Threat Actors Weaponizing RAR Archives to Target Thailand’s Healthcare Sector
ID: 5e31d754-231c-5763-8024-883063740174
STIX ID: report--5e31d754-231c-5763-8024-883063740174
Feed Name: Seqrite Blog
Seqrite TRU reports a targeted multi-stage malware campaign active between April and June 2026 against Thailand's healthcare sector. Attackers distribute RAR archives containing heavily obfuscated batch loaders that deploy GitHub-hosted payloads, persist via Startup-folder scripts, extract and run a bundled Python-based stealer (sim.py) that harvests browser credentials and attempts exfiltration via the Telegram Bot API; the report provides technical analysis, IOCs (file hashes and filenames), and MITRE ATT&CK mappings.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
