Today > vulnerabilities   -   You can now download lists of IOCs here!

Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity

Nov. 13, 2024, 9:04 a.m.

Tags
apt
espionage
phishing
wiper
cyber-espionage
2024-11-12
middle east
ironwind
hamas
havoc demon
samecoin
External References
Description

Check Point Research has been tracking ongoing activity of the WIRTE threat actor, associated with Hamas, despite the ongoing conflict in the region. The group continues to target entities in the Palestinian Authority, Jordan, Iraq, Egypt, and Saudi Arabia for espionage. WIRTE has expanded its operations to include disruptive attacks, with clear links found between their custom malware and the SameCoin wiper targeting Israeli entities. The group's tools have evolved, but key operational aspects remain consistent. WIRTE's activities persist throughout the war, complicating geographical attribution. The group employs various tactics, including custom loaders, phishing, and wipers, targeting both Israeli and other Middle Eastern entities.

Date

Published: Nov. 12, 2024, 8:31 p.m.

Created: Nov. 12, 2024, 8:31 p.m.

Modified: Nov. 13, 2024, 9:04 a.m.

Indicators

f2de8a5daed043ef3ab1f52156a4f7ff8f9a382f7f58ace6abb463f5cbab060c

fca0b3e57b3f9a14d18c435e564fe6db3620ba446e1b863737a9b36cbcc7251a

eddd40d457088d8384784ce80eaf0aefb1485776e0916e60781befbd739d4608

e6d2f43622e3ecdce80939eec9fffb47e6eb7fc0b9aa036e9e4e07d7360f2b89

d3a53be1f64325c566bb71222b3747da81439dea8fc9a458fb459355cfa9e7f2

c51952f2caf55b455e7c7eb8048422bb477e3a616cb68f6fa524e15892b9f328

c22f0544e29c803d2cacbca3a57617496e3691389e9b65da84c374c90e699433

c068b9e7130f6fb5763beb9564e92a89644755f223b2f65dc762ed5c77c5b8e3

b7c5af2d7e1eb7651b1fe3a224121d3461f3473d081990c02ef8ab4ace13f785

b447ba4370d9becef9ad084e7cdf8e1395bafde1d15e82e23ca1b9808fef13a7

9fe7b2f4c17dd0c7a00aaa6a779c30e2cb3faa4b14766e02f616d00e6f6e9007

9fc4c7cdcaa3c3c03ba65f138386e875d02f7fcaf10de720dfde20167e393f38

8ce87eefded0713c9258f8f2086dcc51028fb404ceb526f832df4c93108c8146

8818c7c2cbd60521b8eb59ff9a720840535651343b30c1b279515d42d8036a8a

86791aa96bac086330bf927ea5c2725ff73aaedfadc2571f4f393aa4d3a6b690

7e0d0f77fe1dcb1e7a0a0a2fc0c25a68eee551c7045935449ae64dcbd1310958

7c0a8d3dec1675fd8ba0a73fb5b8eee3bef0214aa78a7aab73b8ba9814651f9f

795b997c248b2f344f813cd0c15d3d435e6218c91d0f0f54a464d739feead4c5

76a543a49e46ad9163b2a06f6cea7a5e8eb5183cd3213e64446a8c66310fac3a

75c2fb3ae08502a57c8c96ea788ef946a8bb35fb4a16e76deefae4c94fd03fd7

5fa809c0e5dff03bd202b86cd334e80c7ed5dbad9aed7b12a3799ea0800e5f31

5b7e8e685f6ee6b4810ed94b4420e08a10a977516b47fea356173cfaec2c41a0

41112f36fc17f57f0e476c9ffa9e1ecbff796dc31a7ff0372d0d8708a5e9c50b

3fc92e8a440ca16172f7d93bd9de3c6f9391e26d3a1cb964e966ee1ee31770df

3d2409c7834287178f61116c9b653e3520172a10ebef58f58f99d27a34b839bd

3b4ee3d5c1a7202b053159becac4d0b622641e2e4a7b27f339c03a90f287d381

2d55c68aa7781db7f2324427508947f057a6baca78073fee9a5ad254147c8232

2abff990d33d99a0732ddbb3a39831c2c292f36955381d45cd8d40a816d9b47a

2700142c0b78fdbf3df30125a72443e2317d5079a01ff26022a66d0b7bd4c5b1

0a4397f7d5da024b10c778910d6db84a6ba0fc3375fe6fe9b470f7e269ddc716

02902a5e07a80aa56c24c6a8d4cca9fcfb32f32bb074f9c449cad5b3b18a070c

e2ba2d3d2c1f0b5143d1cd291f6a09abe1c53e570800d8ae43622426c1c4343c

ac227dd5c97a36f54e4fa02df4e4c0339b513e4f8049616e2a815a108e34552f

9b2a16cbe5af12b486d31b68ef397d6bc48b2736e6b388ad8895b588f1831f47

5d773e734290b93649a41ccda63772560b4fa25ba715b17df7b9f18883679160

6ab5a0b7080e783bba9b3ec53889e82ca4f2d304e67bd139aa267c22c281a368

26cb6055be1ee503f87d040c84c0a7cacb245b4182445e3eee47ed6e073eca47

80.77.25.49

80.77.25.216

5.42.221.151

45.59.118.145

45.134.9.202

195.123.210.42

213.252.244.234

193.168.141.29

193.168.141.61

188.92.78.148

185.247.224.28

140.99.164.86

185.165.169.117

140.99.164.56

185.165.169.76

https://theshortner.com/fxT1j

https://suppertools.com/s/?uid=181b9056-7420-4cde-8523-5c609aface73

https://healthscratches.com/s/?uid=06d32218-178c-49d77-b3cf-59df77c93469.

trendingcharts.finance-analyst.com

api.finances-news.com

support-api.financecovers.com

wellhealthtech.com

suppertools.com

theshortner.com

saudiday.org

saudi.org

saudiarabianow.org

requestinspector.com

printspoolerupdates.com

microsoftwindowshelp.com

microsoftteams365.com

master-dental.com

microsoftliveforums.com

king-pharmacy.com

jordanrefugees.com

jordansons.com

inclusiveeconomy.us

inclusive-economy.com

healthscratches.com

finances-news.com

healthcarb.com

healthoptionstoday.com

financeinfoguide.com

finance-analyst.com

ellemedic.com

egypttourism-online.com

egyptskytours.com

egyptican.com

economystocking.com

economymentor.com

easybackupcloud.com

dentalaccord.com

bankjordan.com

Download all indicators here!

Attack Patterns

Havoc Demon

SameCoin

IronWind

WIRTE

T1490

T1213

T1486

T1574

T1547

T1071

T1543

T1055

T1036

T1499

T1204

T1140

T1132

T1027

T1566

T1190

T1078

T1059

Additional Informations

Healthcare

Government

Iraq

Egypt

Saudi Arabia

Jordan

Israel