TLP:WHITE50 IOCs

Fluffy Wolf tests new toolkit on Russian companies

BI.ZONE

Published June 9, 2026Original Report

Diamond Model

Adversary

Infrastructure(6)

Capability

Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise50

Type	Indicator	Confidence	Score	First Seen
IP	195.2.67.129 indicatorintel-blognetwork	High	58	Jun 9, 26
SHA256	328dbb06c64422010bb81aa3ed37a62c4110490833dc5109812e730588a58d1c file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	bdab0d5ba9a45590d6098d1faeaa3c515ef600d34e7dec4a187449e86a195ed9 file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	8140916d84d3995245459da20e1bf5eccf7e1bea53771352cc714441ecf1ba84 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	dc5e6cc144723aa34491ca91f47c1bb8817ac779e6e7bb02eb1c895bb488101c file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	f833236b43cfa6d69b6ceadae649c5c970e6e1b32fd3d3d0e5ccc4faa433e68f file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	f3d31b6f21ad20a659172febb6ba77638d5721b2e837c3fa285b1519723292d2 file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	7c86b45309989b3dc7f07f1e08d9e95ea23f128614c76e76c073fe6785c576be file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	1e6504c2f3b61296ba1d1604ff1ad914b3bf66a53e3ee48f51a27185ff505c37 file-hashindicatorintel-blog	Medium	53	Jun 9, 26
URL	https://dpaste.com/3VY69RY7J.txt intel-blognetworkproxy	High	58	Jun 9, 26
SHA256	7dc7c6d5cc65f48bc227e2d8d167c3a7d57d9c4f262bb3b61272958e14bff1e4 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	d462edfd28489ed3de667f0891a3719d717f63ad192ec9cb601901d2395826e6 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	d480e38883136f576b2f9a9d600bb85dd2d1bc5a9d44ca2eee2561daee883969 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	9e8cfc30a920e1889dcf91fb6e589442d68538d31ce1ecc362e187df5b3a6dfa file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	aa34fcbd1a948b25f16f44142289e12e411671f58ffed1ed723b1a92f56d9e09 file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	a0d242ba07c6b2607eb5b8ba2ba2156df9dd7a06919af59dda4198fa64846854 file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	36512147ca91a464e76e01f90e046c1ed6b82c94aaa7b457e0c48f0fef651717 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	5f61676739173cbc4d8b3307dc2e1084454481a793f6890b0f25d290b13a9ecd file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	f2f519009fbf68aed3b2011f10af1d85eddcd904bddbd9c9f5da079f125ba4af file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	3468acd6e340e1418a94dab6c60b77985b8a4b1662a19e8d47a582e84a852cd1 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	2bd0667301cb43be4f4f413f888b23e871d623e7b1cad25a744a5b21de0253be file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	58c8af6819d61e55dab218c38baced6d952a733fe6b625f4e3c5664a6a224501 file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	490b591b75e4f70bf6f11be5af2a594255ba50068b8a4331a11b6a45bf4fd61c file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	0dafc7f545b5338dcdad3c33691bf600aefb67d20409928b26359a019159c07a file-hashindicatorintel-blog	Medium	53	Jun 9, 26
URL	https://5.252.153.67:8443/browser exfiltrationintel-blogmalware	High	58	Jun 9, 26
SHA256	47f131a73681804ce81154a9397a34c47d66b6c740f92d2072372742b1f4d573 file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	aff1a5be3885907e61b61fcef03c4eb8e7a86255bb9963a0f2095cd69bb2f6d7 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	0d351f0acc0e642a101c58a3ee67affdb56ad4e1eb2abdb13869e1e79a000b20 file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	e8804fe935844a799a9b723e320b12136c42b0943a9577d8b23f10060e788d76 file-hashintel-blogloader	Medium	53	Jun 9, 26
URL	http://5.252.153.67:60070/script?id=%GUID%&country=RU&admin=true</li></ul><p><strong>IP intel-blognetworkurl	High	58	Jun 9, 26
SHA256	9a4811bc0a14e9dd05554f85c7943ad664590975fe9a2d1f7d3453448534eff3 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	ad34363cef40f07aca51d9b5c5efc5a4d64aafdda655a42b4b0cf2a686af189f file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	8745d7a4939a4643d72ee3e9cb177bf6ee23600115bbc3b3e75b9338b64c006b file-hashintel-blogloader	Medium	53	Jun 9, 26
URL	https://5.252.153.67:8443/userinfo intel-blognetworkurl	High	58	Jun 9, 26
SHA256	ea6dc73aeadb2b9938d1622995275c01e9f9d3770801c420a7b63731d6a48d82 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	d152c06a63fdb76851eab8c50b4f2db7b5a45568034800e883e509eb008c3261 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	b9318833e9ad4094bb3cd7fa76eb028bcafd65fc22cdb1e57e828a0651792f1e file-hashindicatorintel-blog	Medium	53	Jun 9, 26
URL	https://hasteb.in/ii5PfCz83aTcDgK intel-blognetworkproxy	High	58	Jun 9, 26
URL	https://5.252.153.67:8443/discord c2exfiltrationintel-blog	High	58	Jun 9, 26
SHA256	70e5b8a57d97eef3bdb41f296c05c95fb8bb21409a984edffb1e7ed484ad3339 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	2e1bd5aa28b63baea57be0ddf4eafaafef07dc59c3273d75513354a3f00aaeae file-hashintel-blogmalware	Medium	53	Jun 9, 26
SHA256	6338c373f170da6cf01729aeba4d23419d8219b63674b5491ef3b6a1fd140b1c file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	c5ac346e5e09ab33598c84bf34d618cbfb89fc3028f33a0bc51e5bc9c97efab5 file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	f035a44d3d45288a142aa9ef6ab21bb1f88b37cc205dc6f3555c0618180ed52f file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	1f135fc93810dbca2dce4827db52ce2c86fd94616594d42b7db183d09338eefb file-hashindicatorintel-blog	Medium	53	Jun 9, 26
IP	5.252.153.67 indicatorintel-blognetwork	High	58	Jun 9, 26
IP	91.84.118.179 indicatorintel-blognetwork	High	58	Jun 9, 26
SHA256	ee1cf4e463bcca1d332510874c71b1623d98655010a923127d1dda9787fc85c2 file-hashintel-blogloader	Medium	53	Jun 9, 26
SHA256	6bd486cfbaef5bcf2102a0d2009274af1db804fb409f2f36b7a765457b3553db file-hashindicatorintel-blog	Medium	53	Jun 9, 26
SHA256	e57fad8f15423c5a34e337136f2f1b2c6948b8caee8ec047e85882e6e9e97621 file-hashindicatorintel-blog	Medium	53	Jun 9, 26

IOC Relationship Graph

IOC Relationship Graph50 total IOCs

IPSHA256URL

scroll to zoom · drag to pan · click IOC to open