3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Excluidos

Excluidos

ID: 8e9f7589833d19dda8d4310736e0cff630791
Hacktivist Group Hacktivism
Threat types: Hacktivism, Defacement, Intrusion
Unknown ARG, URY
Updated: 2026-04-12
Created: 2026-04-01
Progress: 86% Completeness: 80% Freshness: 100%
Operation zone: Argentina, Uruguay
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: low
Actor Techniques page ATT&CK® Diagram

Excluidos is modeled as a weakly validated Spanish-speaking hacktivist / defacement identity with likely focus on public-facing web compromise and symbolic impact.


Technique Technique name Tactics Evidence
T1190 Exploit Public-Facing Application TA0001
  • 2026-04-02 — Public-facing application exploitation is the most plausible access path for a defacement-oriented actor model. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2026-04-02 — Valid-account abuse is a plausible but unconfirmed access path in low-complexity website compromises. · ref
T1505.003 Web Shell TA0003
  • 2026-04-02 — Web-shell-like persistence or control is consistent with many defacement operations, though not directly confirmed for Excluidos. · ref
T1491.001 Internal Defacement TA0040
  • 2026-04-02 — Internal defacement is consistent with the assessed actor model. · ref
T1491.002 External Defacement TA0040
  • 2026-04-02 — External/public defacement is the strongest behavioral fit for the actor. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-12T19:12:31+00:00
Excluidos — Emerging Spanish-Speaking Defacement / Hacktivist Identity with Sparse Public Validation

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Category: Hacktivism / Defacement — Origin: Unknown (Spanish-speaking nexus; LATAM or Spain plausible)

Author: iQBlack CTI Team


Executive Summary

Excluidos is best modeled as a probable Spanish-speaking hacktivist / defacement identity whose open-source footprint remains weak and insufficiently documented for high-confidence actor profiling. The currently available public trace does not support a mature dossier built around stable infrastructure, a well-documented member roster, or a repeatable set of technically attributed intrusions. Instead, the most defensible assessment is that Excluidos represents a small or short-lived defacement-oriented identity operating in the broader Spanish-speaking cyber-claim ecosystem.


Confidence is low-to-medium that Excluidos exists as a genuine operational label rather than a one-off alias or recycled branding. Confidence is low regarding country of origin, leadership, tooling, and campaign scale. The user-provided characterization of Excluidos as a LATAM-oriented or possibly Spanish group is analytically plausible because the name, probable linguistic environment, and reported attack style fit the wider Spanish-speaking hacktivist/defacement scene, but public validation remains too thin to close that assessment confidently.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Excluidos


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Excluidos


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-04-12T19:13:35+00:00

IOC Appendix — Excluidos


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-04-12T19:13:49+00:00

OSINT Library — Excluidos


2026-04-02 — Analytical note — “Excluidos remains a weakly validated Spanish-speaking hacktivist / defacement identity”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/1
Address Verification SOCMINT
t.me/exc******** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
Hacked website Free Preview
Hacked website