TAU Threat Intelligence Notification: Israbye Wiper

Share and earn Cybytes
Facebook Twitter LinkedIn Email


Israbye is a disk wiper first discovered by a researcher in August 2017, as reported by Bleeping Computer. A newer sample has since been discovered, which appears to timely coincide with a recent news story that references the Al-Aqsa mosque. This mosque is also referenced within the malware note as shown below.


Unlike the original sample discovered back in 2017, this sample includes Arabic as well as Korean wording, is not modular, and doesn’t contain any anti-analysis methods seen previously. The wiper is built using .Net, and once the executable is run, replaces files in the Desktop of the user’s machine with the file extension of “.Israbye.Israbye.Israbye.Israbye.Israbye.Israbye.Israbye”.

The actual encryption of files is very simple, with the key hardcoded into the binary, as shown in the routine below:


Due to the file size of this newer sample being much smaller that the original, it is likely that this sample was updated to be more portable, likely in the hope to evade AV detection.

Original sample:


Newer sample:


Indicators of Compromise (IOCs)









Israbye.exe Wiper

If you are a Carbon Black customer and looking for more information on how CB products defend against this attack, click here.

The post TAU Threat Intelligence Notification: Israbye Wiper appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?