Joanap

Joanap is a

Windows devices that have been compromised it allows data exfiltration, to drop and run secondary payloads, initialization of proxy communications, file management, process management, creation/deletion of directories, and node management.^[2]

The US government believes HIDDEN COBRA (a US government term for malicious cyber activity conducted by North Korea) has most likely used Joanap, along with other malware like Brambul since at least 2009. According to the US government compromised IP addresses have been found in Argentina, Belgium, Brazil, Cambodia, China, Colombia, Egypt, India, Iran, Jordan, Pakistan, Saudi Arabia, Spain, Sri Lanka, Sweden, Taiwan, Tunisia.^[2]

References

^ "Justice Department Announces Court-Authorized Efforts to Map and Disrupt Botnet Used by North Korean Hackers | OPA | Department of Justice". justice.gov. 30 January 2019. Retrieved 2019-02-03.
^ ^a ^b "HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm". US-CERT. Retrieved 2019-02-03.

This malware-related article is a stub. You can help Wikipedia by expanding it.

This North Korea-related article is a stub. You can help Wikipedia by expanding it.

[justice-1] "Justice Department Announces Court-Authorized Efforts to Map and Disrupt Botnet Used by North Korean Hackers | OPA | Department of Justice". justice.gov. 30 January 2019. Retrieved 2019-02-03.

[cert-2] "HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm". US-CERT. Retrieved 2019-02-03.

[2]