SYMBOLCOMMON_NAMEaka. SYNONYMS
js.peacenotwar (Back to overview)

PeaceNotWar

PeaceNotWar was integrated into the nodejs module node-ipc as a piece of malware/protestware with wiper characteristics. It targets machines with a public IP address located in Russia and Belarus (using geolocation) and overwrites files recursively using a heart emoji.

References
2022-03-18Vice MotherboardJoseph Cox
@online{cox:20220318:open:27cb616, author = {Joseph Cox}, title = {{Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers}}, date = {2022-03-18}, organization = {Vice Motherboard}, url = {https://www.vice.com/en/article/dypeek/open-source-sabotage-node-ipc-wipe-russia-belraus-computers}, language = {English}, urldate = {2022-03-22} } Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers
PeaceNotWar
2022-03-17Bleeping ComputerAx Sharma
@online{sharma:20220317:big:6a2bf4c, author = {Ax Sharma}, title = {{BIG sabotage: Famous npm package deletes files to protest Ukraine war}}, date = {2022-03-17}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/}, language = {English}, urldate = {2022-03-18} } BIG sabotage: Famous npm package deletes files to protest Ukraine war
PeaceNotWar
2022-03-16Github (MidSpike)Tyler Resch
@online{resch:20220316:cve202223812:08da7b9, author = {Tyler Resch}, title = {{CVE-2022-23812: RIAEvangelist/node-ipc is malware / protestware}}, date = {2022-03-16}, organization = {Github (MidSpike)}, url = {https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c}, language = {English}, urldate = {2022-03-18} } CVE-2022-23812: RIAEvangelist/node-ipc is malware / protestware
PeaceNotWar

There is no Yara-Signature yet.