SYMBOLCOMMON_NAMEaka. SYNONYMS

AridViper  (Back to overview)

aka: Desert Falcon, Arid Viper, APT-C-23


Associated Families
apk.glancelove apk.gnatspy apk.spyc23 apk.unidentified_004 ios.phenakite win.aridgopher win.aridhelper win.barbie win.barbwire win.micropsia

References
2023-04-04SymantecThreat Hunter Team
@online{team:20230404:mantis:dc4d88d, author = {Threat Hunter Team}, title = {{Mantis: New Tooling Used in Attacks Against Palestinian Targets}}, date = {2023-04-04}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-attacks}, language = {English}, urldate = {2023-04-25} } Mantis: New Tooling Used in Attacks Against Palestinian Targets
Arid Gopher Micropsia
2022-04-06CybereasonCybereason Nocturnus
@online{nocturnus:20220406:operation:5add58e, author = {Cybereason Nocturnus}, title = {{Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials}}, date = {2022-04-06}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials}, language = {English}, urldate = {2022-06-27} } Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
Barb(ie) Downloader BarbWire
2022-03-22The RegisterJeff Burt
@online{burt:20220322:what:a42ef40, author = {Jeff Burt}, title = {{What does Go-written malware look like? Here's a sample under the microscope}}, date = {2022-03-22}, organization = {The Register}, url = {https://www.theregister.com/2022/03/22/arid-gopher-malware-deep-instinct/}, language = {English}, urldate = {2022-03-25} } What does Go-written malware look like? Here's a sample under the microscope
Arid Gopher
2022-03-21DeepInstinctSimon Kenin, Asaf Gilboa
@online{kenin:20220321:what:8802a1d, author = {Simon Kenin and Asaf Gilboa}, title = {{What is Arid Gopher? An Analysis of a New, Never-Before-Seen Malware Variant}}, date = {2022-03-21}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/arid-gopher-the-newest-micropsia-malware-variant}, language = {English}, urldate = {2022-03-25} } What is Arid Gopher? An Analysis of a New, Never-Before-Seen Malware Variant
Arid Gopher AridHelper
2022-02-02CiscoAsheer Malhotra, Vitor Ventura
@online{malhotra:20220202:arid:420217a, author = {Asheer Malhotra and Vitor Ventura}, title = {{Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware}}, date = {2022-02-02}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/02/arid-viper-targets-palestine.html}, language = {English}, urldate = {2022-02-04} } Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
Micropsia
2021-05-04malware4allmalware4all
@online{malware4all:20210504:grab:184a10a, author = {malware4all}, title = {{Grab your own copy of Phenakite iOS malware today}}, date = {2021-05-04}, organization = {malware4all}, url = {https://malware4all.blogspot.com/2021/05/grab-your-own-copy-phenakite-ios.html}, language = {English}, urldate = {2021-05-12} } Grab your own copy of Phenakite iOS malware today
Phenakite
2021-04-21FacebookMichael Flossman, Michael Scott
@techreport{flossman:20210421:technical:455f5b5, author = {Michael Flossman and Michael Scott}, title = {{Technical Paper // Taking Action Against Arid Viper}}, date = {2021-04-21}, institution = {Facebook}, url = {https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf}, language = {English}, urldate = {2021-04-28} } Technical Paper // Taking Action Against Arid Viper
Viper RAT Micropsia
2020-09-30ESET ResearchLukáš Štefanko
@online{tefanko:20200930:aptc23:033fea8, author = {Lukáš Štefanko}, title = {{APT‑C‑23 group evolves its Android spyware}}, date = {2020-09-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/}, language = {English}, urldate = {2020-10-04} } APT‑C‑23 group evolves its Android spyware
SpyC23
2020-02-16Check Point ResearchCheck Point Research
@online{research:20200216:hamas:c7c85d6, author = {Check Point Research}, title = {{Hamas Android Malware On IDF Soldiers-This is How it Happened}}, date = {2020-02-16}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2020/hamas-android-malware-on-idf-soldiers-this-is-how-it-happened/}, language = {English}, urldate = {2020-02-25} } Hamas Android Malware On IDF Soldiers-This is How it Happened
