From 5f0d7f6d68885faf8ccbb40461b8486bfd243fbe Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Tue, 22 Nov 2022 14:55:10 +0100 Subject: [PATCH] add VJw0rm description --- clusters/rat.json | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/clusters/rat.json b/clusters/rat.json index d41e703..e2d5d02 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -2693,10 +2693,16 @@ "value": "Revenge-RAT" }, { + "description": "“Vengeance Justice Worm” was first discovered in 2016 and is a highly multifunctional, modular, publicly available “commodity malware”, i.e., it can be purchased by those interested through various cybercrime and hacking related forums and channels.\n\nVJwOrm is a JavaScript-based malware and combines characteristics of Worm, Information Stealer, Remote-Access Trojan (RAT), Denial-of-Service (DOS) malware, and spam-bot.\n\nVJw0rm is propagated primarily by malicious email attachments and by infecting removeable storage devices.\n\nOnce executed by the victim, the very heavily obfuscated VJw0rm will enumerate installed drives and, if a removeable drive is found, VJwOrm will infect it if configured to do so.\n\nIt will continue to gather victim information such as operating system details, user’s details, installed anti-virus product details, stored browser cookies, the presence of vbc.exe on the system (Microsoft’s .NET Visual Basic Compiler, this indicates that .NET is installed on the system and can affect the actor’s choice of additional malware delivery), and whether the system has been previously infected.\n\nVJw0rm will then report this information back to its command-and-control server and await further commands, such as downloading and executing additional malware or employing any of its other numerous capabilities.\n\nFinally, VJw0rm establishes persistency in the form of registry auto-runs, system startup folders, a scheduled-task, or any combination of these methods.", "meta": { "date": "2016", "refs": [ "https://twitter.com/malwrhunterteam/status/816993165119016960?lang=en" + ], + "synonym": [ + "Vengeance Justice Worm", + "VJw0rm", + "VJwOrm" ] }, "uuid": "bf86d7a6-80af-4d22-a092-f822bf7201d2", @@ -3544,5 +3550,5 @@ "value": "Ragnatela" } ], - "version": 41 + "version": 42 }