Defenders must move beyond signature-based detection for archives:
The use of .rar archives as a weaponized delivery system remains a high-priority threat. By "reversing" the defenders—either through direct software disabling or by exploiting the trust users place in archive files—APT groups continue to find success in initial access campaigns. References
Reverse.Defenders.rar (Conceptual Malware Analysis) 1. Abstract
Attackers may attempt to force their files into a system's "Allowed" list or "Quarantine exclusions" to ensure persistence even after a manual scan. 4. Detection and Mitigation
Look for abnormal account activity, such as logons outside normal hours or from geographically impossible locations.