Earth Estries alive and kicking

The report outlines an Earth Estries (aka Salt Typhoon) campaign abusing a recent WinRAR vulnerability (CVE-2025-8088) to achieve shellcode execution, leveraging fake PDFs, DLL hijacking, and scheduled tasks to deploy payloads and contact external infrastructure. It provides concrete indicators of compromise (hashes, filenames, IP/domain), associated YARA rules, and references for further analysis, enabling detection and response.