← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Spring harvest - Leek Likho group's campaign to hunt for documents
WHITE AlienVault 2026-05-18 Modified: 2026-05-18
120
IOCs
HIGH VOLUME
The Leek Likho group (also known as SkyCloak or Vortex Werewolf) was first described by researchers in 2025, when a series of targeted attacks on public sector organizations in Russia and Belarus became known. This campaign was called Operation SkyCloak. We observed the continuation of its activity during February-April 2026, and also discovered a new technique that attackers use to filter files.
LikhoSkycloaktelegramdropboxmessenger app
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (32 / 120 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 055e0229236497b91216b89395351ae8c9eed8f0 SHA1 of dea287ef5916eced7808ca3704ae67a6 2026-05-18
FileHash-SHA1 2282e2158b7fb714f77d8b0974d980b87884933f SHA1 of 3e3c5471c69e933fcffa4f497ca936b8 2026-05-18
FileHash-SHA1 29de6fff67bdd0d8fb8e68476ff1040fde48420a SHA1 of ab24e08da9e205ee3d3a5a2a05345cb9 2026-05-18
FileHash-SHA1 3d27e65ae5cb7aba8c529c8010b2414f24e4122b SHA1 of 4b94efa49fb59a43ac4a9fdf04c87ef6 2026-05-18
FileHash-SHA1 3dd268fb969eaeb5d9068e185a9e33d5e25073cd SHA1 of 53ac08488544ad1fefd6363db44549cf 2026-05-18
FileHash-SHA1 675ce37d4549fb9e2fabee91befa53c0bac157e0 SHA1 of 44652be9dc36c33ef0a35d4422523f7c 2026-05-18
FileHash-SHA1 694feb5c1f2b605eb58b4218fdc3d056f5d19aad SHA1 of 1ec5607bd9c37d6aabc43066fcb87ca6 2026-05-18
FileHash-SHA1 7490e916130a814b1e33c955f4a64ad23c08df5b SHA1 of 873480ab887de3a9cbbcccb982747637 2026-05-18
FileHash-SHA1 76b45853917fe87b3dc82331d542d1a6ddde806c SHA1 of 8c0434571198367df2cd1344f2bdc0cb 2026-05-18
FileHash-SHA1 7b50320a005cf68e5c17d51a8fd8422ceef1611a SHA1 of 0b6f7356919b9632c1158681ee0462f3 2026-05-18
FileHash-SHA1 854fb7550238d9e4983319540afc4b76f4a74237 SHA1 of f4d05a5cb783f1cdd179795125d23139 2026-05-18
FileHash-SHA1 85d1c4c90242c054b17060885de556dfa5fe4cf9 SHA1 of ac60971512c77f845cc4ec47400368a6 2026-05-18
FileHash-SHA1 863c91ef48d1fed77d260376a464bf0686d8afc6 SHA1 of ffefe836255e742abc3dc692d1dda3a4 2026-05-18
FileHash-SHA1 8e49c3ee98fc722c77b3b37e3abafb3581369b6e SHA1 of 99732e49668e56527963742922277459 2026-05-18
FileHash-SHA1 9001e990f70fcb3cb7432ab3729bc9262395a371 SHA1 of 6f49d5e80acdbef693263ef60399bb8b 2026-05-18
FileHash-SHA1 940658590d938380b71fd5055635c02564a63ef1 SHA1 of a6d095dc0e01f97db7e74cb5bed402dc 2026-05-18
FileHash-SHA1 95cc727a9bf07bff285060b3b68c4b3de828969c SHA1 of d7e7f396a695cb23d0fda4dc716e47a6 2026-05-18
FileHash-SHA1 975d8bdfec6b58ae9004d526fa9f852108026a9c SHA1 of 2156c270ffe8e4b23b67efed191b9737 2026-05-18
FileHash-SHA1 a609cf9a7250e6fbfc4cd3fdf04ea64b5a535617 SHA1 of 63426f624c930a756faf7ce3e7b4789f 2026-05-18
FileHash-SHA1 a75a744a8106626c39f5682556a0e58c40ce7315 SHA1 of a9cfe3f8ad5def658e774eb2f6f0792c 2026-05-18
FileHash-SHA1 aaa3b6ca2753ae491b639631c236cae350bdb0f7 SHA1 of 57dbf8c275fa56b9a84e9c4b9a35399e 2026-05-18
FileHash-SHA1 aaba9f60d81467c27c82f5c6d6cb6accd6890fc4 SHA1 of 227b3fa386cad73f0f388d801060e2c8 2026-05-18
FileHash-SHA1 aba35de9e819396f89f34c03058ebe71a7f98b6b SHA1 of 4d5074d6e0722ceec45a083fa8444164 2026-05-18
FileHash-SHA1 ae5f7d3e621a862bc156483ec8894d5d56b23d8f SHA1 of b95b03094ac3b361585ecfa88e0c78ca 2026-05-18
FileHash-SHA1 b2de369415574ffeb3858ff6a6213aa8397a331f SHA1 of 99dc0dbaf5bd3918803391ec8d6d802c 2026-05-18
FileHash-SHA1 b708bb12f86b0eb55a7f49cec9510efbc6b3e262 SHA1 of f2b470dc3fcd8a2fd7860851a81f3eb0 2026-05-18
FileHash-SHA1 c22150121a13713b395a155af5d55680dde56ac1 SHA1 of 6616717dfb2a795113b47d862c5412e2 2026-05-18
FileHash-SHA1 c2a8dae7ab6ea92dcfecbe2ab6ac7efc289d6a18 SHA1 of 6a72ad3c06a29e12e668e8701daee00e 2026-05-18
FileHash-SHA1 c6aeba8b8469176baaba41c3c1fc32543f656982 SHA1 of cbbd3923adb5705a1ce61cdebb6a93b6 2026-05-18
FileHash-SHA1 e7f20ba2f9c12f164fef37c618481564b4db3399 SHA1 of f1bc5841f6d6be1820848a7718bf4cce 2026-05-18
FileHash-SHA1 eb73acce3e09b649b6d736e5bbcfeeb0a00a7490 SHA1 of 82710b81e610f074fe97a4f76e7f0843 2026-05-18
FileHash-SHA1 fc3b95b64aa817262e1dbb2fbfe6983e70a5f340 SHA1 of 8dbeb747aab3d3814bcee52c3b0f6ee5 2026-05-18
References (1)
↗ https://securelist.ru/tr/leek-likho-hunting-for-data-with-tor-and-llms/115601/