{
	"id": "d77826e0-867c-43d6-a8a3-1891080d6bb2",
	"created_at": "2026-04-06T00:19:54.440922Z",
	"updated_at": "2026-04-10T03:28:03.149482Z",
	"deleted_at": null,
	"sha1_hash": "1c59fe579202d519411f22ec2dfbe73b850f6ef1",
	"title": "Handala (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37798,
	"plain_text": "Handala (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 12:37:33 UTC\r\nwin.handala (Back to overview)\r\nHandala\r\nActor(s): Handala\r\nAccording to Intezer, this is a second stage loader written in Delphi.\r\nReferences\r\n2024-09-06 ⋅ splunk ⋅ Splunk Threat Research Team\r\nHandala’s Wiper: Threat Analysis and Detections\r\nHandala Hatef Handala\r\n2024-07-26 ⋅ Trellix ⋅ Mathanraj Thangaraju, Max Kersten, Tomer Shloman\r\nHandala’s Wiper Targets Israel\r\nHandala Hatef Handala\r\n2023-12-20 ⋅ Intezer ⋅ Nicole Fishbein, Ryan Robinson\r\nOperation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk\r\nFlashDevelop Handala Hatef Handala\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.handala\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.handala\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.handala"
	],
	"report_names": [
		"win.handala"
	],
	"threat_actors": [
		{
			"id": "d0fef355-9eb9-4adc-8d90-a8c7494c4a81",
			"created_at": "2024-01-18T02:02:34.735032Z",
			"updated_at": "2026-04-10T02:00:05.011663Z",
			"deleted_at": null,
			"main_name": "Handala Hack Team",
			"aliases": [
				"Operation HamsaUpdate"
			],
			"source_name": "ETDA:Handala Hack Team",
			"tools": [
				"Hamsa Wiper",
				"Handala",
				"Hatef Wiper"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "4134675e-5b72-4b50-8d70-1a8f18aafbb4",
			"created_at": "2024-10-04T02:00:04.766263Z",
			"updated_at": "2026-04-10T02:00:03.715945Z",
			"deleted_at": null,
			"main_name": "Handala",
			"aliases": [],
			"source_name": "MISPGALAXY:Handala",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434794,
	"ts_updated_at": 1775791683,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1c59fe579202d519411f22ec2dfbe73b850f6ef1.pdf",
		"text": "https://archive.orkl.eu/1c59fe579202d519411f22ec2dfbe73b850f6ef1.txt",
		"img": "https://archive.orkl.eu/1c59fe579202d519411f22ec2dfbe73b850f6ef1.jpg"
	}
}