: Inside the archive, there is often a double-extension file (e.g., RUS-129_Report.pdf.exe ) or a malicious LNK (shortcut) file. Payload Delivery :
Based on current threat intelligence and technical indicators, is a malicious compressed archive identified as part of targeted phishing or cyber-espionage campaigns, often associated with geopolitical themes involving Russia and Eastern Europe. Technical Summary File Name : RUS-129.7z Extension : .7z (7-Zip compressed archive) Primary Threat Category : Trojan / Stealer / Downloader RUS-129.7z
: The malware often creates a registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run or schedules a task to ensure it survives system reboots. : Inside the archive, there is often a
: Common payloads associated with this naming convention include information stealers that target browser credentials, crypto wallets, and session cookies. Geopolitical Context : Inside the archive