TLP:WHITE88 IOCs

Approaching cyclone: Vortex Werewolf attacks Russia

BI.ZONE

Published February 6, 2026Original Report

Threat Actors

Diamond Model

Adversary(1)

Infrastructure(6)

Capability

Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise88

Type	Indicator	Confidence	Score	First Seen
IP	38.242.242.79 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	156.67.24.239 anonymizationintel-blognetwork	High	58	Jun 2, 26
Domain	clgkhqmtssx4dgvhq5r4kb4anid4n375d2z5mqspuob3iyqvzyrxhoqd.onion anonymizationintel-blognetwork	High	58	Jun 2, 26
Domain	tg-box.documshare.org indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	42910bf2aa4ac9d62e2b32e6fadc42f11bd7215fee492ecf72cfd6238965d066 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
IP	24.134.5.121 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	86.206.9.78 indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	f27f0c47b708cabbc71e78eb28c4871834da0bc35c2693e145c01688d8e1bd13 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
Domain	teleinfo.safedatabox.net indicatorintel-blognetwork	High	58	Jun 2, 26
URL	https://telegram-files.trustedfiles.org/?cuid=vG7LLN&cloud_access=E20340B73A&tuid=2bWqrF&hash=d3BdF6F9Bd&folder=520e66fe3F</p><p>https://telegram-files.trustedfiles.org/?nash=2BC8BD579d&cloud_access=06c434ED64&tuid=efGVBj&folder=8057d1704f&cuid=3e12KE</p><p>https://telegram-files.trustedfiles.org/?folder=009c027D11&tuid=1MM5Jx&cloud_access=f8CfeE6518&hash=a9D53e2Cd9&cuid=vG7LLN</p><p>https://tg-media.guardedcloud.net/?access_hash=ceFFc8F817&cuid=nghdRm&code=A824c7d9D3&tuid=SuCmHG</p><p>https://telegram-share.documtransfer.net/?folder=5f6a307A22&hash=4C90FCcEB9&cuid=VxBY1g&cloud_access=BEeB5A09Ad&tuid=2CbRT0</p><p><strong>Domains</strong></p><p>trustedfiles.org</p><p>guardedcloud.net</p><p>documtransfer.net</p><p>biavid.info</p><p>safedatabox.net</p><p>documshare.org</p><p>telegram-files.trustedfiles.org</p><p>tg-media.guardedcloud.net</p><p>docs-telegram.guardedcloud.net</p><p>telegram.guardedcloud.net</p><p>telegram-share.documtransfer.net</p><p>sectgfiles.biavid.info</p><p>teleinfo.safedatabox.net</p><p>tg-box.documshare.org</p><p><strong>GitHub anonymizationintel-blognetwork	High	58	Jun 2, 26
Domain	safedatabox.net indicatorintel-blognetwork	High	58	Jun 2, 26
IP	185.177.207.132 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	45.76.46.212 indicatorintel-blognetwork	High	58	Jun 2, 26
Domain	gendalfgrey221.github.io anonymizationintel-blognetwork	High	58	Jun 2, 26
IP	185.177.207.216 indicatorintel-blognetwork	High	58	Jun 2, 26
URL	https://telegram-files.trustedfiles.org/?nash=2BC8BD579d&cloud_access=06c434ED64&tuid=efGVBj&folder=8057d1704f&cuid=3e12KE</p><p>The intel-blognetworkphishing	High	58	Jun 2, 26
Domain	documtransfer.net indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	6efdf511512be5e256951813f2008ce2c4572d6ef191c69a62b7555aa33255ac file-hashindicatorintel-blog	Medium	53	Jun 2, 26
IP	87.106.143.190 indicatorintel-blognetwork	High	58	Jun 2, 26
URL	https://tg-media.guardedcloud.net/?access_hash=ceFFc8F817&cuid=nghdRm&code=A824c7d9D3&tuid=SuCmHG. intel-blognetworkurl	High	58	Jun 2, 26
IP	85.117.251.69 indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	85fba8ba8377974392b9147a2adf2d2955e9dfbb8d9e0659c7f90487b1105ae7 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	a5c5a64b2da18aac04ddaaa3cd82f09bbad661da4aaca785edcf4bac94cb520a file-hashindicatorintel-blog	Medium	53	Jun 2, 26
Domain	icchtolkaio.github.io anonymizationintel-blognetwork	High	58	Jun 2, 26
IP	73.94.43.159 indicatorintel-blognetwork	High	58	Jun 2, 26
MD5	111ea773e331412d06b1e8725df275f8 file-hashintel-blogmalware	Medium	53	Jun 2, 26
IP	198.98.53.149 intel-blognetworkproxy	High	58	Jun 2, 26
SHA256	8f9029a5d5351078fc2f0b5499557c0f969b337817947314e37b2c7407ae2300 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	44abef9297d6573674b27416435c891317cfb9de8753d075806d5777563e6cc2 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	8f4836cca1850053e87a769a84baed3cdde060ad3fce26f101a20b37375835f1 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	aeb3196090cb428bcea45e0cf24d2b53346e244b2115edb176da49ca912d8cdf file-hashindicatorintel-blog	Medium	53	Jun 2, 26
Domain	docs-telegram.guardedcloud.net indicatorintel-blognetwork	High	58	Jun 2, 26
IP	82.117.243.191 indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	4111cda24ef547bc3296024cf94e0a0b43916c46d92f1d5c406ba241dcd6bb23 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
Domain	amvlfdftchgyoie7femnnivsfnqzizrljm5rbixgsxpzgdavdtkhtlad.onion anonymizationintel-blognetwork	High	58	Jun 2, 26
IP	188.245.88.107 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	176.169.236.210 anonymizationintel-blognetwork	High	58	Jun 2, 26
