SYMBOLCOMMON_NAMEaka. SYNONYMS
vbs.unidentified_002 (Back to overview)

Unidentified 002 (Operation Kremlin)


Unnamed malware. Delivered as remote template that drops a VBS file, which uses LOLBINs to crawl the disk and exfiltrate data zipped up via winrar.

References
2021-01-07ClearSkyClearSky Research Team
@online{team:20210107:operation:c3e2e28, author = {ClearSky Research Team}, title = {{Operation ‘Kremlin’}}, date = {2021-01-07}, organization = {ClearSky}, url = {https://www.clearskysec.com/operation-kremlin/}, language = {English}, urldate = {2021-01-11} } Operation ‘Kremlin’
Unidentified 002 (Operation Kremlin)

There is no Yara-Signature yet.