Lucene search
HiveForce LabsHIVEPRO:646E4DDF50E5B6306224028B32298ACFHistoryNov 27, 2023 - 12:47 p.m.
The Rise of DarkCasino APT Group Exploiting WinRAR 0-Day
2023-11-2712:47:11
HiveForce Labs
www.hivepro.com
32
darkcasino
apt group
winrar
0-day
darkme trojan
vulnerability
phishing
darkme payload
threat level red
hiveforce labs
linkedin
Summary: DarkCasino, an APT group with economic motivations, was initially identified in 2021. The group introduced DarkMe, a Trojan Horse program based on Visual Basic. Recently, DarkCasino has been linked to the zero-day exploitation of CVE-2023-38831, an arbitrary code execution vulnerability found in WinRAR software. The group leverages this vulnerability in phishing attacks, launching the final malicious payload, DarkMe. Threat Level - Red | Actor Report For a detailed threat advisory, download the pdf file here To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.
Related
githubexploit
githubexploit
Exploit for Insufficient Type Distinction in Rarlab Winrar
2023-08-27 21:49:37
Exploit for Insufficient Type Distinction in Rarlab Winrar
2024-04-01 15:59:34
Exploit for Insufficient Type Distinction in Rarlab Winrar
2024-06-17 07:30:47
zdt
zdt
WinRAR version 6.22 - Remote Code Execution via ZIP archive Exploit
2024-03-29 00:00:00
WinRAR Remote Code Execution Exploit
2023-09-11 00:00:00
thn
thn
Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities
2023-12-22 13:19:00
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
2023-11-16 13:51:00
debiancve
debiancve
CVE-2023-38831
2023-08-23 17:15:00
prion
prion
Design/Logic Flaw
2023-08-23 17:15:00
openvas
openvas
RARLabs WinRAR Code Execution Vulnerability - Windows
2023-08-31 00:00:00
securelist
securelist
Head Mare: adventures of a unicorn in Russia and Belarus
2024-09-02 10:00:22
Exploits and vulnerabilities in Q1 2024
2024-05-07 10:00:39
IT threat evolution in Q3 2023. Non-mobile statistics
2023-12-01 10:00:03
metasploit
metasploit
WinRAR CVE-2023-38831 Exploit
2023-09-04 16:56:22
exploitdb
exploitdb
WinRAR version 6.22 - Remote Code Execution via ZIP archive
2024-03-28 00:00:00
nvd
nvd
cisa_kev
cisa_kev
RARLAB WinRAR Code Execution Vulnerability
2023-08-24 00:00:00
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
2024-04-30 00:00:00
packetstorm
packetstorm
WinRAR Remote Code Execution
2023-09-08 00:00:00
WinRAR 6.22 Remote Code Execution
2024-03-28 00:00:00
attackerkb
attackerkb
CVE-2023-38831
2023-08-23 00:00:00
hivepro
hivepro
WinRAR Zero-Day Exploit Targeting Traders Since April
2023-08-25 08:16:29
SideCopy Leverages Multi-platform RAT, Assaults Indian Government Entities
2023-11-09 05:00:36
cnvd
cnvd
WinRAR Code Execution Vulnerability
2023-08-25 00:00:00
vulnrichment
vulnrichment
CVE-2023-38831
2023-08-23 00:00:00
cve
cve
cvelist
cvelist
CVE-2023-38831
2023-08-23 00:00:00
trellix
trellix
CVE-2023-38831: Navigating the Threat Landscape of the Latest Security Vulnerability
2023-11-09 00:00:00
CVE-2023-38831: Navigating the Threat Landscape of the Latest Security Vulnerability
2023-11-09 00:00:00
The Bug Report – August 2023 Edition
2023-09-06 00:00:00
kaspersky
kaspersky
KLA52366 Multiple vulnerabilities in WinRAR
2023-08-17 00:00:00
nessus
nessus
WinRAR < 6.23 RCE
2023-08-24 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-09-15 18:54:45
AI Score
8
Confidence
Low
EPSS
0.408
Percentile
97.3%
Related for HIVEPRO:646E4DDF50E5B6306224028B32298ACF