RST TI Report Digest: 12 Jan 2026

**PHALT#BLYX** is a targeted malware campaign against the hospitality sector that delivers a loader (staxs.exe) via phishing and counterfeit Booking.com pages; the loader injects into legitimate processes, employs evasion (Defender exclusions, privilege checks), ensures persistence using Internet Shortcut files, and distributes multiple infostealers and RATs (e.g., RedLine, Vidar, DCRat/AsyncRAT). The report includes detailed TTPs (clipboard injection, LOLBIN use, process hollowing/injection, dead drop techniques) and a set of IoCs (IPs, domains, URLs, and numerous SHA-256 hashes) for detection and response.