Cloud Atlas May Hide Their Tracks but 1,800+ Unpublicized Artifacts Can Help Orgs Tag Them | WhoisXML API

Threat Reports

Cloud Atlas May Hide Their Tracks but 1,800+ Unpublicized Artifacts Can Help Orgs Tag Them

All advanced persistent threat (APT) groups aim for detection evasion to enable lateral movement. But apart from tools, tactics, and procedures (TTPs) typically employed in targeted attacks, Cloud Atlas trailed its sights on targets in politically charged nations as an additional evasion tactic.

Despite the threat actors’ efforts to hide from investigators, though, Check Point Research (CPR) still managed to identify 10 indicators of compromise (IoCs) that WhoisXML API researchers expanded further to include 1,850 more artifacts.

Our deep dive into Cloud Atlas revealed:

  • Eight additional IP addresses the domains identified as IoCs resolved to
  • 300+ additional domains that shared the IoCs’ IP hosts, two of which are malicious
  • 1,500+ more domains that contained unique strings found among the domains identified as IoCs, one of which is malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/
Try our WhoisXML API for free
Get started