The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets--excluding any IP address within Russia or North Korea.
Article Link: https://blog.morphisec.com/obfuscated-vbscript-drops-zloader-ursnif-qakbot-dridex