Bibi Wiper

Malware updated 3 months ago (2024-11-29T13:57:06.594Z)

Download STIX

Preview STIX

The BiBi wiper is a custom malware developed and utilized by the cyber threat group, Void Manticore. This malicious software, named after Israeli Prime Minister Benjamin Netanyahu's nickname "BiBi," is used to disrupt computer operations, exfiltrate email data, and in some instances, hold data for ransom. The group first gained significant public attention when it was linked to the BiBi wiper attacks in Israel from 2023-2024. During these operations, Void Manticore demonstrated not just an intent to cause direct damage but also to send politically charged messages. The group's operations extend beyond Israel, with similar attacks observed in Albania in late 2023 and early 2024. Void Manticore used partition wipers akin to those deployed in Israel as part of the BiBi wiper attacks. The file name of this wiper was bibi-linux.out, and the extensions of the wiped files were “.BiBi”. Interestingly, BiBi Wiper doesn’t infect files with the extensions “.out” and “.so”, likely because it relies on files with those extensions and other libraries essential for the OS and to keep the process running. Two actors have been identified within the group, both using different tools and access methods. Actor #1, known as Storm-0861 or Scarred Manticore, used tools such as Foxshell and Liontail to gain initial access via CVE-2019-0604, with the objective of email exfiltration. Actor #2, known as Storm-0842 or Void Manticore, then utilized the access provided by Actor #1 to deploy wipers and ransomware, including the BiBi Wiper. This coordinated approach and the use of politically symbolic malware names underscore the sophistication and potential geopolitical motivations of Void Manticore's operations.

Description last updated: 2024-10-10T23:16:17.881Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Bibi is a possible alias for Bibi Wiper. BiBi is a harmful malware designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This type	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Wiper

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Bibi Wiper Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	5 months ago	Lynx Ransomware: A Rebranding of INC Ransomware
InfoSecurity-magazine	10 months ago	Iran-Linked Void Manticore Intensifies Cyber-Attacks on Israel
Checkpoint	10 months ago	Bad Karma, No Justice: Void Manticore Destructive Activities in Israel - Check Point Research
CERT-EU	a year ago	Fake F5 BIG-IP zero-day warning emails push data wipers
CERT-EU	a year ago	FBI details Scattered Spider’s web of misery
CERT-EU	a year ago	Windows systems targeted by new BiBi wiper malware version
CERT-EU	a year ago	Israel warns of BiBi wiper attacks targeting Linux and Windows