← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group we have known since 2014. During our investigation, we identified new tools used by this group, as well as indicators of compromise.
Indicators of Compromise (115)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 0320dd389fdbab25d46792bd2817675e | — | 2026-05-25 | |
| FileHash-MD5 | 0577db70844e88b32b954906e2f20798 | — | 2026-05-25 | |
| FileHash-MD5 | 0857c84b62289a1a9f29e19244e9a499 | — | 2026-05-25 | |
| FileHash-MD5 | 097ca205ad9e3b72018750280904718c | — | 2026-05-25 | |
| FileHash-MD5 | 0c514e137860f489e3801213460ef938 | — | 2026-05-25 | |
| FileHash-MD5 | 116f59e70a9df97f4adaea71eecb1e9a | — | 2026-05-25 | |
| FileHash-MD5 | 1b39e86eb772a0e40060b672b7f574f1 | — | 2026-05-25 | |
| FileHash-MD5 | 1d401d6e6fc0b00aaa2c65a0ac0cfd6b | — | 2026-05-25 | |
| FileHash-MD5 | 2042eb5d52f0b535a1ce6b6f954c8c2b | — | 2026-05-25 | |
| FileHash-MD5 | 216cb7f31d383c0dd892b284df05a495 | — | 2026-05-25 | |
| FileHash-MD5 | 25c8ed0511375dca57ef136ac3fa0cca | — | 2026-05-25 | |
| FileHash-MD5 | 28ecf8fb6719e14231b94b4d37629b0e | — | 2026-05-25 | |
| FileHash-MD5 | 2aa1e9765ef6b00b94a9b6be0041436a | — | 2026-05-25 | |
| FileHash-MD5 | 2b4ba4facf8c299749771a3a4369782e | — | 2026-05-25 | |
| FileHash-MD5 | 2cabb721681455dae1b6a26709def453 | — | 2026-05-25 | |
| FileHash-MD5 | 344ca9ea07cd4ac90ef27f8890d4ec05 | — | 2026-05-25 | |
| FileHash-MD5 | 36120f5e9411bcbac7104ef3fa964ed2 | — | 2026-05-25 | |
| FileHash-MD5 | 369b75bdcded16469ede7ab8bedcfae1 | — | 2026-05-25 | |
| FileHash-MD5 | 38fa4306fa4406ba31cf171af4d36e34 | — | 2026-05-25 | |
| FileHash-MD5 | 3c75cedb1196df5eab91f31411ed4b33 | — | 2026-05-25 | |
| FileHash-MD5 | 3e6e9df00a764b348ec611ee8504aca0 | — | 2026-05-25 | |
| FileHash-MD5 | 40a562b8600f843b717bc5951b2e3c29 | — | 2026-05-25 | |
| FileHash-MD5 | 42ac350bfbc5b4eb0fedba16c81919c7 | — | 2026-05-25 | |
| FileHash-MD5 | 493b901d1b33eb577db64aadd948f9ce | — | 2026-05-25 | |
| FileHash-MD5 | 5000a353399500bc78381dc95b6ed2dc | — | 2026-05-25 | |
| FileHash-MD5 | 50568b1f9335a7e3ba4e5df035a8fb86 | — | 2026-05-25 | |
| FileHash-MD5 | 51f7f794ed43fb90d0f8ebbb5effe628 | — | 2026-05-25 | |
| FileHash-MD5 | 5329f7bff9d0d5db28821b86c26d628f | — | 2026-05-25 | |
| FileHash-MD5 | 5339d1a666f3e40fe756505cf1d87d4b | — | 2026-05-25 | |
| FileHash-MD5 | 579a9952d31cad801a3988dbe7914ce7 | — | 2026-05-25 | |
| FileHash-MD5 | 63b6be9ae8d8024a40b200cccb438f1d | — | 2026-05-25 | |
| FileHash-MD5 | 67d7e3aeeb673bf60c59361c12a4ed81 | — | 2026-05-25 | |
| FileHash-MD5 | 69121c36eb8bf77962dca825fcffd873 | — | 2026-05-25 | |
| FileHash-MD5 | 6aa586bcc45ca2e92a4f0ef47e086fa1 | — | 2026-05-25 | |
| FileHash-MD5 | 6d7b2d1172bbdb7340972d844f6f0717 | — | 2026-05-25 | |
