Vengeance Justice Worm (Vjw0rm) first emerged in November 2016; it's a hybrid worm/Remote Access Trojan (RAT) that is publicly available and has modular functionality. In January 2019 our team wrote about Vjw0rm here when it was being propagated by a phishing campaign utilizing a banking lure.
Vjw0rm has 3 primary malicious capabilities:
1. Information Stealing - Exfiltrating cookie session data, clipboard strings, and attempts to steal user credentials.
2. Self Propagation - Copies itself throughout the operating system and in the startup folder and can spread via removable drive.
3. Denial of service (DOS) - Domain Name Service (DNS) request manipulation, and the ability to send and receive spam email including advertisement flooding.
1. If your organization doesn't regularly receive legitimate RAR files then we suggest banning that file extension globally.
2. User education has never been more important, malicious actors are constantly innovating and pivoting, users need to be on their game and know what to look for and what not to click on. Establish an easy process in your company where users can submit anything suspicious to your IT/Helpdesk team for review.
3. Defense in depth is something that your company should constantly strive for. A great start would be by signing up for our Advanced Email Security!
Indicators Of Compromise
18.104.22.168 (Switzerland IP)
Contact us today for a free trial of our Email Threat Protection