Unidentified APK 004
2019-08-15Github (jeFF0Falltrades)Jeff Archer
@online{archer:20190815:micropsia:8ed52a1, author = {Jeff Archer}, title = {{MICROPSIA (APT-C-23)}}, date = {2019-08-15}, organization = {Github (jeFF0Falltrades)}, url = {https://github.com/jeFF0Falltrades/IoCs/blob/master/APT/micropsia_apt_c_23.md}, language = {English}, urldate = {2019-12-10} } MICROPSIA (APT-C-23)
Micropsia
2018-07-08Check Point ResearchCheck Point Research
@online{research:20180708:attack:bc66648, author = {Check Point Research}, title = {{APT Attack In the Middle East: The Big Bang}}, date = {2018-07-08}, organization = {Check Point Research}, url = {https://research.checkpoint.com/apt-attack-middle-east-big-bang/}, language = {English}, urldate = {2020-01-08} } APT Attack In the Middle East: The Big Bang
Micropsia The Big Bang
2018-07-03ClearSkyClearSky Research Team
@online{team:20180703:infrastructure:139fa0f, author = {ClearSky Research Team}, title = {{Infrastructure and Samples of Hamas’ Android Malware Targeting Israeli Soldiers}}, date = {2018-07-03}, organization = {ClearSky}, url = {https://www.clearskysec.com/glancelove/}, language = {English}, urldate = {2019-10-15} } Infrastructure and Samples of Hamas’ Android Malware Targeting Israeli Soldiers
GlanceLove
2018-07-03HaaretzYaniv Kubovich
@online{kubovich:20180703:hamas:372b78f, author = {Yaniv Kubovich}, title = {{Hamas Cyber Ops Spied on Hundreds of Israeli Soldiers Using Fake World Cup, Dating Apps}}, date = {2018-07-03}, organization = {Haaretz}, url = {https://www.haaretz.com/israel-news/hamas-cyber-ops-spied-on-israeli-soldiers-using-fake-world-cup-app-1.6241773}, language = {English}, urldate = {2019-11-29} } Hamas Cyber Ops Spied on Hundreds of Israeli Soldiers Using Fake World Cup, Dating Apps
GlanceLove
2017-12-18Trend MicroEcular Xu, Grey Guo
@online{xu:20171218:new:3572cbc, author = {Ecular Xu and Grey Guo}, title = {{New GnatSpy Mobile Malware Family Discovered}}, date = {2017-12-18}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/17/l/new-gnatspy-mobile-malware-family-discovered.html}, language = {English}, urldate = {2021-05-26} } New GnatSpy Mobile Malware Family Discovered
GnatSpy
2017-06-19Cisco TalosPaul Rascagnères, Warren Mercer, Emmanuel Tacheau, Vanja Svajcer, Martin Lee
@online{rascagnres:20170619:delphi:fdf6859, author = {Paul Rascagnères and Warren Mercer and Emmanuel Tacheau and Vanja Svajcer and Martin Lee}, title = {{Delphi Used To Score Against Palestine}}, date = {2017-06-19}, organization = {Cisco Talos}, url = {http://blog.talosintelligence.com/2017/06/palestine-delphi.html}, language = {English}, urldate = {2019-07-27} } Delphi Used To Score Against Palestine
Micropsia AridViper
2017-06-14ThreatConnectThreatConnect Research Team
@online{team:20170614:phantom:0078e23, author = {ThreatConnect Research Team}, title = {{Phantom of the Opaera: New KASPERAGENT Malware Campaign}}, date = {2017-06-14}, organization = {ThreatConnect}, url = {https://www.threatconnect.com/blog/kasperagent-malware-campaign/}, language = {English}, urldate = {2019-10-14} } Phantom of the Opaera: New KASPERAGENT Malware Campaign
KasperAgent AridViper
2017-04-05Palo Alto Networks Unit 42Tomer Bar, Tom Lancaster
@online{bar:20170405:targeted:feb4b54, author = {Tomer Bar and Tom Lancaster}, title = {{Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA}}, date = {2017-04-05}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2017/04/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/}, language = {English}, urldate = {2019-12-20} } Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA
KasperAgent Micropsia
2017-02-16LookoutMichael Flossman
