SameCoin
Description
(HarfangLab) Following an X post by IntezerLab about an attack campaign that they dubbed “SameCoin”, we analyzed the samples they discovered and found a few identical variants. The infection vector appears to be an email impersonating the Israeli National Cyber Directorate, which tricks the reader into downloading malicious files which are presented as ‘security patches’.
Victims who download and execute linked files are infected with a wiper which, under certain circumstances, could also infect other hosts in the network. We assess that the campaign’s reach was limited, evidenced by the fact that the malware linked in the email was downloaded only a few dozen times.
Names
| Name |
|---|
| SameCoin |
Category
Malware
Type
- Wiper
Information
- https://harfanglab.io/insidethelab/samecoin-malware-hamas/
- https://research.checkpoint.com/2024/hamas-affiliated-threat-actor-expands-to-disruptive-activity/
Other Information
Uuid
2e249efb-70a3-40b4-b21d-ee20a3bec3b8
Last Card Change
2024-12-26