← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity
WHITE WIRTE AlienVault 2024-11-12 Modified: 2024-12-12
91
IOCs
HIGH VOLUME
Check Point Research has been tracking ongoing activity of the WIRTE threat actor, associated with Hamas, despite the ongoing conflict in the region. The group continues to target entities in the Palestinian Authority, Jordan, Iraq, Egypt, and Saudi Arabia for espionage. WIRTE has expanded its operations to include disruptive attacks, with clear links found between their custom malware and the SameCoin wiper targeting Israeli entities. The group's tools have evolved, but key operational aspects remain consistent. WIRTE's activities persist throughout the war, complicating geographical attribution. The group employs various tactics, including custom loaders, phishing, and wipers, targeting both Israeli and other Middle Eastern entities.
ironwindhamasaptespionagecyber-espionagemiddle eastwiperhavoc demonphishingsamecoin
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
IronWind SameCoin Havoc Demon
Indicators of Compromise (91)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0e0a2ab9622d73cb7ce5bb81453fc67a 2024-11-12
FileHash-MD5 0e24fa3bb4de4977e68fa4438c025d9d 2024-11-12
FileHash-MD5 4a231b7fe78a606307a038ca3140a19b 2024-11-12
FileHash-MD5 66572a740d26abf3ea131704957ff7a6 2024-11-12
FileHash-MD5 88915eb58dc887d639845f3812338534 2024-11-12
FileHash-MD5 89f7d22009ba38b71aaa23db348e2ee1 2024-11-12
FileHash-MD5 ab0867d5376a12f00ca5fd06d628f8f4 2024-11-12
FileHash-MD5 f321fcbfa16d92fde8c4bad1b0968140 2024-11-12
FileHash-SHA1 06424f103c1dc7258e061990cdab1a6b84602160 2024-11-12
FileHash-SHA1 16f1dc4c8790f43208f5dfc4303dd011b6f75b6d 2024-11-12
FileHash-SHA1 1c4e293fb7d5929efde2b7e4c20fc7b60d0a1703 2024-11-12
FileHash-SHA1 2f1fba74aece779c290e7e100fc2080a5681ea44 2024-11-12
FileHash-SHA1 57942ac9c65a53d5589654f330341120aeba44ca 2024-11-12
FileHash-SHA1 5cf5a440c67a3c7e265bad6f01f486c1a02813de 2024-11-12
FileHash-SHA1 da6cc2d3213899e813b3ebeea8595a69b1e3d209 2024-11-12
FileHash-SHA1 e0a3195dbd9c952126cfcbba014190c4c1170b4b 2024-11-12
FileHash-SHA256 02902a5e07a80aa56c24c6a8d4cca9fcfb32f32bb074f9c449cad5b3b18a070c 2024-11-12
FileHash-SHA256 0a4397f7d5da024b10c778910d6db84a6ba0fc3375fe6fe9b470f7e269ddc716 2024-11-12
FileHash-SHA256 26cb6055be1ee503f87d040c84c0a7cacb245b4182445e3eee47ed6e073eca47 2024-11-12
FileHash-SHA256 2700142c0b78fdbf3df30125a72443e2317d5079a01ff26022a66d0b7bd4c5b1 2024-11-12
FileHash-SHA256 2abff990d33d99a0732ddbb3a39831c2c292f36955381d45cd8d40a816d9b47a 2024-11-12
FileHash-SHA256 2d55c68aa7781db7f2324427508947f057a6baca78073fee9a5ad254147c8232 2024-11-12
FileHash-SHA256 3b4ee3d5c1a7202b053159becac4d0b622641e2e4a7b27f339c03a90f287d381 2024-11-12
FileHash-SHA256 3d2409c7834287178f61116c9b653e3520172a10ebef58f58f99d27a34b839bd 2024-11-12
FileHash-SHA256 3fc92e8a440ca16172f7d93bd9de3c6f9391e26d3a1cb964e966ee1ee31770df 2024-11-12
FileHash-SHA256 41112f36fc17f57f0e476c9ffa9e1ecbff796dc31a7ff0372d0d8708a5e9c50b 2024-11-12
FileHash-SHA256 5b7e8e685f6ee6b4810ed94b4420e08a10a977516b47fea356173cfaec2c41a0 2024-11-12
FileHash-SHA256 5d773e734290b93649a41ccda63772560b4fa25ba715b17df7b9f18883679160 2024-11-12
FileHash-SHA256 5fa809c0e5dff03bd202b86cd334e80c7ed5dbad9aed7b12a3799ea0800e5f31 2024-11-12
FileHash-SHA256 6ab5a0b7080e783bba9b3ec53889e82ca4f2d304e67bd139aa267c22c281a368 2024-11-12
FileHash-SHA256 75c2fb3ae08502a57c8c96ea788ef946a8bb35fb4a16e76deefae4c94fd03fd7 2024-11-12
FileHash-SHA256 76a543a49e46ad9163b2a06f6cea7a5e8eb5183cd3213e64446a8c66310fac3a 2024-11-12
