Brambul
Common name | Brambul |
---|---|
Technical name | |
Type | Computer worm |
Author(s) | Lazarus |
Operating system(s) affected | Windows XP |
Written in | Korean |
Brambul is an SMB protocol computer worm that decrypts[clarification needed] and automatically moves from one computer to its second computer.
It is responsible for the dropping of the Joanap botnet.
History
Brambul was first discovered in 2009 and has not had a disclosure prior to its notoriety. It was observed by cybersecurity firms and was not extensive subject.[4]
Sony hack (Late 2014)
Brambul was among the malware to be identified during the Sony Pictures hack.
Investigation (Early 2019)
Brambul as well as Joanap botnet have both been shut down via a court order.
Cycle
The computer worm has the ability to automatically scan IP addresses and decrypt passwords including, but not limited to the following.[1]
Password | Description |
---|---|
password | The word password |
!@#$% | 1-5 typed with the shift key |
!@#$%^&*() | all ten number keys typed with the shift key |
~!@#$%^&*()_+ | the entire top row of keys typed with the shift key |
Brambul will share information of the system to the cyberattacker. Information shared includes the IP address, hostname and the username and password.[5]
References
- ^ a b "W32.Brambul | Symantec". www.symantec.com.
- ^ "Win32/Brambul threat description - Microsoft Security Intelligence". www.microsoft.com.
- ^ "Trojan:Win32/Brambul.A threat description - Microsoft Security Intelligence". www.microsoft.com.
- ^ "Hidden Cobra Strikes Again with Custom RAT, SMB Malware". threatpost.com.
- ^ at 01:58, Simon Sharwood 30 May 2018. "FBI fingers North Korea for two malware strains". www.theregister.co.uk.
{{cite web}}
: CS1 maint: numeric names: authors list (link)
External links
- HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm | CISA
- v
- t
- e
← 2000s | Timeline | 2020s → |
2010 |
|
---|---|
2011 | |
2012 | |
2013 | |
2014 | |
2015 | |
2016 |
|
2017 | |
2018 | |
2019 |
persistent threats
- Bangladesh Black Hat Hackers
- Bureau 121
- Charming Kitten
- Cozy Bear
- Dark Basin
- DarkMatter
- Elfin Team
- Equation Group
- Fancy Bear
- GOSSIPGIRL (confederation)
- Guccifer 2.0
- Hacking Team
- Helix Kitten
- Iranian Cyber Army
- Lazarus Group (BlueNorOff) (AndAriel)
- NSO Group
- Numbered Panda
- PLA Unit 61398
- PLA Unit 61486
- PLATINUM
- Pranknet
- Red Apollo
- Rocket Kitten
- Stealth Falcon
- Syrian Electronic Army
- Tailored Access Operations
- The Shadow Brokers
- Yemen Cyber Army
- George Hotz
- Guccifer
- Jeremy Hammond
- Junaid Hussain
- Kristoffer von Hassel
- Mustafa Al-Bassam
- MLT
- Ryan Ackroyd
- Sabu
- Topiary
- Track2
- The Jester
publicly disclosed
- Evercookie (2010)
- iSeeYou (2013)
- Heartbleed (2014)
- Shellshock (2014)
- POODLE (2014)
- Rootpipe (2014)
- Row hammer (2014)
- SS7 vulnerabilities (2014)
- JASBUG (2015)
- Stagefright (2015)
- DROWN (2016)
- Badlock (2016)
- Dirty COW (2016)
- Cloudbleed (2017)
- Broadcom Wi-Fi (2017)
- EternalBlue (2017)
- DoublePulsar (2017)
- Silent Bob is Silent (2017)
- KRACK (2017)
- ROCA vulnerability (2017)
- BlueBorne (2017)
- Meltdown (2018)
- Spectre (2018)
- EFAIL (2018)
- Exactis (2018)
- Speculative Store Bypass (2018)
- Lazy FP state restore (2018)
- TLBleed (2018)
- SigSpoof (2018)
- Foreshadow (2018)
- Dragonblood (2019)
- Microarchitectural Data Sampling (2019)
- BlueKeep (2019)
- Kr00k (2019)
2010 |
|
---|---|
2011 | |
2012 | |
2013 | |
2014 |
|
2015 | |
2016 | |
2017 | |
2018 | |
2019 |
|