AridViper
Arid Viper is a Palestine-based cyber-espionage threat actor active since at least 2015. The provided content also refers to the group as Gaza Cybergang and APT-C-23. Reporting in the content describes the group as targeting Israel and Palestinian targets, with campaigns also affecting journalists, human rights activists, and military groups in Palestine, Syria, Turkey, Iraq, Lebanon, and Libya. The group has been described as launching cyber-espionage campaigns against Israel and has also targeted Israeli officials and IDF soldiers. The content indicates sustained use of politically themed phishing, advanced social engineering, fake personas, and mobile-focused operations, alongside Android and Windows malware. Malware and tooling explicitly associated with the group in the provided content include Micropsia, BarbWire, Barb(ie) Downloader, Arid Gopher, AridHelper, Viper RAT, KasperAgent, SpyC23, GnatSpy, GlanceLove, and Phenakite. The reporting also references campaigns using fake Facebook profiles, fake World Cup and dating apps, and sexually explicit lures. The content further notes that Arid Viper has evolved its Android spyware over time and has been linked in public reporting to operations against Palestinian targets, Israeli entities, Israeli officials, and the Israeli Defense Force. Additional reporting cited in the content lists Arid Viper among regional actors relevant to tracking in the context of the Israel-Hamas conflict.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Government & Administration
- Military
Where they target
Geographies tied to known operations.
- 🇮🇱 Israel
- 🇵🇸 Palestinian Territories
Tradecraft
2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Cyber espionage group active since 2015 using Android and Windows malware and advanced social engineering to target journalists, human rights activists, and military groups.
A long-running Middle East-focused threat actor conducting espionage and surveillance campaigns, especially against Israeli and Palestinian targets, including officials and soldiers, using politically themed phishing and mobile/desktop spyware.
Palestine-based cyber-espionage targeting Israel.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.