3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Team Herox

Team Herox

ID: 92087589f8c0fbd16605e9530ea5b11572342
Hacktivist Group Hacktivism
Threat types: Defacement, DDoS, Intrusion, Claims-driven, Propaganda, Pro-Palestine
Unknown
Updated: 2026-01-13
Created: 2025-10-20
Progress: 47% Completeness: 45% Freshness: 50%
Operation zone:
Aliases Limited alias preview
TeamHerox
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: low-medium
Actor Techniques page ATT&CK® Diagram

Team Herox — conflict-era hacktivist label with Telegram claims (anti-Israel posture). Sparse technical artifacts; treat as low-soph DDoS/defacement actor with coalition amplification.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2023–2024 — Group appears in conflict roundups of DDoS/defacement actors during Israel–Hamas cyber spillover. · ref
T1491.002 External Defacement TA0040
  • 2023-10 — Listed among defacement-prone actors in community and DRP roundups. · ref
T1585 Establish Accounts TA0042
  • 2023–2024 — Telegram persona/channel used for claims; endorsements by other banners observed. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-21T03:50:43+00:00
Team Herox — South/Central Asia-Aligned Hacktivist Label (Low Artifact, High Noise)

CLASSIFICATION: Unclassified / Open Source


Executive Summary

Team Herox appears in conflict roundups as a pro-Palestinian / anti-Israel hacktivist label operating on Telegram. OSINT shows sporadic claim posts (e.g., claims vs. Israel’s MFA site) and listing in actor rosters documenting the Israel–Gaza cyber spillover. Technical substantiation is limited; treat as low-soph DDoS/defacement oriented. Confidence: low–medium (curated listings + a few claim relays).

  • Positioning. Anti-Israel posture; sometimes grouped with Pakistan/Malaysia/Indonesia banners in conflict matrices (heritage uncertain).
  • Footprint. Telegram announcements; occasional third-party tweets/feeds relaying claims.
  • Objectives. Attention capture and solidarity signaling via nuisance DDoS/defacements; low OPSEC and high channel churn. INFERENCE (medium).
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.