relentlessly targeted critical infrastructure, supply chains, and government agencies, launching dozens of cyberattacks with increasing sophistication. What began as defacements and DDoS campaigns has evolved into stealth malware, AI-assisted reconnaissance, and persistent intrusions.

In this technical report, OP Innovate’s researchers reverse-engineered Handala’s malware, uncovering:

• Indicators of Compromise (IOCs) – YARA rules and threat intelligence to stay ahead.
• Malware internals – decompiling obfuscated binaries, unpacking payloads, and exposing custom-built evasion techniques.
• C2 infrastructure & exfiltration – Telegram, cloud storage, and proxy-based stealth operations.
• AI-powered analysis – how our machine learning models automated decryption, reverse engineering, and IOC detection to stay ahead.
• Stealth techniques – obfuscation, evasion, and persistence methods designed to bypass detection.