 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Hamsa Wiper| Names | Hamsa Wiper | |
| Category | Malware | |
| Type | Wiper | |
| Description | (Intezer) After masquerading as a routine update, the script strategically pauses for 30 minutes. This delay creates a deceptive appearance of typical system behavior during this period. In the meantime, the script accomplishes reconnaissance to identify the Linux distribution in use, whether it be Red Hat, Ubuntu, or Debian. Subsequently, it quietly installs necessary tools, such as xfsprogs, wipe, and parted, which are pivotal for later tasks involving disk partition manipulation and the secure erasure of data. Like its Windows variant, this wiper version transmits data to the same Telegram channel. The shared information aligns with what’s sent by the Windows variant but adds specific details, such as the system directory’s drive letter and prepared information on disk space. The data is organized with clear headers and separators to facilitate understanding, forming a structured log that allows the attackers to track and assess the impact of their infiltration. | |
| Information | <https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/> | |
Last change to this tool card: 16 January 2024
Download this tool card in JSON format
Previous: HammerDuke
Next: Hancitor
| Changed | Name | Country | Observed | ||
Other groups | |||||
| Handala Hack Team | [Unknown] | 2023-Dec 2023 | |||
1 group listed (0 APT, 1 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |