Handala’s Wiper: Threat Analysis and Detections

    Wednesday, September 11, 2024 In: Threat Research Print

    Date: 09/11/2024

    Severity: High

    Summary

    On July 20, 2024, a malware analysis platform revealed a phishing attachment and a destructive wiper payload linked to this campaign. Reports from Cisco Talos and other sources identify the Handala Hacking Team as responsible, a group that has been active since at least December 2023.

    Indicators of Compromise (IOC) List

    Hash

    96dec6e07229201a02f538310815c695cf6147c548ff1c6a0def2fe38f3dcbc8

19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0

8316065c4536384611cbe7b6ba6a5f12f10db09949e66cb608c92ae8b69e4d67

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    sha256hash IN ("96dec6e07229201a02f538310815c695cf6147c548ff1c6a0def2fe38f3dcbc8","19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0","8316065c4536384611cbe7b6ba6a5f12f10db09949e66cb608c92ae8b69e4d67")

    Reference:

    https://www.splunk.com/en_us/blog/security/handalas-wiper-threat-analysis-and-detections.html 


    Tags

    MalwarePhishing

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.