Bibi

Malware Profile Updated 9 days ago
Download STIX
Preview STIX
BiBi is a malicious software (malware) that was used in recent cyber attacks, notably by the Void Manticore group. The malware was named after Benjamin Netanyahu, the prime minister of Israel, and was deployed in a series of politically charged attacks against Israeli targets, indicating an intent to cause direct damage and send a political message. The BiBi wiper was also used in attacks in Albania from late 2023 to early 2024, with similar partition wipers dropped as part of the attack, strengthening the ties between events in both countries. The Void Manticore group had initial access provided by another actor, Scarred Manticore, and their primary objective was email exfiltration and deploying wipers and ransomware. The BiBi wiper operates by infecting system files and wiping them, typically leaving the extension ".BiBi" on wiped files. Interestingly, it does not infect files with the extensions “.out” and “.so”, likely because it relies on these file types and other essential libraries for the operating system to keep its process running. The default target path for the malware is "/", and it can receive command-line parameters such as target_path. The file name of this wiper was bibi-linux.out, hinting at its compatibility with Linux systems. These attacks were linked to a pro-Hamas hacktivist group targeting Israel, as reported by Security Affairs. A fake persona of an anti-Zionist Jewish group, "Anti-Zionist Jewish Hackers", was created, opposing the Israeli government and specifically Benjamin Netanyahu. This activity was further linked to Karma's activity, leading to the deployment of the BiBi wiper. These incidents highlight the increasing sophistication and politicization of cyber threats, with state actors and hacktivist groups using malware not only to cause direct harm but also to convey political messages.
What's your take? (Question 1 of 5)
7c628038-c6e1-416d-aaed-ee7244086b62 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Wiper Malware
2
Wiper malware is a type of malicious software designed to exploit and damage computer systems. It can infiltrate systems through various means, including suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can cause significant disruption, steal personal in
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Wiper
Windows
Ransom
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Bibi WiperUnspecified
2
The BiBi wiper is a malicious software (malware) utilized by the hacking group Void Manticore, with its name referencing the nickname of Israel's Prime Minister, Benjamin Netanyahu. The malware was first reported in late 2023 during attacks against Albania, where it was used to wipe data from comput
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bibi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Checkpoint
9 days ago
Bad Karma, No Justice: Void Manticore Destructive Activities in Israel - Check Point Research
CERT-EU
7 months ago
Israel warns of BiBi wiper attacks targeting Linux and Windows
CERT-EU
7 months ago
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
CERT-EU
7 months ago
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
Securityaffairs
7 months ago
Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper
CERT-EU
7 months ago
Pro-Hamas hackers target Israeli orgs with new BiBi-Linux wiper malware
CERT-EU
7 months ago
Israeli organizations subjected to new BiBi-Linux wiper malware attacks
CERT-EU
6 months ago
Windows systems targeted by new BiBi wiper malware version
CERT-EU
7 months ago
Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper
CERT-EU
7 months ago
Hamas Hackers Targeting Israelis with New BiBi-Linux Wiper Malware
Securityaffairs
3 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 449 by Pierluigi Paganini
Securityaffairs
24 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
6 months ago
Security Affairs newsletter Round 447 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 446 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 453 by Pierluigi Paganini
CERT-EU
3 months ago
New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
CERT-EU
7 months ago
Iran's MuddyWater Group Targets Israelis with Fake Memo Spear-Phishing
Securityaffairs
6 months ago
Security Affairs newsletter Round 447 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 456 by Pierluigi Paganini