Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia

**Check Point Research** documents the Amaranth-Dragon campaign—an APT-41‑linked, highly targeted cyber‑espionage operation across Southeast Asia in 2025 that rapidly weaponized a WinRAR path‑traversal vulnerability (CVE-2025-8088) to deliver a custom Amaranth Loader, Havoc C2 shellcode, and a Telegram‑controlled RAT (TGAmaranth), employing DLL sideloading, encrypted payloads, geo‑restricted C2, and numerous operational IoCs for detection and mitigation.