ioc[.]one - OSINT Cyber Threat Intelligence Database

Deep dive into JS/Vjw0rm

Tags

attack-pattern:

Data Hardware - T1592.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Scheduled Task - T1053 Scripting - T1064 Windows Management Instrumentation - T1047 Scripting

Show in Graph

Common Information

Type	Value
UUID	0c62db3c-2ee4-4cd6-aa52-9416b6946896
Fingerprint	aa836943293f239d
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 28, 2023, 1:34 p.m.
Added to db	March 28, 2023, 3:59 p.m.
Last updated	Nov. 17, 2024, 6:31 p.m.
Headline	Deep dive into JS/Vjw0rm
Title	Deep dive into JS/Vjw0rm
Detected Hints/Tags/Attributes	42/1/15

Source URLs

	Redirection	Url
Details	Source	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=12a33416f7ad&source=rss------reverse_engineering-5
Details	Redirection	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=337fb1899ea9&source=collection_home---4------0-----------------------
Details	Redirection	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=35bf682a6530&source=collection_home---4------0-----------------------
Details	Redirection	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=6923d6c5518c&source=rss------reverse_engineering-5
Details	Source	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=86e65ee0a4e4&source=rss----7b722bfd1b8d---4
Details	Source	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=9b000ff11d15&source=rss----7b722bfd1b8d---4
Details	Source	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=adeb639dd069&source=collection_home---4------0-----------------------
Details	Redirection	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=c3def8d17515&source=rss----7b722bfd1b8d---4
Details	Source	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=eca0388588ee&source=rss------reverse_engineering-5
Details	Source	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?gi=f5c221e74a26&source=collection_home---4------0-----------------------
Details	Redirection	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?source=rss------reverse_engineering-5
Details	Redirection	https://infosecwriteups.com/deep-dive-into-js-vjw0rm-9983482c20ca?source=rss----7b722bfd1b8d---4
Details	Redirection	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fdeep-dive-into-js-vjw0rm-9983482c20ca%3Fsource%3Dcollection_home---4------0-----------------------
Details	Redirection	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fdeep-dive-into-js-vjw0rm-9983482c20ca%3Fsource%3Drss------reverse_engineering-5
Details	Redirection	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fdeep-dive-into-js-vjw0rm-9983482c20ca%3Fsource%3Drss----7b722bfd1b8d---4

URL Provider

Details	Provider	Source level domain
Details	infosecwriteups.com	infosecwriteups.com
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	136	✔	InfoSec Write-ups - Medium	https://infosecwriteups.com/feed	2024-08-30 22:08
Details	163	✔	—	https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false	2024-08-30 22:08
Details	172	✔	Reverse Engineering on Medium	https://medium.com/feed/tag/reverse-engineering	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	372		wscript.shell
Details	Domain	6		sh.run
Details	Domain	2		ourvjworm.duckdns.org
Details	Domain	285		microsoft.net
Details	Domain	93		bazaar.abuse.ch
Details	File	46		microsoft.xml
Details	File	70		vbc.exe
Details	md5	2		b226987db14d44762e9ebefcda95e144
Details	sha1	2		d86eac68820c39703e52142d3bf450525a9f8d6c
Details	sha256	2		6de643d185952a9903ab06d382c4373e516329536734d90be309004afaa5ea50
Details	Url	1		http://ourvjworm.duckdns.org:7974
Details	Url	1		http://ourvjworm.duckdns.org/vre
Details	Url	1		https://bazaar.abuse.ch/download/6de643d185952a9903ab06d382c4373e516329536734d90be309004afaa5ea50
Details	Windows Registry Key	3		HKCU\vjw0rm
Details	Windows Registry Key	1		HKLM\SOFTWARE\Classes