3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
We Put Everything First

We Put Everything First

ID: d3832ef753a7369cd598e0b6fd3d80fd52930
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion
Indonesia IDN
Updated: 2026-04-12
Created: 2026-03-30
Progress: 92% Completeness: 89% Freshness: 100%
Operation zone: Indonesia
Aliases Limited alias preview
W.P.E.F WPEF
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

W.P.E.F (We Put Everything First) is an emerging defacement-oriented hacktivist cluster whose current public footprint centers on opportunistic compromise of public-facing websites, visible content tampering, and archive-based amplification of claims.


Technique Technique name Tactics Evidence
T1190 Exploit Public-Facing Application TA0001
  • 2026-03-27 — Public defacement records attribute Poloss / W.P.E.F activity to compromise of public-facing websites, consistent with exploitation of internet-facing applications. · ref
  • 2026-03-27 — Additional public defacement records show the same operator-team pairing against exposed web properties. INFERENCE (confidence: medium): the access path likely involved a known web vulnerability or similar public-facing weakness. · ref
T1491.001 Internal Defacement TA0040
  • 2026-03-27 — Visible public defacement and mirrored proof-of-compromise are the core observed effect of W.P.E.F activity. · ref
T1595 Active Scanning TA0043
  • 2026-03-31 — INFERENCE (confidence: medium): repeated targeting of public-facing sites across multiple domains and countries is consistent with opportunistic scanning or broad internet discovery of weak web assets. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-12T18:50:06+00:00

Preliminary Intelligence — W.P.E.F (We Put Everything First)

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Category: Hacktivism / Defacement Cluster

Origin: Unknown


Executive Summary

W.P.E.F (“We Put Everything First”) is best assessed as an emerging defacement-oriented hacktivist cluster with a visible public footprint in defacement archives and limited but real alliance signaling. The strongest open-source anchors currently available are public team listings in defacement archives, repeated incident records tied to the team name, and a recent alliance announcement involving RAKYAT DIGITAL CREW. Available evidence supports treating W.P.E.F as a real operational label rather than a purely speculative alias, but the current public record does not support high-confidence claims about operator nationality, command structure, or a broader intrusion capability beyond web compromise and public-facing disruption.


At the time of writing, the most visible activity linked to W.P.E.F is mass defacement or mirror-style publication against exposed web properties, often recorded through public cyber-attack archive services. Public records indicate that the alias Poloss is repeatedly associated with W.P.E.F incidents, suggesting either a core operator or at minimum a recurrent public notifier. The observable operating model appears to prioritize public visibility, symbolic impact, and volume over stealth, persistence, or technically complex post-compromise operations.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — W.P.E.F

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — W.P.E.F

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-04-12T18:51:54+00:00

IOC Appendix — W.P.E.F

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-04-12T18:52:21+00:00

OSINT Library — W.P.E.F


2025-06-19 — X / FalconFeeds — "Alert: New Hacktivist Alliance — W.P.E.F and RAKYAT DIGITAL CREW"

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/4
Address Verification SOCMINT
t.me/WPE** Restricted Not integrated
Address Verification SOCMINT
whatsapp.com/cha***************************** Restricted Not integrated
whatsapp.com/cha***************************** Restricted Not integrated
whatsapp.com/cha***************************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
Logo / Avatar Free Preview
Logo / Avatar