Government-backed actors exploiting WinRAR vulnerability
Common Information
Type Value
UUID fc35033d-8a05-4970-8ec5-4646ecf7daf7
Fingerprint ae8b01f7a325518c
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 18, 2023, midnight
Added to db Aug. 31, 2024, 12:52 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Government-backed actors exploiting WinRAR vulnerability
Title Government-backed actors exploiting WinRAR vulnerability
Detected Hints/Tags/Attributes 72/3/22
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 35 Threat Analysis Group (TAG) https://blog.google/threat-analysis-group/rss/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 133
cve-2023-38831
Details CVE 3
cve-2023-3883
Details Domain 9
fex.net
Details Domain 50
webhook.site
Details Domain 12
filetransfer.io
Details File 3
poc.png
Details File 2
навчальна-програма-оператори.zip
Details File 2
навчальна-програма-оператори.pdf
Details File 2
_.bat
Details File 4
ioc_09_11.rar
Details File 14
imagingdevices.exe
Details File 3
sti.dll
Details sha256 3
072afea7cae714b44c24c16308da0ef0e5aab36b7a601b310d12f8b925f359e7
Details sha256 3
91dec1160f3185cec4cb70fee0037ce3a62497e830330e9ddc2898f45682f63a
Details sha256 2
77cf5efde721c1ff598eeae5cb3d81015d45a74d9ed885ba48330f37673bc799
Details IPv4 4
216.66.35.145
Details Threat Actor Identifier - APT 783
APT28
Details Threat Actor Identifier - APT 143
APT40
Details Url 3
http://webhook.site/e2831741-d8c8-4971-9464-e52d34f9d611
Details Url 2
https://fex.net/s/bttyrz4
Details Url 2
https://fex.net/s/59znp5b
Details Url 2
https://filetransfer.io/data-package/dvagojxl/download