3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
White Pulse

White Pulse

ID: 863c949db9a48550778bf8f6099856aa18129
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, DDoS Attack
Russia DNK, ISR
Updated: 2026-04-12
Created: 2026-02-19
Progress: 94% Completeness: 92% Freshness: 100%
Operation zone: Denmark, Israel
Aliases Limited alias preview
The White Pulse White Pulse Cyber PMC Wh******** w*****
Showing 2 of 4 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

White Pulse is an alleged Russia-aligned hacktivist brand referenced in public reporting as a member of the 'Russian Legion' alliance. Reporting links the alliance to politically motivated DDoS threats and disruption campaigns (e.g., 'OpDenmark') aimed at pressuring governments.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2026-01-30 — Public reporting ties the Russian Legion alliance (which includes The White Pulse) to DDoS threats and disruptive activity in the OpDenmark campaign context. · ref
  • 2026-02-02 — Secondary coverage reiterates the DDoS-focused nature of the campaign and alliance membership list including The White Pulse. · ref
T1589 Gather Victim Identity Information TA0043
  • 2026-01-30 — INFERENCE (confidence: medium): Campaign-style hacktivism typically requires identifying public endpoints and organizational targets; reporting describes a politically targeted ultimatum campaign suggesting pre-selected targets. · ref
T1595 Active Scanning TA0043
  • 2026-01-30 — INFERENCE (confidence: medium): DDoS campaigns against national services generally involve active scanning/verification of exposed web services and portals prior to attack waves; no direct tooling details are provided in cited reporting. · ref
T1585.001 Social Media Accounts TA0042
  • 2026-01-27 — INFERENCE (confidence: low): Hacktivist brands commonly rely on newly created or repurposed social accounts/channels for campaigns; reporting centers Telegram as a primary comms vector for the alliance. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-20T04:43:55+00:00

White Pulse — Russia-aligned hacktivist brand (disruption/DDoS)

Classification: TLP: WHITE - Open Source Intelligence (OSINT)

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — White Pulse

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — White Pulse

Priority / context: Public reporting in early 2026 references White Pulse primarily as part of the “Russian Legion” alliance associated with politically motivated disruption and DDoS threats (e.g., “OpDenmark”). This playbook focuses on detecting and responding to hacktivist-style DDoS activity and its common adjacent risks (misconfig exploitation during incident response, opportunistic intrusion attempts during traffic surges).

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-20T04:46:26+00:00

IOC Appendix (TLP:WHITE) — White Pulse

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-20T04:46:39+00:00

OSINT Library — White Pulse


2026-01-30 — truesec.com — “Newly Established Russian Hacker Alliance Threatens Denmark”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/9
Address Verification SOCMINT
t.me/+mo************** Restricted Not integrated
t.me/+vJ************** Restricted Not integrated
t.me/+GU************** Restricted Not integrated
t.me/wht*** Restricted Not integrated
t.me/+IP************** Restricted Not integrated
t.me/wht****** Restricted Not integrated
t.me/whi*************** Restricted Not integrated
t.me/whp**** Restricted Not integrated
Address Verification SOCMINT
cy******@dnmx.cc Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–8 of 8 images
Alliance with inteid Free Preview
Alliance with inteid
Alliance with Keymous Team Free Preview
Alliance with Keymous Team
Alliance with Hackhax Free Preview
Alliance with Hackhax
Propaganda Free Preview
Propaganda
Propaganda Free Preview
Propaganda
Alliance with Russian Partizan Free Preview
Alliance with Russian Partizan
Logo / Avatar Free Preview
Logo / Avatar
Logo / Avatar Free Preview
Logo / Avatar
Showing 4 of 8 images in preview mode. Additional evidence is restricted for Analyst and Premium plans.