Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:50:19 UTC
Home > List all groups > List all tools > List all groups using tool SameCoin
 Tool: SameCoin
Names SameCoin
Category Malware
Type Wiper
Description
(HarfangLab) Following an X post by IntezerLab about an attack campaign that they dubbed
“SameCoin”, we analyzed the samples they discovered and found a few identical variants. The
infection vector appears to be an email impersonating the Israeli National Cyber Directorate,
which tricks the reader into downloading malicious files which are presented as ‘security
patches’.
Victims who download and execute linked files are infected with a wiper which, under certain
circumstances, could also infect other hosts in the network. We assess that the campaign’s
reach was limited, evidenced by the fact that the malware linked in the email was downloaded
only a few dozen times.
Information
Last change to this tool card: 26 December 2024
Download this tool card in JSON format
All groups using tool SameCoin
Changed Name Country Observed
APT groups
 WIRTE Group [Middle East] 2018-Feb 2024
1 group listed (1 APT, 0 other, 0 unknown)
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2e249efb-70a3-40b4-b21d-ee20a3bec3b8
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2e249efb-70a3-40b4-b21d-ee20a3bec3b8
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2e249efb-70a3-40b4-b21d-ee20a3bec3b8
Page 2 of 2

APT groups WIRTE Group [Middle East] 2018-Feb 2024
1 group listed (1 APT, 0 other, 0 unknown) 
   Page 1 of 2