Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity
· Published 12/11/2024 20:31 · Modified 13/11/2024 09:04
Essential information
- Published
- 12/11/2024 20:31
- Modified
- 13/11/2024 09:04
- Tags
- 2024-11-12 apt cyber espionage espionage hamas havoc demon ironwind middle east phishing samecoin wiper
- Related entities
- 90 observables, 1 intrusion sets (apt), 18 techniques (mitre), 3 malware, 7 others
Description
Check Point Research has been tracking ongoing activity of the WIRTE threat actor, associated with Hamas, despite the ongoing conflict in the region. The group continues to target entities in the Palestinian Authority, Jordan, Iraq, Egypt, and Saudi Arabia for espionage. WIRTE has expanded its operations to include disruptive attacks, with clear links found between their custom malware and the SameCoin wiper targeting Israeli entities. The group's tools have evolved, but key operational aspects remain consistent. WIRTE's activities persist throughout the war, complicating geographical attribution. The group employs various tactics, including custom loaders, phishing, and wipers, targeting both Israeli and other Middle Eastern entities.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Observables (90)
80.77.25.4980.77.25.2165.42.221.15145.59.118.14545.134.9.202195.123.210.42213.252.244.234193.168.141.29193.168.141.61188.92.78.148185.247.224.28140.99.164.86185.165.169.117140.99.164.56185.165.169.76https://theshortner.com/fxT1jhttps://suppertools.com/s/?uid=181b9056-7420-4cde-8523-5c609aface73https://healthscratches.com/s/?uid=06d32218-178c-49d77-b3cf-59df77c93469.trendingcharts.finance-analyst.comapi.finances-news.comsupport-api.financecovers.comwellhealthtech.comsuppertools.comtheshortner.comsaudiday.orgsaudi.orgsaudiarabianow.orgrequestinspector.comprintspoolerupdates.commicrosoftwindowshelp.commicrosoftteams365.commaster-dental.commicrosoftliveforums.comking-pharmacy.comjordanrefugees.comjordansons.cominclusiveeconomy.usinclusive-economy.comhealthscratches.comfinances-news.comhealthcarb.comhealthoptionstoday.comfinanceinfoguide.comfinance-analyst.comellemedic.comegypttourism-online.comegyptskytours.comegyptican.comeconomystocking.comeconomymentor.comeasybackupcloud.comdentalaccord.combankjordan.comf2de8a5daed043ef3ab1f52156a4f7ff8f9a382f7f58ace6abb463f5cbab060cfca0b3e57b3f9a14d18c435e564fe6db3620ba446e1b863737a9b36cbcc7251aeddd40d457088d8384784ce80eaf0aefb1485776e0916e60781befbd739d4608e6d2f43622e3ecdce80939eec9fffb47e6eb7fc0b9aa036e9e4e07d7360f2b89d3a53be1f64325c566bb71222b3747da81439dea8fc9a458fb459355cfa9e7f2c51952f2caf55b455e7c7eb8048422bb477e3a616cb68f6fa524e15892b9f328c22f0544e29c803d2cacbca3a57617496e3691389e9b65da84c374c90e699433c068b9e7130f6fb5763beb9564e92a89644755f223b2f65dc762ed5c77c5b8e3b7c5af2d7e1eb7651b1fe3a224121d3461f3473d081990c02ef8ab4ace13f785b447ba4370d9becef9ad084e7cdf8e1395bafde1d15e82e23ca1b9808fef13a79fe7b2f4c17dd0c7a00aaa6a779c30e2cb3faa4b14766e02f616d00e6f6e90079fc4c7cdcaa3c3c03ba65f138386e875d02f7fcaf10de720dfde20167e393f388ce87eefded0713c9258f8f2086dcc51028fb404ceb526f832df4c93108c81468818c7c2cbd60521b8eb59ff9a720840535651343b30c1b279515d42d8036a8a86791aa96bac086330bf927ea5c2725ff73aaedfadc2571f4f393aa4d3a6b6907e0d0f77fe1dcb1e7a0a0a2fc0c25a68eee551c7045935449ae64dcbd13109587c0a8d3dec1675fd8ba0a73fb5b8eee3bef0214aa78a7aab73b8ba9814651f9f795b997c248b2f344f813cd0c15d3d435e6218c91d0f0f54a464d739feead4c576a543a49e46ad9163b2a06f6cea7a5e8eb5183cd3213e64446a8c66310fac3a75c2fb3ae08502a57c8c96ea788ef946a8bb35fb4a16e76deefae4c94fd03fd75fa809c0e5dff03bd202b86cd334e80c7ed5dbad9aed7b12a3799ea0800e5f315b7e8e685f6ee6b4810ed94b4420e08a10a977516b47fea356173cfaec2c41a041112f36fc17f57f0e476c9ffa9e1ecbff796dc31a7ff0372d0d8708a5e9c50b3fc92e8a440ca16172f7d93bd9de3c6f9391e26d3a1cb964e966ee1ee31770df3d2409c7834287178f61116c9b653e3520172a10ebef58f58f99d27a34b839bd3b4ee3d5c1a7202b053159becac4d0b622641e2e4a7b27f339c03a90f287d3812d55c68aa7781db7f2324427508947f057a6baca78073fee9a5ad254147c82322abff990d33d99a0732ddbb3a39831c2c292f36955381d45cd8d40a816d9b47a2700142c0b78fdbf3df30125a72443e2317d5079a01ff26022a66d0b7bd4c5b10a4397f7d5da024b10c778910d6db84a6ba0fc3375fe6fe9b470f7e269ddc71602902a5e07a80aa56c24c6a8d4cca9fcfb32f32bb074f9c449cad5b3b18a070ce2ba2d3d2c1f0b5143d1cd291f6a09abe1c53e570800d8ae43622426c1c4343cac227dd5c97a36f54e4fa02df4e4c0339b513e4f8049616e2a815a108e34552f9b2a16cbe5af12b486d31b68ef397d6bc48b2736e6b388ad8895b588f1831f475d773e734290b93649a41ccda63772560b4fa25ba715b17df7b9f188836791606ab5a0b7080e783bba9b3ec53889e82ca4f2d304e67bd139aa267c22c281a36826cb6055be1ee503f87d040c84c0a7cacb245b4182445e3eee47ed6e073eca47
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[WIRTE](https://attack.mitre.org/groups/G0090) is a threat group that has been active since at least August 2018. [WIRTE](https://attack.mitre.org/groups/G0090) has targeted government, diplomatic, financial, military, legal, and technology organizations in the Middle …
First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
Techniques (MITRE) (18)
-
Inhibit System Recovery
-
Data from Information Repositories
-
Data Encrypted for Impact
-
Hijack Execution Flow
-
Boot or Logon Autostart Execution
-
Application Layer Protocol
-
Create or Modify System Process
-
Process Injection
-
Masquerading
-
Endpoint Denial of Service
-
User Execution
-
Deobfuscate/Decode Files or Information
-
Data Encoding
-
Obfuscated Files or Information
-
Phishing
-
Exploit Public-Facing Application
-
Valid Accounts
-
Command and Scripting Interpreter
Malware (3)
-
FamilyPublished 11/06/2026 11:50 · Modified 11/06/2026 11:50
-
FamilyPublished 12/11/2024 20:31 · Modified 12/11/2024 20:31
-
FamilyPublished 12/11/2024 20:31 · Modified 12/11/2024 20:31
Others (7)
- Iraq
- Egypt
- Saudi Arabia
- Jordan
- Israel
- Healthcare
- Government