216.73.216.36

Indicator (IOC)

stix AlienVault · Published 29/01/2026 09:04 · Modified 30/04/2026 10:17

Essential information

Value / Name
2zrek3mkl72d5b6evpkx2rz2glzrltiorgblpfb2ttg6lacwlsdk4iqd.onion
Confidence
100/100
Revoked
No
Valid from
29/01/2026 08:39
Valid until
26/06/2026 09:34
Pattern type
stix
Published
29/01/2026 09:04
Modified
30/04/2026 10:17
Author / Source
AlienVault

Description

No description.

Pattern

[domain-name:value = '2zrek3mkl72d5b6evpkx2rz2glzrltiorgblpfb2ttg6lacwlsdk4iqd.onion']

Labels / Tags

Labels: apt-c-13 covert persistence cyclone fake pages file downloads frozenbarents obfs4 obfs4 obfuscation persistence mechanism phishing russia sandworm scheduled tasks spear-phishing spearphishing ssh tunneling telegram tor hidden service tor network

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Attack reports (1)

Intrusion sets (3)

  • APT-C-13
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • APT-C-13, Sandworm, FROZENBARENTS
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • Vortex Werewolf
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·