mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
add Brambul worm
This commit is contained in:
parent
3e10d0957c
commit
3e91466aea
1 changed files with 11 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
|||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||||
"name": "Tool",
|
||||
"source": "MISP Project",
|
||||
"version": 71,
|
||||
"version": 72,
|
||||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
|
@ -4252,6 +4252,16 @@
|
|||
"https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"uuid": "4c057ade-6989-11e8-9efd-ab33ed427468",
|
||||
"value": "Brambul",
|
||||
"description": "Brambul malware is a malicious Windows 32-bit SMB worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims’ networks by dropper malware. When executed, the malware attempts to establish contact with victim systems and IP addresses on victims’ local subnets. If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.us-cert.gov/ncas/alerts/TA18-149A"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"authors": [
|
||||
|
|
Loading…
Reference in a new issue