Brambul
| Brambul | |
|---|---|
| Technical name | Trojan:W32.Brambul.[Letter] Trojan/Brambul-[letter] |
| Type | Computer worm |
| Authors | Lazarus |
| Technical details | |
| Platform | Windows XP |
| Written in | Korean |
Brambul is an SMB Protocol Worm that decrypts and automatically moves from one computer to its second computer.
It is responsible for the Dropping of the Joanap botnet.
History
Brambul was first discovered in 2009 and has not had a disclosure prior to its notoriety. It was observed by cybersecurity firms and was not extensive subject due to the [1]
Sony hack (Late 2014)
Brambul was among the malware to be identified during the Sony Pictures hack.
Investigation (Early 2019)
Brambul as well as Joanap botnet have both been shut down via a court order
Cycle
The computer worm has the ability to automatically scan IP addresses and decrypt passwords including, but not limited to the following.[2]
| Password | Description |
|---|---|
| password | The word password |
| !@#$% | 1-5 typed with the shift key |
| !@#$%^&*() | all ten number keys typed with the shift key |
| ~!@#$%^&*()_+ | the entire top row of keys types with the shift key |
System drive share
Brambul will share information of the system to the cyberattacker. Information shared includes the IP address, hostname and the username and password. [3]
References
- ^ https://threatpost.com/hidden-cobra-strikes-again-with-custom-rat-smb-malware/132375/
- ^ https://www.symantec.com/security-center/writeup/2015-051114-3802-99
- ^ https://www.theregister.co.uk/2018/05/30/north_korea_joanap_and_brambul_malware/
External Links
https://www.us-cert.gov/ncas/alerts/TA18-149A