Briba

Briba is a trojan used by Elderwood to open a backdoor and download files on to compromised hosts. [1] [2]

ID: S0204
Aliases: Briba
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
Briba[2]

Techniques Used

DomainIDNameUse
EnterpriseT1043Commonly Used PortBriba connects to external C2 infrastructure over port 443.[2]
EnterpriseT1050New ServiceBriba installs a service pointing to a malicious DLL dropped to disk.[2]
EnterpriseT1060Registry Run Keys / Startup FolderBriba creates run key Registry entries pointing to malicious DLLs dropped to disk.[2]
EnterpriseT1105Remote File CopyBriba downloads files onto infected hosts.[2]
EnterpriseT1085Rundll32Briba uses rundll32 within Registry Run Keys / Start Folder entries to execute malicious DLLs.[2]

Groups

Groups that use this software:

Elderwood

References