| FileHash-MD5 | 7242ac065b50bcde9308756b49dbadcb | — | 2026-05-25 | |
| FileHash-MD5 | 7a95360b7e0eb5b107a3d231abbc541a | — | 2026-05-25 | |
| FileHash-MD5 | 7f776ad200287d6de14a29158c457179 | — | 2026-05-25 | |
| FileHash-MD5 | 8158552950d2e13b075001ce0c52aa97 | — | 2026-05-25 | |
| FileHash-MD5 | 83edde9f7eeefac0363413972f35572b | — | 2026-05-25 | |
| FileHash-MD5 | 867b634588c0fd6b26684d502c15ab03 | — | 2026-05-25 | |
| FileHash-MD5 | 89572f0ed20791a5ac9fc4267d67ccb0 | — | 2026-05-25 | |
| FileHash-MD5 | 9769f43b9de8d19e803263267fa6d62e | — | 2026-05-25 | |
| FileHash-MD5 | 9bd788f285e32a05e6591d1eb36ebffc | — | 2026-05-25 | |
| FileHash-MD5 | 9eaae9491f6a50d6df0be393734a44cb | — | 2026-05-25 | |
| FileHash-MD5 | a632858f14b36f03d0f213f5f5d6bff2 | — | 2026-05-25 | |
| FileHash-MD5 | a75dbed984963b9ab21309c5b2f8fd9b | — | 2026-05-25 | |
| FileHash-MD5 | b4e183627b7399006c1bc47b3711e419 | — | 2026-05-25 | |
| FileHash-MD5 | b6aae073e7bfebf4d643c2bbeb5c02e1 | — | 2026-05-25 | |
| FileHash-MD5 | b8c753dd254509fba5077ffd5067eab0 | — | 2026-05-25 | |
| FileHash-MD5 | ba9ce06641067742f2afc9691faff1dc | — | 2026-05-25 | |
| FileHash-MD5 | bbf1fa694122e07635deeac11ad712f8 | — | 2026-05-25 | |
| FileHash-MD5 | bc3739dec8cd8f54f3f60a85f3ed600e | — | 2026-05-25 | |
| FileHash-MD5 | c0d1eaa15a2cefbab9735787575c8d8e | — | 2026-05-25 | |
| FileHash-MD5 | c5702eb250f855c8c872fffb9bb656ed | — | 2026-05-25 | |
| FileHash-MD5 | cc751619bfec0dc4607c17112b9e3b2c | — | 2026-05-25 | |
| FileHash-MD5 | d3c8afd22baa306ff659db1fac28574a | — | 2026-05-25 | |
| FileHash-MD5 | d5b38b252cf212a4a32763de36732d40 | — | 2026-05-25 | |
| FileHash-MD5 | eba3bcdb19a7e256bf8e2cc5b9c1cca9 | — | 2026-05-25 | |
| FileHash-MD5 | ec076cd21c483a40156f4e40d08daded | — | 2026-05-25 | |
| FileHash-MD5 | ed34f5a136fba4fdea976570faa33ed7 | — | 2026-05-25 | |
| FileHash-MD5 | f301aa3d62b5095eec4d8e34201a4769 | — | 2026-05-25 | |
| FileHash-MD5 | f42085522ec2ebb16edcf814e7c330ad | — | 2026-05-25 | |
| FileHash-MD5 | f56b31a4b47ad3365b18a7e922fba1a8 | — | 2026-05-25 | |
| FileHash-MD5 | f6f62456fb0fcc396fb654cbed339bc3 | — | 2026-05-25 | |
| FileHash-MD5 | f721a76deb28fd0b80d27fce6b8f5016 | — | 2026-05-25 | |
| FileHash-MD5 | f9c3bbe108566d1a6b070f9c5fb03160 | — | 2026-05-25 | |
| FileHash-MD5 | fb0f8027acf1b1e47e07a63d8812ed50 | — | 2026-05-25 | |
| FileHash-SHA1 | 51eed154b4cd5e949a709a26da673d925cabe1be | SHA1 of f6f62456fb0fcc396fb654cbed339bc3 | 2026-05-25 | |
| FileHash-SHA1 | a1e11a22eb07047a94de9a59a589178cbc78e1da | SHA1 of fb0f8027acf1b1e47e07a63d8812ed50 | 2026-05-25 | |
| FileHash-SHA256 | 6544aa44dfdd5e6c4985155af83a6b8884a23e2d4c9b71a66ee1fe8ebf66a2b4 | SHA256 of f6f62456fb0fcc396fb654cbed339bc3 | 2026-05-25 | |
