← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ACTIVIDAD MALICIOSA | Campaña de Cloud Atlas APT: Modificación de termsrv.dll para Múltiples Sesiones RDP (2025-2026)
WHITE esoporteingenieria2020 2026-05-27 Modified: 2026-05-27
42
IOCs
MEDIUM VOLUME
Cloud Atlas, un grupo APT activo desde al menos 2014, ha sido detectado utilizando una técnica sigilosa para mantener acceso persistente a sistemas Windows comprometidos. La campaña, identificada por investigadores de Securelist y reportada en mayo de 2026, se intensificó durante la segunda mitad de 2025 y principios de 2026, apuntando principalmente a agencias gubernamentales y organizaciones diplomáticas en Rusia y Bielorrusia.
tor clientmaliciousreverse sshsocksvbs tunnelssh tunneldefangrutasarchivomalware yta0005commanddiscoverypowershellmodify systemcontrolta0011ta0002ta0003modificacinphishingexecutionmasqueradingmalware
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (42)
All IPv4 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
IPv4 146.70.53.171 CC=BG ASN=AS9009 m247 ltd 2026-05-27
IPv4 185.126.239.77 CC=RU ASN=AS136258 brainstorm network inc 2026-05-27
IPv4 185.22.154.73 CC=RU ASN=AS51659 llc baxet 2026-05-27
IPv4 185.250.181.207 CC=ES ASN=ASNone 2026-05-27
IPv4 185.53.179.136 CC=DE ASN=AS61969 team internet ag 2026-05-27
IPv4 194.102.104.207 CC=RO ASN=ASNone 2026-05-27
IPv4 194.87.196.163 CC=RU ASN=AS51659 llc baxet 2026-05-27
IPv4 195.58.49.99 CC=RU ASN=AS51659 llc baxet 2026-05-27
IPv4 37.228.129.224 CC=FI ASN=AS200651 flokinet ltd 2026-05-27
IPv4 45.15.65.134 CC=US ASN=AS205835 uplink srl 2026-05-27
IPv4 45.87.219.116 CC=RU ASN=AS64429 dds service llc 2026-05-27
IPv4 46.17.44.125 CC=RU ASN=AS51659 llc baxet 2026-05-27
IPv4 46.17.44.212 CC=RU ASN=AS51659 llc baxet 2026-05-27
IPv4 46.17.45.49 CC=RU ASN=AS51659 llc baxet 2026-05-27
IPv4 46.17.45.56 CC=RU ASN=AS51659 llc baxet 2026-05-27
IPv4 5.181.21.75 CC=NL ASN=AS3214 xtom gmbh 2026-05-27
IPv4 81.30.105.71 CC=DE ASN=AS3320 deutsche telekom ag 2026-05-27
domain agenciakharis.com.br 2026-05-27
domain allgoodsdirect.com.au 2026-05-27
domain alnakhlah.com.sa 2026-05-27
domain amerikastaj.com 2026-05-27
domain bigbang.me 2026-05-27
domain cloudguide.in 2026-05-27
domain fishingflytackle.com 2026-05-27
domain goverru.com 2026-05-27
domain humanitas.si 2026-05-27
domain iinvestika-club.com 2026-05-27
domain internationalcommoditiesllc.com 2026-05-27
domain istochnik.org 2026-05-27
domain kommando.live 2026-05-27
domain kufar.org 2026-05-27
domain lafortunaitalian.co.uk 2026-05-27
domain landscapeuganda.com 2026-05-27
domain mamurjor.com 2026-05-27
domain onedrivesupport.net 2026-05-27
domain spbnews.net 2026-05-27
domain tenkoff.org 2026-05-27
domain totallegacy.org 2026-05-27
domain ultimatecore.net 2026-05-27
domain wizzifi.com 2026-05-27
domain znews.net 2026-05-27
hostname firsai.tipshub.net 2026-05-27
References (2)
↗ https://darfe.es/ciberwiki/index.php?title=Campa%C3%B1a_de_Cloud_Atlas_APT:_Modificaci%C3%B3n_de_termsrv.dll_para_M%C3%BAltiples_Sesiones_RDP_(2025-2026) ↗ https://www.virustotal.com/graph/embed/ga1ce30ad493148bba5add15fdb2866d6eb7315a9731e442e840788ed475fe66d?theme=dark