Unidentified 002 (Operation Kremlin) (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

vbs.unidentified_002 (Back to overview)

Unidentified 002 (Operation Kremlin)

Unnamed malware. Delivered as remote template that drops a VBS file, which uses LOLBINs to crawl the disk and exfiltrate data zipped up via winrar.

References

2021-01-07 ⋅ ClearSky ⋅ ClearSky Research Team
@online{team:20210107:operation:c3e2e28, author = {ClearSky Research Team}, title = {{Operation ‘Kremlin’}}, date = {2021-01-07}, organization = {ClearSky}, url = {https://www.clearskysec.com/operation-kremlin/}, language = {English}, urldate = {2021-01-11} } Operation ‘Kremlin’
Unidentified 002 (Operation Kremlin)

There is no Yara-Signature yet.

Propose Change for vbs.unidentified_002

In which category would you like to suggest a change?

What would you like to do?

New Alias for vbs.unidentified_002Please enter a new alias that you think is appropriate for Unidentified 002 (Operation Kremlin). Give a reference for the alias in the box below.

New Name for vbs.unidentified_002Please enter your proposal for a new primary family name that you think is more appropriate than vbs.unidentified_002.

New Common Name for vbs.unidentified_002Please enter your proposal for a new primary family name that you think is more appropriate than Unidentified 002 (Operation Kremlin).

What would you like to do?

Add DescriptionThe Family description will be visible on the family details site.

Change DescriptionChange the existing description like you think it would be advisable.

If your designated proposal does not fit in any other category,
feel free to write a free-text in the comment field below.

Please propose all changes regarding references on the Malpedia library page

What would you like to do?

New Actor for vbs.unidentified_002

Which actor do you think should be removed?

Explanation / ReferenceWhy do you think this change is advisable? Feel free to include references.

Your suggestion will be reviewed before being published.
Thank you for contributing!

Propose Change of Library Entry

URL

Title

Authors

Language

Date Please use YYYY-MM-DD, YYYY-MM, or YYYY.

Organization (optional)

Referenced families (optional)

Comment Add additional information to explain your proposal.

Your suggestion will be reviewed before being published.
Thank you for contributing!

Unidentified 002 (Operation Kremlin) Propose Change

References

Unidentified 002 (Operation Kremlin)