TAU Threat Intelligence Notification: Israbye Wiper

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Summary

Israbye is a disk wiper first discovered by a researcher in August 2017, as reported by Bleeping Computer. A newer sample has since been discovered, which appears to timely coincide with a recent news story that references the Al-Aqsa mosque. This mosque is also referenced within the malware note as shown below.

note.png

Unlike the original sample discovered back in 2017, this sample includes Arabic as well as Korean wording, is not modular, and doesn’t contain any anti-analysis methods seen previously. The wiper is built using .Net, and once the executable is run, replaces files in the Desktop of the user’s machine with the file extension of “.Israbye.Israbye.Israbye.Israbye.Israbye.Israbye.Israbye”.

The actual encryption of files is very simple, with the key hardcoded into the binary, as shown in the routine below:

xor.png

Due to the file size of this newer sample being much smaller that the original, it is likely that this sample was updated to be more portable, likely in the hope to evade AV detection.

Original sample:

original.png

Newer sample:

newer.png

Indicators of Compromise (IOCs)

Indicator

Type

Context

Ca4670ca80968840e63e7c26f03c4a0112b5be2d6b6ec63e75bd730ae47a33f7

92e22888d07c24d94bbd79b4b2c8f35

SHA256

 

MD5

Israbye.exe Wiper

If you are a Carbon Black customer and looking for more information on how CB products defend against this attack, click here.

The post TAU Threat Intelligence Notification: Israbye Wiper appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
157 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel