: Researchers at Zscaler ThreatLabz observed threat actors using cURL to download svchost.rar as part of a multi-stage attack. Execution Flow :
: After the internal tools are deployed, the command del /f /q svchost.rar is often issued to remove forensic traces. svchost.rar
: Analysis on platforms like ANY.RUN has tagged variants of this archive with the Quasar RAT . : Researchers at Zscaler ThreatLabz observed threat actors