From 8ed437784407c6f89569313181f47abeff6e61ad Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 20 Dec 2023 03:40:24 -0800
Subject: [PATCH] [threat-actors] Add BiBiGun

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e9b6cc9..99b8e7d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13825,6 +13825,20 @@
       },
       "uuid": "00b84012-fa25-4942-ad64-c76be24828a8",
       "value": "Sandman APT"
+    },
+    {
+      "description": "A pro-Hamas hacktivist group developed a wiper called BiBi-Linux to target and destroy data on Israeli systems. The malware impersonates ransomware but operates solely to corrupt and delete files, indicating no data theft. A Windows variant, BiBi-Windows, was also discovered, sharing similarities with BiBi-Linux but targeting all files except executables. ESET researchers have named the group behind the wipers BiBiGun. The group's TTPs have shown overlaps with Moses Staff, which is believed to have an Iran nexus.",
+      "meta": {
+        "country": "PS",
+        "refs": [
+          "https://twitter.com/ESETresearch/status/1719437301900595444",
+          "https://github.com/knight0x07/BiBi-Windows-Wiper-Analysis?tab=readme-ov-file",
+          "https://thehackernews.com/2023/11/new-bibi-windows-wiper-targets-windows.html",
+          "https://www.securityjoes.com/post/bibi-linux-a-new-wiper-dropped-by-pro-hamas-hacktivist-group"
+        ]
+      },
+      "uuid": "f8054f5b-45e5-4624-b8d0-1b9c30aa084e",
+      "value": "BiBiGun"
     }
   ],
   "version": 296