SYMBOLCOMMON_NAMEaka. SYNONYMS
win.vjw0rm (Back to overview)

Vjw0rm

VJW0rm (aka Vengeance Justice Worm) is a publicly available, modular JavaScript RAT. Vjw0rm was first released in November 2016 by its primary author, v_B01 (aka Sliemerez), within the prominent DevPoint Arabic-language malware development community. VJW0rm appears to be the JavaScript variant of a series of RATs with identical functionality released by the author throughout late 2016. Other variants include a Visual Basic Script (VBS) based worm titled vw0rm (Vengeance Worm), an AutoHotkey-based tool called vrw0rm (Vengeance Rise Worm), and a PowerShell-based variant called vdw0rm (Vengeance Depth Worm).

References
2023-01-10SecurityScorecardVlad Pasca
@online{pasca:20230110:how:f3b9788, author = {Vlad Pasca}, title = {{How to Analyze JavaScript Malware – A Case Study of Vjw0rm}}, date = {2023-01-10}, organization = {SecurityScorecard}, url = {https://resources.securityscorecard.com/research/acasestudyofVjw0rm#page=1}, language = {English}, urldate = {2023-01-18} } How to Analyze JavaScript Malware – A Case Study of Vjw0rm
Vjw0rm
2022-10-13SpamhausSpamhaus Malware Labs
@techreport{labs:20221013:spamhaus:43e3190, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q3 2022}}, date = {2022-10-13}, institution = {Spamhaus}, url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2022%20Q3%20Botnet%20Threat%20Update.pdf}, language = {English}, urldate = {2022-12-29} } Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm
2022-08-18ProofpointJoe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf, author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team}, title = {{Reservations Requested: TA558 Targets Hospitality and Travel}}, date = {2022-08-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel}, language = {English}, urldate = {2022-08-18} } Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-05-11HPHP Wolf Security
@techreport{security:20220511:threat:bd460f0, author = {HP Wolf Security}, title = {{Threat Insights Report Q1 - 2022}}, date = {2022-05-11}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2022/05/HP-Wolf-Security-Threat-Insights-Report-Q1-2022.pdf}, language = {English}, urldate = {2022-05-13} } Threat Insights Report Q1 - 2022
AsyncRAT Emotet Mekotio Vjw0rm
2021-12-13RiskIQJordan Herman
@online{herman:20211213:riskiq:82a7631, author = {Jordan Herman}, title = {{RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure}}, date = {2021-12-13}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/24759ad2}, language = {English}, urldate = {2022-01-18} } RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure
AsyncRAT Nanocore RAT NetWire RC Vjw0rm
2021-11-18Twitter (@tccontre18)Br3akp0int
@online{br3akp0int:20211118:how:02114e2, author = {Br3akp0int}, title = {{Tweet on how to decrypt 4 layers of encryption & obfuscation of vjw0rm}}, date = {2021-11-18}, organization = {Twitter (@tccontre18)}, url = {https://twitter.com/tccontre18/status/1461386178528264204}, language = {English}, urldate = {2021-11-19} } Tweet on how to decrypt 4 layers of encryption & obfuscation of vjw0rm
Vjw0rm
2021-11-04Deep instinctShaul Vilkomir-Preisman
@online{vilkomirpreisman:20211104:understanding:c22abf4, author = {Shaul Vilkomir-Preisman}, title = {{Understanding the Windows JavaScript Threat Landscape}}, date = {2021-11-04}, organization = {Deep instinct}, url = {https://www.deepinstinct.com/blog/understanding-the-windows-javascript-threat-landscape}, language = {English}, urldate = {2021-11-19} } Understanding the Windows JavaScript Threat Landscape
STRRAT Griffon BlackByte Houdini Vjw0rm FIN7
2021-10HPHP Wolf Security
@techreport{security:202110:threat:49f8fc2, author = {HP Wolf Security}, title = {{Threat Insights Report Q3 - 2021}}, date = {2021-10}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/10/HP-Wolf-Security-Threat-Insights-Report-Q3-2021.pdf}, language = {English}, urldate = {2021-10-25} } Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm
2021-09-02LIFARSVlad Pasca
@techreport{pasca:20210902:vjw0rm:76a2d2e, author = {Vlad Pasca}, title = {{Vjw0rm Worm/RAT}}, date = {2021-09-02}, institution = {LIFARS}, url = {https://lifars.com/wp-content/uploads/2021/09/Vjw0rm-.pdf}, language = {English}, urldate = {2022-01-20} } Vjw0rm Worm/RAT
Vjw0rm
2021-03-21abuse.chabuse.ch
@online{abusech:20210321:vjw0rm:d90bf99, author = {abuse.ch}, title = {{Vjw0rm malware samples}}, date = {2021-03-21}, organization = {abuse.ch}, url = {https://bazaar.abuse.ch/browse/signature/Vjw0rm/}, language = {English}, urldate = {2021-03-22} } Vjw0rm malware samples
Vjw0rm
2020-11AppRiverChris Lee
@online{lee:202011:vjw0rm:7a5eb04, author = {Chris Lee}, title = {{Vjw0rm Is Back With New Tactics}}, date = {2020-11}, organization = {AppRiver}, url = {https://appriver.com/resources/blog/november-2020/vjw0rm-back-new-tactics}, language = {English}, urldate = {2021-10-05} } Vjw0rm Is Back With New Tactics
Vjw0rm

There is no Yara-Signature yet.