IOC pivotioc · md5
3cb9dea916432ffb8784ac36d1f2d3cd
IR · IranHandalaconfidence · high
Handala PowerShell wiper component MD5 from Check Point Research's 2026 Handala Hack report. Distributed via Group Policy logon scripts as a scheduled task; the batch loader 'handala.bat' chains the executable and the PowerShell script to overwrite files and corrupt the MBR.
- family
- Handala Wiper
- first seen
- Mar 31, 2024
- publisher
- Check Point Research