ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Hamsa Wiper

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Hamsa Wiper

NamesHamsa Wiper
CategoryMalware
TypeWiper
Description(Intezer) After masquerading as a routine update, the script strategically pauses for 30 minutes. This delay creates a deceptive appearance of typical system behavior during this period. In the meantime, the script accomplishes reconnaissance to identify the Linux distribution in use, whether it be Red Hat, Ubuntu, or Debian. Subsequently, it quietly installs necessary tools, such as xfsprogs, wipe, and parted, which are pivotal for later tasks involving disk partition manipulation and the secure erasure of data.

Like its Windows variant, this wiper version transmits data to the same Telegram channel. The shared information aligns with what’s sent by the Windows variant but adds specific details, such as the system directory’s drive letter and prepared information on disk space. The data is organized with clear headers and separators to facilitate understanding, forming a structured log that allows the attackers to track and assess the impact of their infiltration.
Information<https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/>

Last change to this tool card: 16 January 2024

Download this tool card in JSON format

All groups using tool Hamsa Wiper

ChangedNameCountryObserved

Other groups

 Handala Hack Team[Unknown]2023-Dec 2023 

1 group listed (0 APT, 1 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]