1. Home
  2. Software
  3. Briba

Briba

Briba is a trojan used by Elderwood to open a backdoor and download files on to compromised hosts. [1] [2]

ID: S0204
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 18 April 2018
Last Modified: 09 February 2021
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1547 .001 Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Briba creates run key Registry entries pointing to malicious DLLs dropped to disk.[2]
Enterprise T1543 .003 Create or Modify System Process: Windows Service

Briba installs a service pointing to a malicious DLL dropped to disk.[2]
Enterprise T1105 Ingress Tool Transfer

Briba downloads files onto infected hosts.[2]
Enterprise T1218 .011 Signed Binary Proxy Execution: Rundll32

Briba uses rundll32 within Registry Run Keys / Startup Folder entries to execute malicious DLLs.[2]

Groups That Use This Software

ID Name References
G0066 Elderwood

[1]

References

  1. O'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.
  1. Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.