WinRAR ADS Path Traversal Lets UAC-0226 Deploy GIFTEDCROOK Against Ukrainian Targets
ID: 159c004e-2b6b-507e-a8c0-4a28433ede0e
STIX ID: report--159c004e-2b6b-507e-a8c0-4a28433ede0e
Feed Name: Cyber Press
Threat Score
UAC-0226 is running a targeted campaign against Ukrainian entities using a WinRAR path-traversal/ADS exploit to drop a Startup shortcut and staged files that a hidden PowerShell loader executes; the loader decodes and injects a headerless, reflective GIFTEDCROOK infostealer into memory to exfiltrate browser credentials, VPN/keystore/password databases, and sensitive documents—two SHA-256 IOCs are provided.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
