Weekly Threat Bulletin – March 18th, 2026

Malware: BiBi, BiBi-Linux, BiBi-Windows Wiper, BiBi Wiper, ChillWipe, Cl Wiper, CoolWipe, DEADWOOD, Detbosit, DistTrack, GOLD IONIC, Hamsa, Handala, Handala PowerShell Wiper, Handala Wiper, Hatef, Hatef Wiper, INC, Inc. Ransom, INC Ransom, INC Ransomware, Karma Shell, Lynx, Radthief, Red Alert, RedAlert, Rhadamanthus, Rhadamanthys, Rhadamanthys Stealer, Shamoon, W32.DistTrack, win.handala, ZeroCleare CVEs: CVE-2017-11774, CVE-2018-20250, CVE-2019-0604, CVE-2023-3519, CVE-2023-48788, CVE-2024-30088 Technologies: Apple iOS, Cisco Secure Firewall Management Center, Citrix NetScaler, CrowdStrike, F5 BIG-IP, Fortinet FortiClient EMS, Google Android, Google Chrome, Google Cloud Storage, Google Drive, Linux, Microsoft Active Directory, Microsoft Entra ID, Microsoft Intune, Microsoft SharePoint, Microsoft Windows, Microsoft Windows Server, NetBird, VeraCrypt, VMware ESXi Threat Actors: 313 Team, Agrius, APT33, APT34, BanishedKitten, Chrysene, CyberAv3ngers, CyberIslamicResistance, Dark Storm Team, DarkStormTeam, DieNet, Elfin, Evil Markhors, EvilMarkhors, FaDTeam, Fatimion, FatimiyounCyberTeam, GoldIonic, Handala, HandalaHack, HandalaHackTeam, Hatef, HomelandJustice, INC, INCRansomware, IslamicCyberResistanceInIraq, MRHELL112, MuddyWater, NoName05716, OilRig, PinkSandstorm, RedSandstorm, ScarredManticore, Seedworm, Serpens, Storm0494, Storm0842, Storm842, Sylhet Gang, SylhetGang, SylhetGangSG, TarnishedScorpius, TheFADTeam, VanillaTempest, VoidManticore Attacker Countries: Iran, Iraq, Israel, Palestine, Russia, United States Attacker IPs: 107.189.19.52, 146.185.219.235, 23.254.228.135, 31.57.35.223, 82.25.35.25 Attacker Domains: api.ipify.org, api.ip.sb, api.ra-backup.com, b.barracudacentral.org, bit.ly, cbl.abuseat.org, crowdstrike.com.vc, dnsbl-1.uceprotect.net, handala-hack.to, handala.to, icanhazip.com, ident.me, ip.anysrc.com, ip-api.com, ipecho.net, ipinfo.io, iplogger.org, redalerts.me, spam.dnsbl.sorbs.net, wtfismyip.com, www.myexternalip.com, www.shirideitch.com, zen.spamhaus.org Attacker URLs: hxxp://23.254.228.135:80/file.php, hxxp://redalerts.me/app.apk, hxxps://api.ra-backup.com/analytics/submit.php, hxxps://bit.ly/4tWJhQh, hxxps:www.shirideitch.com/wp-content/uploads/2022/06/RedAlert.apk Attacker Hashes: 19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0, 2a5dd680c05b43d72365e8beb7e40088, 3236facc7a30df4ba4e57fddfba41ec5, 3cb9dea916432ffb8784ac36d1f2d3cd, 3dfb151d082df7937b01e2bb6030fe4a, 5087a896360f5d99fbf4eb859c824d19eb6fa358387bf6c2c5e836f7927921c5, 5986ab04dd6b3d259935249741d3eff2, 8316065c4536384611cbe7b6ba6a5f12f10db09949e66cb608c92ae8b69e4d67, 96dec6e07229201a02f538310815c695cf6147c548ff1c6a0def2fe38f3dcbc8, e035c858c1969cffc1a4978b86e90a30 Victim Industries: Aerospace, Cloud Infrastructure, Defense, Education, Energy, Financial Services, Government, Healthcare, Industrials, Information Technology, IT Services, Manufacturing, Medical Devices, Military, Multimedia, Oil & Gas, Public Sector, Retail, Telecommunications, Transportation, Utilities, Water & Wastewater Victim Countries: Albania, Australia, Bahrain, Canada, Costa Rica, Egypt, Iran, Ireland, Israel, Jordan, Kuwait, Lebanon, Qatar, Saudi Arabia, Syria, Thailand, Turkey, United Arab Emirates, United Kingdom, United States

Similar Posts

Leave a Reply