SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.bibi_linux (Back to overview)

BiBi-Linux

Actor(s): Void Manticore

According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions. During execution, it produces extensive output, which can be mitigated using the "nohup" command. It also leverages multiple threads and a queue to corrupt files concurrently, enhancing its speed and reach. Its actions include overwriting files, renaming them with a random string containing "BiBi," and excluding certain file types from corruption.

References
2024-05-24Check Point Software Technologies LtdCheck Point Research
Bad Karma, No Justice: Void Manticore Destructive Activities in Israel
BiBi-Linux
2023-11-11Security JoesSecurityJoes
Mission "Data Destruction": A Large-scale Data-Wiping Campaign Targeting Israel
BiBi-Linux
2023-10-30Security JoesSecurityJoes
BiBi Wiper
BiBi-Linux BiBiGun

There is no Yara-Signature yet.