1 malware family

Arid

Also known asArid

Arid, also referred to in the provided content as Arid Viper, is described as a Hamas-affiliated threat group. In the context provided, it is attributed with BiBi wiper malware operations targeting Israeli systems during the Israel-Hamas war. The malware was identified in both Linux and Windows variants. The content states that these operations had destructive potential, but that most destructive cyber operations against Israel ultimately failed. No additional aliases, sub-groups, or targeting beyond this attribution are directly supported by the provided content.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Where they target

Geographies tied to known operations.

🇮🇱 Israel

MITRE ATT&CK

Tradecraft

1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

1 of 15 tactics1 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0040

Impact

1 technique

T1485

Data Destruction

ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen

BiBiOne wiper malware example was named BiBi for political reasons (to provoke the Israeli government and the man leading it, Benjamin “Bibi” Netanyahu.) The malware was discovered both for Linux and Windows systems, indicating sophisticated capabilities on the part of the originator.1Mar 17, 2026

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

lieber westpointNews

Nov 30, 2023

Israel - Hamas 2023 Symposium - Cyberspace - the Hidden Aspect of the Conflict - Lieber Institute West Point

Hamas-affiliated group attributed with destructive wiper malware operations against Israeli targets, including use of the BiBi wiper.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping1

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.