SYMBOLCOMMON_NAMEaka. SYNONYMS
vbs.randomquery (Back to overview)

RandomQuery

Actor(s): Kimsuky

According to SentinelLabs, this is a VisualBasic-based malware that gathers system and file information and exfiltrates the data using InternetExplorer.Application or Microsoft.XMLHTTP objects.

References
2023-05-23Aleksandar Milenkoski
@online{milenkoski:20230523:kimsuky:dd0cbc4, author = {Aleksandar Milenkoski}, title = {{Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit}}, date = {2023-05-23}, url = {https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/}, language = {English}, urldate = {2023-05-30} } Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit
RandomQuery

There is no Yara-Signature yet.