Joanap
   HOME

TheInfoList



Click Here for Items Related To - Joanap
OR:
Joanap on:   [Wikipedia]   [Google]   [Amazon]

Joanap is a
remote access tool In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system (usually a PC, but the concept applies equally to a server or a ...
that is a type of
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
used by the government of
North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korea, Korean Peninsula and shares borders with China and Russia to the north, at the Yalu River, Y ...
. It is two-stage malware, meaning it is "dropped" by another software (in this case the
Brambul Brambul is an SMB protocol computer worm that decrypts and automatically moves from one computer to its second computer. It is responsible for the dropping of the Joanap botnet. History Brambul was first discovered in 2009 and has not had ...
worm, which was part of the charges against
Park Jin Hyok Park Jin-Hyok (), is a North Korean programmer and hacker. He is best known for his alleged involvement in some of the costliest computer intrusions in history. Park is on the FBI's wanted list. North Korea denies his existence. Life and caree ...
in 2018). Joanap establishes peer-to-peer communications and is used to manage
botnets A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, Distributed Denial-of-Service (DDoS) attacks, steal data, send Spamming, s ...
that can enable other operations. On
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
devices that have been compromised it allows
data exfiltration Data exfiltration occurs when malware and/or a malicious actor carries out an unauthorized data transfer from a computer. It is also commonly called data extrusion or data exportation. Data exfiltration is also considered a form of data theft Data t ...
, to drop and run secondary
payloads Payload is the object or the entity which is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of ...
, initialization of
proxy Proxy may refer to: * Proxy or agent (law), a substitute authorized to act for another entity or a document which authorizes the agent so to act * Proxy (climate), a measured variable used to infer the value of a variable of interest in climate re ...
communications, file management, process management, creation/deletion of directories, and node management. The US government believes HIDDEN COBRA (a US government term for malicious cyber activity conducted by North Korea) has most likely used Joanap, along with other malware like Brambul since at least 2009. According to the US government compromised IP addresses have been found in Argentina, Belgium, Brazil, Cambodia, China, Colombia, Egypt, India, Iran, Jordan, Pakistan, Saudi Arabia, Spain, Sri Lanka, Sweden, Taiwan, Tunisia.


References

Crime in North Korea Cyberattacks Types of cyberattacks {{NorthKorea-stub