VERY IMPORTANT

The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets--excluding any IP address within Russia or North Korea. These VBscripts started in March with delivering Zloader, as previously identified, and have since evolved into a delivery mechanism for trojans like Ursnif, Qakbot, and Dridex in addition to Zloader.