add Brambul worm

This commit is contained in:
Deborah Servili 2018-06-06 15:07:30 +02:00
parent 3e10d0957c
commit 3e91466aea

View file

@ -2,7 +2,7 @@
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"name": "Tool", "name": "Tool",
"source": "MISP Project", "source": "MISP Project",
"version": 71, "version": 72,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -4252,6 +4252,16 @@
"https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/" "https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/"
] ]
} }
},
{
"uuid": "4c057ade-6989-11e8-9efd-ab33ed427468",
"value": "Brambul",
"description": "Brambul malware is a malicious Windows 32-bit SMB worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims networks by dropper malware. When executed, the malware attempts to establish contact with victim systems and IP addresses on victims local subnets. If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.",
"meta": {
"refs": [
"https://www.us-cert.gov/ncas/alerts/TA18-149A"
]
}
} }
], ],
"authors": [ "authors": [