add Brambul worm

clusters/tool.json

@@ -2,7 +2,7 @@
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "name": "Tool",
   "source": "MISP Project",
-  "version": 71,
+  "version": 72,
   "values": [
     {
       "meta": {
@@ -4252,6 +4252,16 @@
           "https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/"
         ]
       }
+    },
+    {
+      "uuid": "4c057ade-6989-11e8-9efd-ab33ed427468",
+      "value": "Brambul",
+      "description": "Brambul malware is a malicious Windows 32-bit SMB worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims’ networks by dropper malware. When executed, the malware attempts to establish contact with victim systems and IP addresses on victims’ local subnets. If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.",
+      "meta": {
+        "refs": [
+          "https://www.us-cert.gov/ncas/alerts/TA18-149A"
+        ]
+      }
     }
   ],
   "authors": [