfiles.biavid.info | — | 2026-02-10 | |
| hostname | telegram-files.trustedfiles.org | — | 2026-02-10 | |
| hostname | telegram-share.documtransfer.net | — | 2026-02-10 | |
| hostname | telegram.guardedcloud.net | — | 2026-02-10 | |
| hostname | teleinfo.safedatabox.net | — | 2026-02-10 | |
| hostname | tg-box.documshare.org | — | 2026-02-10 | |
| hostname | tg-media.guardedcloud.net | — | 2026-02-10 |