While specific hashes change, these characteristics are common in this campaign:
Often use geographical or administrative lures (e.g., UralMountainsSamples , Судові_рішення ). UralMountainsSamples rar
The attack follows a multi-stage execution pattern to evade detection: While specific hashes change
"UralMountainsSamples.rar" is a malicious archive associated with , a Russian-aligned threat actor group known for cyber-espionage targeting Ukrainian government agencies. 🛡️ Threat Profile Target: Ukrainian state bodies and defense entities. UralMountainsSamples rar
It drops a modular backdoor, often identified as Remcos RAT or Meduzot .
The user opens the .rar and clicks a shortcut file (e.g., "Request.lnk").
If you have a or a suspicious IP address from your logs, I can check if it matches known infrastructure for this group.