: The malware often creates a registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run or schedules a task to ensure it survives system reboots.
: Inside the archive, there is often a double-extension file (e.g., RUS-129_Report.pdf.exe ) or a malicious LNK (shortcut) file. Payload Delivery :
: Once the user clicks the file, it executes a malicious script (PowerShell or VBScript) or a compiled binary.
: Consider blocking .7z and .rar attachments from external sources if they are not standard for your business operations.
The "RUS-129" naming convention is frequently used in campaigns targeting organizations or individuals monitoring Russian military movements or diplomatic relations. These archives are often "spoofed" to look like official correspondence from the Ministry of Defense or related state entities.
: Alert staff to be wary of compressed archives with "RUS" or military-style naming conventions, especially when sent from unverified external addresses.
: Look for unusual PowerShell activity or unauthorized cmd.exe spawns originating from common archive software (like WinRAR or 7-Zip).
: The malware often creates a registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run or schedules a task to ensure it survives system reboots.
: Inside the archive, there is often a double-extension file (e.g., RUS-129_Report.pdf.exe ) or a malicious LNK (shortcut) file. Payload Delivery : RUS-129.7z
: Once the user clicks the file, it executes a malicious script (PowerShell or VBScript) or a compiled binary. : The malware often creates a registry key
: Consider blocking .7z and .rar attachments from external sources if they are not standard for your business operations. : Consider blocking
The "RUS-129" naming convention is frequently used in campaigns targeting organizations or individuals monitoring Russian military movements or diplomatic relations. These archives are often "spoofed" to look like official correspondence from the Ministry of Defense or related state entities.
: Alert staff to be wary of compressed archives with "RUS" or military-style naming conventions, especially when sent from unverified external addresses.
: Look for unusual PowerShell activity or unauthorized cmd.exe spawns originating from common archive software (like WinRAR or 7-Zip).
Design: simple.
Functionality: essentials.
Clutter: none.
Private: yes.
Cloud Sync: yes.
Designed with simplicity in mind with essential features and no clutter. We never share your watchlist, rating or notes. It’s yours and yours only.