FileHash-SHA256 795b997c248b2f344f813cd0c15d3d435e6218c91d0f0f54a464d739feead4c5 2024-11-12
FileHash-SHA256 7c0a8d3dec1675fd8ba0a73fb5b8eee3bef0214aa78a7aab73b8ba9814651f9f 2024-11-12
FileHash-SHA256 7e0d0f77fe1dcb1e7a0a0a2fc0c25a68eee551c7045935449ae64dcbd1310958 2024-11-12
FileHash-SHA256 86791aa96bac086330bf927ea5c2725ff73aaedfadc2571f4f393aa4d3a6b690 2024-11-12
FileHash-SHA256 8818c7c2cbd60521b8eb59ff9a720840535651343b30c1b279515d42d8036a8a 2024-11-12
FileHash-SHA256 8ce87eefded0713c9258f8f2086dcc51028fb404ceb526f832df4c93108c8146 2024-11-12
FileHash-SHA256 9b2a16cbe5af12b486d31b68ef397d6bc48b2736e6b388ad8895b588f1831f47 2024-11-12
FileHash-SHA256 9fc4c7cdcaa3c3c03ba65f138386e875d02f7fcaf10de720dfde20167e393f38 2024-11-12
FileHash-SHA256 9fe7b2f4c17dd0c7a00aaa6a779c30e2cb3faa4b14766e02f616d00e6f6e9007 2024-11-12
FileHash-SHA256 ac227dd5c97a36f54e4fa02df4e4c0339b513e4f8049616e2a815a108e34552f 2024-11-12
FileHash-SHA256 b447ba4370d9becef9ad084e7cdf8e1395bafde1d15e82e23ca1b9808fef13a7 2024-11-12
FileHash-SHA256 b7c5af2d7e1eb7651b1fe3a224121d3461f3473d081990c02ef8ab4ace13f785 2024-11-12
FileHash-SHA256 c068b9e7130f6fb5763beb9564e92a89644755f223b2f65dc762ed5c77c5b8e3 2024-11-12
FileHash-SHA256 c22f0544e29c803d2cacbca3a57617496e3691389e9b65da84c374c90e699433 2024-11-12
FileHash-SHA256 c51952f2caf55b455e7c7eb8048422bb477e3a616cb68f6fa524e15892b9f328 2024-11-12
FileHash-SHA256 d3a53be1f64325c566bb71222b3747da81439dea8fc9a458fb459355cfa9e7f2 2024-11-12
FileHash-SHA256 e2ba2d3d2c1f0b5143d1cd291f6a09abe1c53e570800d8ae43622426c1c4343c 2024-11-12
FileHash-SHA256 e6d2f43622e3ecdce80939eec9fffb47e6eb7fc0b9aa036e9e4e07d7360f2b89 2024-11-12
FileHash-SHA256 eddd40d457088d8384784ce80eaf0aefb1485776e0916e60781befbd739d4608 2024-11-12
FileHash-SHA256 f2de8a5daed043ef3ab1f52156a4f7ff8f9a382f7f58ace6abb463f5cbab060c 2024-11-12
FileHash-SHA256 fca0b3e57b3f9a14d18c435e564fe6db3620ba446e1b863737a9b36cbcc7251a 2024-11-12
URL https://healthscratches.com/s/?uid=06d32218-178c-49d77-b3cf-59df77c93469. 2024-11-12
URL https://suppertools.com/s/?uid=181b9056-7420-4cde-8523-5c609aface73 2024-11-12
URL https://theshortner.com/fxT1j 2024-11-12
domain bankjordan.com 2024-11-12
domain dentalaccord.com 2024-11-12
domain easybackupcloud.com 2024-11-12
domain economymentor.com 2024-11-12
domain economystocking.com 2024-11-12
domain egyptican.com 2024-11-12
domain egyptskytours.com 2024-11-12
domain egypttourism-online.com 2024-11-12
domain ellemedic.com 2024-11-12
domain finance-analyst.com 2024-11-12
domain financeinfoguide.com 2024-11-12
domain finances-news.com 2024-11-12
domain healthcarb.com 2024-11-12
domain healthoptionstoday.com 2024-11-12
domain healthscratches.com 2024-11-12
domain inclusive-economy.com 2024-11-12
domain inclusiveeconomy.us 2024-11-12
domain jordanrefugees.com 2024-11-12
domain jordansons.com 2024-11-12
domain king-pharmacy.com 2024-11-12
domain master-dental.com 2024-11-12
domain microsoftliveforums.com 2024-11-12
domain microsoftteams365.com 2024-11-12
domain microsoftwindowshelp.com 2024-11-12
domain printspoolerupdates.com 2024-11-12
domain requestinspector.com 2024-11-12
domain saudi.org 2024-11-12
domain saudiarabianow.org 2024-11-12
domain saudiday.org 2024-11-12
domain suppertools.com 2024-11-12
domain theshortner.com 2024-11-12
domain wellhealthtech.com 2024-11-12
hostname api.finances-news.com 2024-11-12
hostname support-api.financecovers.com 2024-11-12
hostname trendingcharts.finance-analyst.com 2024-11-12
References (1)
↗ https://research.checkpoint.com/2024/hamas-affiliated-threat-actor-expands-to-disruptive-activity/