Brambul
| Brambul | |
|---|---|
| Technical name | |
| Type | Computer worm |
| Authors | Lazarus |
| Technical details | |
| Platform | Windows XP |
| Written in | Korean |
Brambulis anSMB protocolcomputer wormthatdecrypts[clarification needed]and automatically moves from one computer to its second computer.
It is responsible for thedroppingof theJoanap botnet.
History
[edit]Brambul was first discovered in 2009 and has not had a disclosure prior to its notoriety. It was observed by cybersecurity firms and was not extensive subject.[4]
Sony hack (Late 2014)
[edit]Brambul was among the malware to be identified during theSony Pictures hack.
Investigation (Early 2019)
[edit]Brambul as well asJoanapbotnet have both been shut down via a court order.
Cycle
[edit]The computer worm has the ability to automatically scan IP addresses and decrypt passwords including, but not limited to the following.[1]
| Password | Description |
|---|---|
| password | The word password |
| !@#$% | 1-5 typed with the shift key |
| !@#$%^&*() | all ten number keys typed with the shift key |
| ~!@#$%^&*()_+ | the entire top row of keys typed with the shift key |
System drive share
[edit]Brambul will share information of the system to the cyberattacker. Information shared includes theIP address,hostname and the username and password.[5]
References
[edit]- ^ab"W32.Brambul".Symantec.Archived fromthe originalon May 31, 2018.
- ^"Win32/Brambul threat description - Microsoft Security Intelligence".microsoft.
- ^"Trojan:Win32/Brambul.A threat description - Microsoft Security Intelligence".microsoft.
- ^"Hidden Cobra Strikes Again with Custom RAT, SMB Malware".threatpost.
- ^at 01:58, Simon Sharwood 30 May 2018."FBI fingers North Korea for two malware strains".theregister.co.uk.
{{cite web}}:CS1 maint: numeric names: authors list (link)