Rus-129.7z

: Typically delivered via spear-phishing emails with subjects referencing official Russian military or government documentation to lure targets into opening the attachment. Malware Analysis & Behavior

: The malware often creates a registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run or schedules a task to ensure it survives system reboots. RUS-129.7z

: Consider blocking .7z and .rar attachments from external sources if they are not standard for your business operations. RUS-129.7z

: Add the specific filename RUS-129.7z to your email security blocklist. RUS-129.7z

: The user is prompted to extract the .7z file, which may be password-protected to prevent automated sandbox analysis by email gateways.

: Look for unusual PowerShell activity or unauthorized cmd.exe spawns originating from common archive software (like WinRAR or 7-Zip).