Brambul
From Wikipedia the free encyclopedia
| Common name | Brambul |
|---|---|
| Technical name | |
| Type | Computer worm |
| Author(s) | Lazarus |
| Operating system(s) affected | Windows XP |
| Written in | Korean |
Brambul is an SMB protocol computer worm that decrypts[clarification needed] and automatically moves from one computer to its second computer.
It is responsible for the dropping of the Joanap botnet.
History[edit]
Brambul was first discovered in 2009 and has not had a disclosure prior to its notoriety. It was observed by cybersecurity firms and was not extensive subject.[4]
Sony hack (Late 2014)[edit]
Brambul was among the malware to be identified during the Sony Pictures hack.
Investigation (Early 2019)[edit]
Brambul as well as Joanap botnet have both been shut down via a court order.
Cycle[edit]
The computer worm has the ability to automatically scan IP addresses and decrypt passwords including, but not limited to the following.[1]
| Password | Description |
|---|---|
| password | The word password |
| !@#$% | 1-5 typed with the shift key |
| !@#$%^&*() | all ten number keys typed with the shift key |
| ~!@#$%^&*()_+ | the entire top row of keys typed with the shift key |
[edit]
Brambul will share information of the system to the cyberattacker. Information shared includes the IP address, hostname and the username and password.[5]
References[edit]
- ^ a b "W32.Brambul | Symantec". www.symantec.com.
- ^ "Win32/Brambul threat description - Microsoft Security Intelligence". www.microsoft.com.
- ^ "Trojan:Win32/Brambul.A threat description - Microsoft Security Intelligence". www.microsoft.com.
- ^ "Hidden Cobra Strikes Again with Custom RAT, SMB Malware". threatpost.com.
- ^ at 01:58, Simon Sharwood 30 May 2018. "FBI fingers North Korea for two malware strains". www.theregister.co.uk.
{{cite web}}: CS1 maint: numeric names: authors list (link)