● 0 online
ANALYZING THREAT INTELLIGENCE
CTI
PORTAL
Threat Intelligence
INTELLIGENCE
Dashboard
IOC Search
Bulk Search
Pulses
Actors
Tags
Watchlist
ANALYSIS
Phishing
Knowledge Base
SYSTEM
Cache
← Back to Pulse Feed
PULSE
DETAIL
PULSE NAME
疑似APT-C-13(Sandworm)组织利用SSH+TOR隧道实现隐蔽持久化的攻击活动分析-安全资讯-360官网
WHITE
CyberHunter_NL
2026-04-29
Modified: 2026-04-29
13
IOCs
MEDIUM VOLUME
↓ CSV
↓ JSON
★ Watch
aptc13
sandworm
openssh
statepointer
windows
appdata
global
v5s 5pro
5sv2 5c
m310 k600
root
payload
decoy
shell
python
Indicators of Compromise (13)
All
CVE
FileHash-MD5
FileHash-SHA1
FileHash-SHA256
URL
domain
⎘ Copy All
TYPE
INDICATOR
DESCRIPTION
CREATED
CVE
CVE-2026-33829
—
2026-04-29
⎘
CVE
CVE-2026-34486
—
2026-04-29
⎘
FileHash-MD5
2156c270ffe8e4b23b67efed191b9737
—
2026-04-29
⎘
FileHash-SHA1
975d8bdfec6b58ae9004d526fa9f852108026a9c
SHA1 of 2156c270ffe8e4b23b67efed191b9737
2026-04-29
⎘
FileHash-SHA256
0a78005858bef767b39cfbbeb543a80dfde46807ee75594de77d3ddfe119e8b5
SHA256 of 2156c270ffe8e4b23b67efed191b9737
2026-04-29
⎘
URL
https://securityonline.info/sandworm-apt-attacks-belarus-military-with-lnk-exploit-and-openssh-over-tor-obfs4-backdoor/
—
2026-04-29
⎘
domain
2zrek3mkl72d5b6evpkx2rz2glzrltiorgblpfb2ttg6lacwlsdk4iqd.onion
—
2026-04-29
⎘
domain
3xl6xhboulyuez6fuydyhj7pdvkshzn4ogsmgwbb3ukrkvgi6bcwvfyd.onion
—
2026-04-29
⎘
domain
e3mnde5uyuxjoztup6t3m7nykbicexbzra76ucligwgsaez65w63y2ad.onion
—
2026-04-29
⎘
domain
imnlyhj4mtmtesqrvf7c4ma6dkxeyxw3ae53w6fuz42spndg7zpat6qd.onion
—
2026-04-29
⎘
domain
kvk46su7d2qi6g4n43syp4zbsf2rihnc6ztj77qtc2ojvewjqvqilnqd.onion
—
2026-04-29
⎘
domain
nytiplwknkinobjaeb5tajjiglip3vtaccju6ta7d47u5u64ktrwhrqd.onion
—
2026-04-29
⎘
domain
securityonline.info
—
2026-04-29
⎘
References (1)
↗ https://www.360.cn/n/13005.html