Jump to content

Brambul

From Wikipedia, the free encyclopedia
Brambul
Technical name
TypeComputer worm
AuthorsLazarus
Technical details
PlatformWindows XP
Written inKorean

Brambul is an SMB protocol computer worm that decrypts[clarification needed] and automatically moves from one computer to its second computer.

It is responsible for the dropping of the Joanap botnet.

History

[edit]

Brambul was first discovered in 2009 and has not had a disclosure prior to its notoriety. It was observed by cybersecurity firms and was not extensive subject.[4]

Sony hack (Late 2014)

[edit]

Brambul was among the malware to be identified during the Sony Pictures hack.

Investigation (Early 2019)

[edit]

Brambul as well as Joanap botnet have both been shut down via a court order.

Cycle

[edit]

The computer worm has the ability to automatically scan IP addresses and decrypt passwords including, but not limited to the following.[1]

Password Description
password The word password
!@#$% 1-5 typed with the shift key
!@#$%^&*() all ten number keys typed with the shift key
~!@#$%^&*()_+ the entire top row of keys typed with the shift key

System drive share

[edit]

Brambul will share information of the system to the cyberattacker. Information shared includes the IP address, hostname and the username and password.[5]

References

[edit]
  1. ^ a b "W32.Brambul". Symantec. Archived from the original on May 31, 2018.
  2. ^ "Win32/Brambul threat description - Microsoft Security Intelligence". www.microsoft.com.
  3. ^ "Trojan:Win32/Brambul.A threat description - Microsoft Security Intelligence". www.microsoft.com.
  4. ^ "Hidden Cobra Strikes Again with Custom RAT, SMB Malware". threatpost.com.
  5. ^ at 01:58, Simon Sharwood 30 May 2018. "FBI fingers North Korea for two malware strains". www.theregister.co.uk.{{cite web}}: CS1 maint: numeric names: authors list (link)
[edit]