: Typically delivered via spear-phishing emails with subjects referencing official Russian military or government documentation to lure targets into opening the attachment. Malware Analysis & Behavior
The "RUS-129" naming convention is frequently used in campaigns targeting organizations or individuals monitoring Russian military movements or diplomatic relations. These archives are often "spoofed" to look like official correspondence from the Ministry of Defense or related state entities. RUS-129.7z
: Alert staff to be wary of compressed archives with "RUS" or military-style naming conventions, especially when sent from unverified external addresses. RUS-129.7z
: The malware often creates a registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run or schedules a task to ensure it survives system reboots. RUS-129.7z