: A remote access trojan (RAT) used by the "DarkPink" or "Saaiwc" APT groups [1, 7].

: When a user double-clicks the top-level document.pdf , WinRAR mistakenly executes the file inside the folder instead of opening the intended document [4, 5]. Malware Associations

: Connections to external C2 (Command and Control) servers to fetch secondary payloads [7]. Recommendation