MalwareUsed by 1 actor

BarbWire

For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial

THREAT ACTORS

Groups observed using it

1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.

View more details

Arid Viper

2023-12-14 ⋅ SentinelOne ... Gaza Cybergang | Unified Front Targeting Hamas Opposition BarbWire ... ; 2022-04-06 ⋅ Cybereason ... Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials ... BarbWire

via malpediamalpedia.caad.fkie.fraunhofer.de

MITRE ATT&CK

Techniques & procedures

1 distinct technique documented for this family, organized by ATT&CK tactic.

Stealth

1 technique

T1027Obfuscated Files or InformationEvidence1

TacticStealth

The malware implementation is embedded either in the macros or in the documents themselves, often in Base64-encoded form... The BarbWire samples used as part of Operation Bearded Barbie are reported to implement a custom base64 algorithm... modifies Base64 strings by adding an extra character that is removed before decoding.

INDICATORS OF COMPROMISE

IOCs tracked for this family

3 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.

View more in app

Network

1 tracked

IPs, domains, and DNS infrastructure linked to this family.

Hashes

2 tracked

File hashes (MD5, SHA-1, SHA-256) from samples and reports.

TypeValueLatest sighting

domain●●●●●●●●●●●●View more in app2 years ago

hash.sha1●●●●●●●●●●●●View more in app2 years ago

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

sentinelone labsNews

Dec 14, 2023

Gaza Cybergang | Unified Front Targeting Hamas Opposition

A backdoor used in Operation Bearded Barbie against Israeli targets in law enforcement, military, and emergency services. It uses modified Base64 string obfuscation and is related to the earlier Big Bang backdoor.

malpediaNews

Dec 14, 2023

AridViper (Threat Actor)

BarbWire is discussed as a named malware/tool used in campaigns attributed to Gaza/Arid Viper activity targeting Hamas opposition and Israeli officials.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.

Start free trial

IOC matching3

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution1

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping1

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.