@online{flossman:20170216:viperrat:85bc048, author = {Michael Flossman}, title = {{ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar}}, date = {2017-02-16}, organization = {Lookout}, url = {https://blog.lookout.com/blog/2017/02/16/viperrat-mobile-apt/}, language = {English}, urldate = {2020-01-13} } ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar
Viper RAT AridViper
2017-02-16Kaspersky LabsIDF C4I, Ido Naor
@online{c4i:20170216:breaking:b65439a, author = {IDF C4I and Ido Naor}, title = {{Breaking The Weakest Link Of The Strongest Chain}}, date = {2017-02-16}, organization = {Kaspersky Labs}, url = {https://securelist.com/breaking-the-weakest-link-of-the-strongest-chain/77562/}, language = {English}, urldate = {2019-12-20} } Breaking The Weakest Link Of The Strongest Chain
GlanceLove
2017-02-16Kaspersky LabsIDF C4I, Ido Naor
@online{c4i:20170216:breaking:cc7bead, author = {IDF C4I and Ido Naor}, title = {{Breaking The Weakest Link Of The Strongest Chain}}, date = {2017-02-16}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/}, language = {English}, urldate = {2019-12-20} } Breaking The Weakest Link Of The Strongest Chain
Viper RAT AridViper
2017-02-05IDFIDF
@online{idf:20170205:hamas:b96235f, author = {IDF}, title = {{Hamas Uses Fake Facebook Profiles to Target Israeli Soldiers}}, date = {2017-02-05}, organization = {IDF}, url = {https://www.idf.il/en/minisites/hamas/hamas-uses-fake-facebook-profiles-to-target-israeli-soldiers/}, language = {English}, urldate = {2019-12-31} } Hamas Uses Fake Facebook Profiles to Target Israeli Soldiers
GlanceLove
2015-09-18ProofpointProofpoint Staff
@online{staff:20150918:operation:9af478b, author = {Proofpoint Staff}, title = {{Operation Arid Viper Slithers Back into View}}, date = {2015-09-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-Back-Into-View}, language = {English}, urldate = {2019-12-20} } Operation Arid Viper Slithers Back into View
AridViper
2015-02-25Trend MicroTrend Micro Threat Research Team
@techreport{team:20150225:operation:3300d1e, author = {Trend Micro Threat Research Team}, title = {{OPERATION ARID VIPER: Bypassing the Iron Dome}}, date = {2015-02-25}, institution = {Trend Micro}, url = {http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf}, language = {English}, urldate = {2020-01-09} } OPERATION ARID VIPER: Bypassing the Iron Dome
AridViper
2015-02-19Security AffairsPierluigi Paganini
@online{paganini:20150219:arid:c2612d7, author = {Pierluigi Paganini}, title = {{Arid Viper – Israel entities targeted by malware packaged with sex video}}, date = {2015-02-19}, organization = {Security Affairs}, url = {http://securityaffairs.co/wordpress/33785/cyber-crime/arid-viper-israel-sex-video.html}, language = {English}, urldate = {2020-01-06} } Arid Viper – Israel entities targeted by malware packaged with sex video
AridViper
2015-02-18Trend MicroTrendmicro
@online{trendmicro:20150218:sexually:52507ce, author = {Trendmicro}, title = {{Sexually Explicit Material Used as Lures in Recent Cyber Attacks}}, date = {2015-02-18}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/sexually-explicit-material-used-as-lures-in-cyber-attacks?linkId=12425812}, language = {English}, urldate = {2020-01-08} } Sexually Explicit Material Used as Lures in Recent Cyber Attacks
AridViper
2015-02-17Kaspersky LabsGhareeb Saad, Mohamad Amin Hasbini
@online{saad:20150217:desert:7bd7326, author = {Ghareeb Saad and Mohamad Amin Hasbini}, title = {{The Desert Falcons targeted attacks}}, date = {2015-02-17}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/research/68817/the-desert-falcons-targeted-attacks/}, language = {English}, urldate = {2019-12-20} } The Desert Falcons targeted attacks
AridViper
2015-02Kaspersky LabsGReAT
@techreport{great:201502:desert:0826d08, author = {GReAT}, title = {{The Desert Falcons Targeted Attacks}}, date = {2015-02}, institution = {Kaspersky Labs}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf}, language = {English}, urldate = {2020-04-06} } The Desert Falcons Targeted Attacks
AridViper

Credits: MISP Project