If you have a or a suspicious IP address from your logs, I can check if it matches known infrastructure for this group.
The malware captures keystrokes, takes screenshots, and sends system data to a Command & Control (C2) server. 🔍 Technical Indicators (IOCs) UralMountainsSamples rar
Often use geographical or administrative lures (e.g., UralMountainsSamples , Судові_рішення ). If you have a or a suspicious IP
While specific hashes change, these characteristics are common in this campaign: UralMountainsSamples rar
The shortcut triggers a PowerShell script or a side-loading vulnerability.
📍 It is a verified tool for data theft and remote surveillance used in active conflict zones.
Often uses hardcoded IP addresses or Dynamic DNS services (like duckdns.org ).