add VJw0rm description

pull/800/head
Delta-Sierra 2022-11-22 14:55:10 +01:00
parent f4abf37b01
commit 5f0d7f6d68
1 changed files with 7 additions and 1 deletions

View File

@ -2693,10 +2693,16 @@
"value": "Revenge-RAT"
},
{
"description": "“Vengeance Justice Worm” was first discovered in 2016 and is a highly multifunctional, modular, publicly available “commodity malware”, i.e., it can be purchased by those interested through various cybercrime and hacking related forums and channels.\n\nVJwOrm is a JavaScript-based malware and combines characteristics of Worm, Information Stealer, Remote-Access Trojan (RAT), Denial-of-Service (DOS) malware, and spam-bot.\n\nVJw0rm is propagated primarily by malicious email attachments and by infecting removeable storage devices.\n\nOnce executed by the victim, the very heavily obfuscated VJw0rm will enumerate installed drives and, if a removeable drive is found, VJwOrm will infect it if configured to do so.\n\nIt will continue to gather victim information such as operating system details, users details, installed anti-virus product details, stored browser cookies, the presence of vbc.exe on the system (Microsofts .NET Visual Basic Compiler, this indicates that .NET is installed on the system and can affect the actors choice of additional malware delivery), and whether the system has been previously infected.\n\nVJw0rm will then report this information back to its command-and-control server and await further commands, such as downloading and executing additional malware or employing any of its other numerous capabilities.\n\nFinally, VJw0rm establishes persistency in the form of registry auto-runs, system startup folders, a scheduled-task, or any combination of these methods.",
"meta": {
"date": "2016",
"refs": [
"https://twitter.com/malwrhunterteam/status/816993165119016960?lang=en"
],
"synonym": [
"Vengeance Justice Worm",
"VJw0rm",
"VJwOrm"
]
},
"uuid": "bf86d7a6-80af-4d22-a092-f822bf7201d2",
@ -3544,5 +3550,5 @@
"value": "Ragnatela"
}
],
"version": 41
"version": 42
}