|
Malware:
|
BiBi, BiBi-Linux, BiBi-Windows Wiper, BiBi Wiper, ChillWipe, Cl Wiper, CoolWipe, DEADWOOD, Detbosit, DistTrack, GOLD IONIC, Hamsa, Handala, Handala PowerShell Wiper, Handala Wiper, Hatef, Hatef Wiper, INC, Inc. Ransom, INC Ransom, INC Ransomware, Karma Shell, Lynx, Radthief, Red Alert, RedAlert, Rhadamanthus, Rhadamanthys, Rhadamanthys Stealer, Shamoon, W32.DistTrack, win.handala, ZeroCleare |
|
CVEs:
|
CVE-2017-11774, CVE-2018-20250, CVE-2019-0604, CVE-2023-3519, CVE-2023-48788, CVE-2024-30088 |
|
Technologies:
|
Apple iOS, Cisco Secure Firewall Management Center, Citrix NetScaler, CrowdStrike, F5 BIG-IP, Fortinet FortiClient EMS, Google Android, Google Chrome, Google Cloud Storage, Google Drive, Linux, Microsoft Active Directory, Microsoft Entra ID, Microsoft Intune, Microsoft SharePoint, Microsoft Windows, Microsoft Windows Server, NetBird, VeraCrypt, VMware ESXi |
|
Threat Actors:
|
313 Team, Agrius, APT33, APT34, BanishedKitten, Chrysene, CyberAv3ngers, CyberIslamicResistance, Dark Storm Team, DarkStormTeam, DieNet, Elfin, Evil Markhors, EvilMarkhors, FaDTeam, Fatimion, FatimiyounCyberTeam, GoldIonic, Handala, HandalaHack, HandalaHackTeam, Hatef, HomelandJustice, INC, INCRansomware, IslamicCyberResistanceInIraq, MRHELL112, MuddyWater, NoName05716, OilRig, PinkSandstorm, RedSandstorm, ScarredManticore, Seedworm, Serpens, Storm0494, Storm0842, Storm842, Sylhet Gang, SylhetGang, SylhetGangSG, TarnishedScorpius, TheFADTeam, VanillaTempest, VoidManticore |
|
Attacker Countries:
|
Iran, Iraq, Israel, Palestine, Russia, United States |
|
Attacker IPs:
|
107.189.19.52, 146.185.219.235, 23.254.228.135, 31.57.35.223, 82.25.35.25 |
|
Attacker Domains:
|
api.ipify.org, api.ip.sb, api.ra-backup.com, b.barracudacentral.org, bit.ly, cbl.abuseat.org, crowdstrike.com.vc, dnsbl-1.uceprotect.net, handala-hack.to, handala.to, icanhazip.com, ident.me, ip.anysrc.com, ip-api.com, ipecho.net, ipinfo.io, iplogger.org, redalerts.me, spam.dnsbl.sorbs.net, wtfismyip.com, www.myexternalip.com, www.shirideitch.com, zen.spamhaus.org |
|
Attacker URLs:
|
hxxp://23.254.228.135:80/file.php, hxxp://redalerts.me/app.apk, hxxps://api.ra-backup.com/analytics/submit.php, hxxps://bit.ly/4tWJhQh, hxxps:www.shirideitch.com/wp-content/uploads/2022/06/RedAlert.apk |
|
Attacker Hashes:
|
19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0, 2a5dd680c05b43d72365e8beb7e40088, 3236facc7a30df4ba4e57fddfba41ec5, 3cb9dea916432ffb8784ac36d1f2d3cd, 3dfb151d082df7937b01e2bb6030fe4a, 5087a896360f5d99fbf4eb859c824d19eb6fa358387bf6c2c5e836f7927921c5, 5986ab04dd6b3d259935249741d3eff2, 8316065c4536384611cbe7b6ba6a5f12f10db09949e66cb608c92ae8b69e4d67, 96dec6e07229201a02f538310815c695cf6147c548ff1c6a0def2fe38f3dcbc8, e035c858c1969cffc1a4978b86e90a30 |
|
Victim Industries:
|
Aerospace, Cloud Infrastructure, Defense, Education, Energy, Financial Services, Government, Healthcare, Industrials, Information Technology, IT Services, Manufacturing, Medical Devices, Military, Multimedia, Oil & Gas, Public Sector, Retail, Telecommunications, Transportation, Utilities, Water & Wastewater |
|
Victim Countries:
|
Albania, Australia, Bahrain, Canada, Costa Rica, Egypt, Iran, Ireland, Israel, Jordan, Kuwait, Lebanon, Qatar, Saudi Arabia, Syria, Thailand, Turkey, United Arab Emirates, United Kingdom, United States |