[threat-actors] Add Handala

2025-02-16 16:56:25 +00:00 · 2024-10-02 02:04:56 -07:00 · 2024-10-02 02:04:56 -07:00 · 3b57092dd1
commit 3b57092dd1
parent 84ca613198
1 changed files with 13 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -16872,6 +16872,19 @@
      },
      "uuid": "7d067b1a-89df-46ff-a2fc-d688da721236",
      "value": "AzzaSec"
+    },
+    {
+      "description": "Handala is a pro-Palestinian hacktivist group that targets Israeli organizations, employing tactics such as phishing, data theft, extortion, and destructive attacks using custom wiper malware. The group utilizes a multi-stage loading process, including a Delphi-coded second-stage loader and an AutoIT injector, to deliver wiper malware that specifically targets Windows and Linux environments. Their phishing campaigns often exploit major events and critical vulnerabilities, masquerading as legitimate organizations to gain initial access. Handala operates a data leak site to publicize stolen data, although claims of successful attacks are sometimes disputed by targeted organizations.",
+      "meta": {
+        "country": "PS",
+        "refs": [
+          "https://www.splunk.com/en_us/blog/security/handalas-wiper-threat-analysis-and-detections.html",
+          "https://www.trellix.com/blogs/research/handalas-wiper-targets-israel/",
+          "https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/"
+        ]
+      },
+      "uuid": "7b14f285-86e9-47da-be1a-16ce566c428b",
+      "value": "Handala"
    }
  ],
  "version": 315