| FileHash-SHA256 | 88dc7beba703964cccb84225c7243cd43a28694fb031a42240b0e56894e7a9c9 | SHA256 of fb0f8027acf1b1e47e07a63d8812ed50 | 2026-05-25 | |
| IPv4 | 146.70.53.171 | CC=BG ASN=AS9009 m247 ltd | 2026-05-25 | |
| IPv4 | 185.126.239.77 | CC=RU ASN=AS136258 brainstorm network inc | 2026-05-25 | |
| IPv4 | 185.22.154.73 | CC=RU ASN=AS51659 llc baxet | 2026-05-25 | |
| IPv4 | 185.250.181.207 | CC=ES ASN=ASNone | 2026-05-25 | |
| IPv4 | 185.53.179.136 | CC=DE ASN=AS61969 team internet ag | 2026-05-25 | |
| IPv4 | 194.102.104.207 | CC=RO ASN=ASNone | 2026-05-25 | |
| IPv4 | 194.87.196.163 | CC=RU ASN=AS51659 llc baxet | 2026-05-25 | |
| IPv4 | 195.58.49.9 | CC=RU ASN=AS51659 llc baxet | 2026-05-25 | |
| IPv4 | 37.228.129.224 | CC=FI ASN=AS200651 flokinet ltd | 2026-05-25 | |
| IPv4 | 45.15.65.134 | CC=US ASN=AS205835 uplink srl | 2026-05-25 | |
| IPv4 | 45.87.219.116 | CC=RU ASN=AS64429 dds service llc | 2026-05-25 | |
| IPv4 | 46.17.44.125 | CC=RU ASN=AS51659 llc baxet | 2026-05-25 | |
| IPv4 | 46.17.44.212 | CC=RU ASN=AS51659 llc baxet | 2026-05-25 | |
| IPv4 | 46.17.45.49 | CC=RU ASN=AS51659 llc baxet | 2026-05-25 | |
| IPv4 | 46.17.45.56 | CC=RU ASN=AS51659 llc baxet | 2026-05-25 | |
| IPv4 | 5.181.21.75 | CC=NL ASN=AS3214 xtom gmbh | 2026-05-25 | |
| IPv4 | 81.30.105.71 | CC=DE ASN=AS3320 deutsche telekom ag | 2026-05-25 | |
| IPv4 | 93.125.114.193 | CC=BY ASN=AS56740 datahata ltd | 2026-05-25 | |
| IPv4 | 93.125.114.57 | CC=BY ASN=AS56740 datahata ltd | 2026-05-25 | |
| domain | agenciakharis.com.br | — | 2026-05-25 | |
| domain | allgoodsdirect.com.au | — | 2026-05-25 | |
| domain | alnakhlah.com.sa | — | 2026-05-25 | |
| domain | amerikastaj.com | — | 2026-05-25 | |
| domain | bigbang.me | — | 2026-05-25 | |
| domain | cloudguide.in | — | 2026-05-25 | |
| domain | fishingflytackle.com | — | 2026-05-25 | |
| domain | goverru.com | — | 2026-05-25 | |
| domain | humanitas.si | — | 2026-05-25 | |
| domain | internationalcommoditiesllc.com | — | 2026-05-25 | |
| domain | investika-club.com | — | 2026-05-25 | |
| domain | istochnik.org | — | 2026-05-25 | |
| domain | kommando.live | — | 2026-05-25 | |
| domain | kufar.org | — | 2026-05-25 | |
| domain | lafortunaitalian.co.uk | — | 2026-05-25 | |
| domain | landscapeuganda.com | — | 2026-05-25 | |
| domain | mamurjor.com | — | 2026-05-25 | |
| domain | onedrivesupport.net | — | 2026-05-25 | |
| domain | spbnews.net | — | 2026-05-25 | |
| domain | tenkoff.org | — | 2026-05-25 | |
| domain | totallegacy.org | — | 2026-05-25 | |
| domain | ultimatecore.net | — | 2026-05-25 | |
| domain | wizzifi.com | — | 2026-05-25 | |
| hostname | firsai.tipshub.net | — | 2026-05-25 |
References (1)