Brambul

Description

(US-CERT) Brambul malware is a malicious Windows 32-bit SMB worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims’ networks by dropper malware. When executed, the malware attempts to establish contact with victim systems and IP addresses on victims’ local subnets. If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.

Names

Name
Brambul
SierraBravo
SORRYBRUTE

Type

Worm
Backdoor

Information

https://www.us-cert.gov/ncas/alerts/TA18-149A
https://www.us-cert.gov/ncas/analysis-reports/AR18-149A
https://www.acalvio.com/lateral-movement-technique-employed-by-hidden-cobra/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.brambul

Other Information

Uuid

7ae563c4-131b-46c0-a0e1-747a1dd55270

Last Card Change

2020-05-13

Threat Intelligence Garden

Explorer

Brambul

Brambul

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks