logo

WinRAR ADS Path Traversal Lets UAC-0226 Deploy GIFTEDCROOK Against Ukrainian Targets

ID: 159c004e-2b6b-507e-a8c0-4a28433ede0e

STIX ID: report--159c004e-2b6b-507e-a8c0-4a28433ede0e

Feed Name: Cyber Press

Threat Score
80/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Varshini

...
...

UAC-0226 is running a targeted campaign against Ukrainian entities using a WinRAR path-traversal/ADS exploit to drop a Startup shortcut and staged files that a hidden PowerShell loader executes; the loader decodes and injects a headerless, reflective GIFTEDCROOK infostealer into memory to exfiltrate browser credentials, VPN/keystore/password databases, and sensitive documents—two SHA-256 IOCs are provided.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.