Razvrat

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Razvrat is a malicious software, or malware, known for its damaging effects on computer systems. It infiltrates systems undetected through suspicious downloads, emails, or websites, with the potential to steal personal information, disrupt operations, or hold data hostage for ransom. The malware was promoted by a threat actor known as farnetwork in April 2019 on the Exploit hacker forum. Here, the JSWORM Ransomware-as-a-Service (RaaS) program was advertised, which included the RazvRAT malware. The threat actor behind Razvrat operates under multiple aliases including farnetwork, jingo, jsworm, piparkuka, and farnetworkitand, among others. According to a report shared by Group-IB with BleepingComputer, this individual has been active on several Russian-speaking hacker forums. Their main activity involves recruiting affiliates for various ransomware operations, thus expanding the reach and impact of the malware. Farnetwork initially gained attention in the cybercrime community by advertising RazvRAT, a remote access trojan, on underground forums such as RAMP. This trojan, later known as Razvrat, allowed the operator to gain unauthorized access to victim's devices. Operating under numerous aliases, farnetwork has continued to be a prominent figure in these underground communities, demonstrating the persistent and evolving threat posed by Razvrat and similar malware.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Jsworm
1
JSWorm is a type of malware, specifically ransomware, that was active from 2019 to 2021. This malicious software was developed and operated by a threat actor known as 'farnetwork', who has used various aliases including farnetworkl, jingo, jsworm, razvrat, piparkuka, and farnetworkit. Farnetwork gai
Farnetwork
1
Farnetwork, a notorious malware operator identified by cybersecurity researchers from Group-IB, has been active in the cybercrime scene since 2019. Known for deploying five different strains of ransomware, including its proprietary strain Nokoyawa, Farnetwork has collaborated with other cybercrimina
Jingo
1
None
Farnetworkitand
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
RaaS
Ransomware
Exploit
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Razvrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Experts Expose Farnetwork's Ransomware-as-a-Service Business Model
CERT-EU
8 months ago
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs
CERT-EU
8 months ago
From Concealed to Revealed: Dark Web Slip-Up Exposes Ransomware Mastermind
CERT-EU
8 months ago
Inside Farnetwork Operation: a Major RaaS Player