← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Fake Telegram Malware Campaign: Analysis of a Multi-Stage Loader Delivered via Typosquatted Websites
WHITE celestre 2026-03-20 Modified: 2026-04-19
7
IOCs
LOW VOLUME
While surfing the web, we discovered a typosquatted website impersonating the official Telegram download portal that was actively distributing malware. The domain telegrgam[.]com hosts a malicious installer named tsetup-x64.6.exe, which appears to be a legitimate Telegram setup file.
trojanmd5 detectionloaded payloadcommandcontrol
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (7)
All FileHash-MD5 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 62f8effc7690455abcb300e3574f0a93 2026-03-20
FileHash-MD5 a9a5cc6b6766fec51b281b94f5f17ccd 2026-03-20
URL http://27.50.59.77:18852 2026-03-20
domain jiijua.com 2026-03-20
hostname www.tejlegram.com 2026-03-20
hostname www.telefgram.com 2026-03-20
hostname www.telegrgam.com 2026-03-20
References (1)
↗ https://labs.k7computing.com/index.php/fake-telegram-malware-campaign-analysis-of-a-multi-stage-loader-delivered-via-typosquatted-websites/