“Joanap”的意思、由来-开放百科全书

词条

Joanap

释义

References

{{short description|Malware associated with North Korea}}{{Multiple issues|{{refimprove|date=March 2019}}{{orphan|date=March 2019}}}}Joanap is a remote access tool that is a type of malware used by the government of North Korea. It is two-stage malware, meaning it is "dropped" by another software (in this case the Brambul worm, which was part of the charges against Park Jin Hyok in 2018).^[1] Joanap establishes peer-to-peer communications and is used to manage botnets that can enable other operations. On Windows devices that have been compromised it allows data exfiltration, to drop and run secondary payloads, initialization of proxy communications, file management, process management, creation/deletion of directories, and node management.^[2]

The US government believes HIDDEN COBRA (a US government term for malicious cyber activity conducted by North Korea) has most likely used Joanap, along with other malware like Brambul since at least 2009. According to the US government compromised IP addresses have been found in Argentina, Belgium, Brazil, Cambodia, China, Colombia, Egypt, India, Iran, Jordan, Pakistan, Saudi Arabia, Spain, Sri Lanka, Sweden, Taiwan, Tunisia.^[2]

References

1. ^{{cite web|url=https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-efforts-map-and-disrupt-botnet-used-north|title=Justice Department Announces Court-Authorized Efforts to Map and Disrupt Botnet Used by North Korean Hackers | OPA | Department of Justice|website=justice.gov|accessdate=2019-02-03}}
2. ^¹{{cite web|url=https://www.us-cert.gov/ncas/alerts/TA18-149A|title= HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm |website=US-CERT|accessdate=2019-02-03}}

3 : Crime in North Korea|Cyberattacks|Types of cyberattacks

随便看

开放百科全书收录14589846条英语、德语、日语等多语种百科知识，基本涵盖了大多数领域的百科知识，是一部内容自由、开放的电子版国际百科全书。