IP	78.63.213.108 indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	76542efd8113416322268676c8c32fc900661fe17db68a1ac9c2bcdcd936a7a6 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
IP	87.106.159.211 indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	558df469e8170f63da405ce42cf63900d81f0b38c3a70fa69e48b9aa11735345 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
Domain	3lfdhuojbznd4fmunkkzr2m5zbnaibwuyvenclsoxvapylqv4pdldqad.onion anonymizationintel-blognetwork	High	58	Jun 2, 26
SHA256	2727d521ef98815ba82b2c2cc504123db59e1e4df487e3d6253280d21d00020e file-hashindicatorintel-blog	Medium	53	Jun 2, 26
Domain	robetsoalspa.github.io anonymizationintel-blognetwork	High	58	Jun 2, 26
IP	188.116.26.254 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	72.10.162.51 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	95.179.192.8 indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	1280cca4b520bfd018296c4d1645b7c9c8c7c4608752506285dad0e251b22e32 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	1ba396a8cd9af661e0a5ceb1107c787290cff3ab05b70a9c5154f4e040f716be file-hashindicatorintel-blog	Medium	53	Jun 2, 26
IP	5.22.221.14 indicatorintel-blognetwork	High	58	Jun 2, 26
Domain	telegram-share.documtransfer.net indicatorintel-blognetwork	High	58	Jun 2, 26
IP	70.34.216.248 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	185.177.207.101 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	89.116.48.119 indicatorintel-blognetwork	High	58	Jun 2, 26
Domain	2zrek3mkl72d5b6evpkx2rz2glzrltiorgblpfb2ttg6lacwlsdk4iqd.onion anonymizationintel-blognetwork	High	58	Jun 2, 26
IP	158.174.146.87 anonymizationintel-blognetwork	High	58	Jun 2, 26
IP	103.17.154.137 anonymizationintel-blognetwork	High	58	Jun 2, 26
IP	185.177.207.62 indicatorintel-blognetwork	High	58	Jun 2, 26
Domain	sectgfiles.biavid.info indicatorintel-blognetwork	High	58	Jun 2, 26
IP	185.177.207.18 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	77.128.112.133 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	78.159.118.224 indicatorintel-blognetwork	High	58	Jun 2, 26
Domain	yankovskiy987.github.io anonymizationintel-blognetwork	High	58	Jun 2, 26
Domain	documshare.org indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
IP	185.177.207.103 indicatorintel-blognetwork	High	58	Jun 2, 26
IP	193.138.81.106 indicatorintel-blognetwork	High	58	Jun 2, 26
Domain	guardedcloud.net indicatorintel-blognetwork	High	58	Jun 2, 26
Domain	trustedfiles.org intel-blognetworkphishing	High	58	Jun 2, 26
SHA256	7ccf33529389ff080c1aaea1678c9f7a3546ab950670138f8a7f35c7638578cb file-hashindicatorintel-blog	Medium	53	Jun 2, 26
Domain	nieusoaps11.github.io anonymizationintel-blognetwork	High	58	Jun 2, 26
SHA256	36d104a18c1e966b11253eb637a452288cb94ce240ee6fff7c2d14d7ae8086ee file-hashindicatorintel-blog	Medium	53	Jun 2, 26
IP	185.177.207.63 indicatorintel-blognetwork	High	58	Jun 2, 26
Domain	telegram.guardedcloud.net indicatorintel-blognetwork	High	58	Jun 2, 26
IP	156.67.24.236 anonymizationintel-blognetwork	High	58	Jun 2, 26
Domain	biavid.info indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	ac8e6a47f795b6ea4bf1ddf2d4079337fd7d3798bcfe8773c28f9d429b83380b file-hashindicatorintel-blog	Medium	53	Jun 2, 26
URL	https://telegram-files.trustedfiles.org/telegram/api/v1/file/111ea773e331412d06b1e8725df275f8/3e12KE/efGVBj/ intel-blogmalwarenetwork	High	58	Jun 2, 26
IP	190.62.5.156 indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	1cf423b7b55c2d7018262c847ba58e1955443e1d84ca0bca4f94f2a9cc5794d7 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
IP	45.76.185.188 indicatorintel-blognetwork	High	58	Jun 2, 26
SHA256	86b1e4e48d1d4ce1acf291b21c2ffa806bca9b6cad6a6519263fa1705486eb94 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	de73c1b5597f091b5e42e5d5b4dc40a46ddee4682308f5bbe010a32ede57b111 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	8339333e1a1a8babc3fd72542e8fda58d19dd096cf2463867ca0328348338570 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	b4195e7584ac97d9c444ee6292160c80f9c889e6cba27cc656506d3c5fcffd48 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
IP	129.153.78.39 anonymizationintel-blognetwork	High	58	Jun 2, 26
SHA256	fc8a6cc400dd822b6f5fc40c85a547cf7f266169edddb84a90f4b3f25956318c file-hashindicatorintel-blog	Medium	53	Jun 2, 26
URL	https://dl.dropboxusercontent.com/scl/fi/a32r4skq88ou37br4o5ic/Spisok-na-peremeshchenie.zip?rlkey=rkkq0atxq44eewvw5jknjelr2&dl=0&t=1765842355</p><figure><img aptespionageintel-blog	High	58	Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph88 total IOCs

IPDomainSHA256URLMD5

scroll to zoom · drag to pan · click IOC to open