logo

Threat Actors Weaponizing RAR Archives to Target Thailand’s Healthcare Sector

ID: 5e31d754-231c-5763-8024-883063740174

STIX ID: report--5e31d754-231c-5763-8024-883063740174

Feed Name: Seqrite Blog

Threat Score
70/100

Date Published: 2026-06-19

Date Updated: 2026-06-19

Author: Vaibhav Billade

...
...

Seqrite TRU reports a targeted multi-stage malware campaign active between April and June 2026 against Thailand's healthcare sector. Attackers distribute RAR archives containing heavily obfuscated batch loaders that deploy GitHub-hosted payloads, persist via Startup-folder scripts, extract and run a bundled Python-based stealer (sim.py) that harvests browser credentials and attempts exfiltration via the Telegram Bot API; the report provides technical analysis, IOCs (file hashes and filenames), and MITRE ATT&CK mappings.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.