: Inside the archive, there is often a double-extension file (e.g., RUS-129_Report.pdf.exe ) or a malicious LNK (shortcut) file. Payload Delivery :
The "RUS-129" naming convention is frequently used in campaigns targeting organizations or individuals monitoring Russian military movements or diplomatic relations. These archives are often "spoofed" to look like official correspondence from the Ministry of Defense or related state entities. RUS-129.7z
: Typically delivered via spear-phishing emails with subjects referencing official Russian military or government documentation to lure targets into opening the attachment. Malware Analysis & Behavior : Inside the archive, there is often a
: Consider blocking .7z and .rar attachments from external sources if they are not standard for your business operations. : Inside the archive
: The user is prompted to extract the .7z file, which may be password-protected to prevent automated sandbox analysis by email gateways.