Rar — Uralmountainssamples

📍 It is a verified tool for data theft and remote surveillance used in active conflict zones.

The malware captures keystrokes, takes screenshots, and sends system data to a Command & Control (C2) server. 🔍 Technical Indicators (IOCs) UralMountainsSamples rar

The user opens the .rar and clicks a shortcut file (e.g., "Request.lnk"). 📍 It is a verified tool for data

"UralMountainsSamples.rar" is a malicious archive associated with , a Russian-aligned threat actor group known for cyber-espionage targeting Ukrainian government agencies. 🛡️ Threat Profile Target: Ukrainian state bodies and defense entities. UralMountainsSamples rar

Often use geographical or administrative lures (e.g., UralMountainsSamples , Судові_рішення ).

The attack follows a multi-stage execution pattern to evade detection:

It drops a modular backdoor, often identified as Remcos RAT or Meduzot .