Loading...
Loading...
: Consider blocking .7z and .rar attachments from external sources if they are not standard for your business operations.
: The user is prompted to extract the .7z file, which may be password-protected to prevent automated sandbox analysis by email gateways. RUS-129.7z
: The malware often creates a registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run or schedules a task to ensure it survives system reboots. : Consider blocking
The "RUS-129" naming convention is frequently used in campaigns targeting organizations or individuals monitoring Russian military movements or diplomatic relations. These archives are often "spoofed" to look like official correspondence from the Ministry of Defense or related state entities. RUS-129.7z
The contents of RUS-129.7z generally follow a specific infection chain designed to bypass traditional security filters: