APT28 (Fancy Bear), a group attributed to the Russian GRU.
The file is often associated with the X-Agent malware family, a sophisticated modular trojan and spyware program primarily linked to the Russian cyber-espionage group APT28 (also known as Fancy Bear). While "Agent.X" can also refer to benign AI frameworks or SNMP protocols, a compressed file like a .rar is a common delivery method for this malware. 1. Malware Identification Agent.X.rar
The trojan can receive new modules from Command and Control (C2) servers to expand its capabilities. APT28 (Fancy Bear), a group attributed to the Russian GRU
An Android variant was reportedly used to target Ukrainian military personnel by infecting a legitimate artillery targeting app. 4. Removal and Mitigation APT28 (Fancy Bear)