From 3e91466aea49b7dec9e15364793d4745278706cb Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Wed, 6 Jun 2018 15:07:30 +0200
Subject: [PATCH] add Brambul worm

---
 clusters/tool.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 877d1f1..f1d56b2 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2,7 +2,7 @@
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "name": "Tool",
   "source": "MISP Project",
-  "version": 71,
+  "version": 72,
   "values": [
     {
       "meta": {
@@ -4252,6 +4252,16 @@
           "https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/"
         ]
       }
+    },
+    {
+      "uuid": "4c057ade-6989-11e8-9efd-ab33ed427468",
+      "value": "Brambul",
+      "description": "Brambul malware is a malicious Windows 32-bit SMB worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims’ networks by dropper malware. When executed, the malware attempts to establish contact with victim systems and IP addresses on victims’ local subnets. If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.",
+      "meta": {
+        "refs": [
+          "https://www.us-cert.gov/ncas/alerts/TA18-149A"
+        ]
+      }
     }
   ],
   "authors": [