About: Joanap

An Entity of Type: Thing, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

Joanap is a remote access tool that is a type of malware used by the government of North Korea. It is two-stage malware, meaning it is "dropped" by another software (in this case the Brambul worm, which was part of the charges against Park Jin Hyok in 2018). Joanap establishes peer-to-peer communications and is used to manage botnets that can enable other operations. On Windows devices that have been compromised it allows data exfiltration, to drop and run secondary payloads, initialization of proxy communications, file management, process management, creation/deletion of directories, and node management.

Property	Value
dbo:abstract	Joanap is a remote access tool that is a type of malware used by the government of North Korea. It is two-stage malware, meaning it is "dropped" by another software (in this case the Brambul worm, which was part of the charges against Park Jin Hyok in 2018). Joanap establishes peer-to-peer communications and is used to manage botnets that can enable other operations. On Windows devices that have been compromised it allows data exfiltration, to drop and run secondary payloads, initialization of proxy communications, file management, process management, creation/deletion of directories, and node management. The US government believes HIDDEN COBRA (a US government term for malicious cyber activity conducted by North Korea) has most likely used Joanap, along with other malware like Brambul since at least 2009. According to the US government compromised IP addresses have been found in Argentina, Belgium, Brazil, Cambodia, China, Colombia, Egypt, India, Iran, Jordan, Pakistan, Saudi Arabia, Spain, Sri Lanka, Sweden, Taiwan, Tunisia. (en)
dbo:wikiPageID	59843257 (xsd:integer)
dbo:wikiPageLength	1992 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1113321848 (xsd:integer)
dbo:wikiPageWikiLink	dbr:Park_Jin_Hyok dbr:Brambul dbc:Crime_in_North_Korea dbr:Payload_(computing) dbr:Data_exfiltration dbr:Windows dbc:Cyberattacks dbr:North_Korea dbr:Proxy_server dbr:Botnets dbc:Types_of_cyberattacks dbr:Lazarus_Group dbr:Malware dbr:Remote_access_tool
dbp:wikiPageUsesTemplate	dbt:Reflist dbt:Short_description dbt:NorthKorea-stub dbt:Hacking_in_the_2010s dbt:Malware-stub
dcterms:subject	dbc:Crime_in_North_Korea dbc:Cyberattacks dbc:Types_of_cyberattacks
rdfs:comment	Joanap is a remote access tool that is a type of malware used by the government of North Korea. It is two-stage malware, meaning it is "dropped" by another software (in this case the Brambul worm, which was part of the charges against Park Jin Hyok in 2018). Joanap establishes peer-to-peer communications and is used to manage botnets that can enable other operations. On Windows devices that have been compromised it allows data exfiltration, to drop and run secondary payloads, initialization of proxy communications, file management, process management, creation/deletion of directories, and node management. (en)
rdfs:label	Joanap (en)
owl:sameAs	wikidata:Joanap https://global.dbpedia.org/id/A1pgw
prov:wasDerivedFrom	wikipedia-en:Joanap?oldid=1113321848&ns=0
foaf:isPrimaryTopicOf	wikipedia-en:Joanap
is dbo:wikiPageWikiLink of	dbr:Brambul
is foaf:primaryTopic of	wikipedia-en:Joanap