Knownsec 404 reported Konni activity against the cryptocurrency industry using a WinRAR CVE-2023-38831 lure named around Qbao Network wallet screenshots. The crafted RAR caused WinRAR to execute an embedded file disguised as an HTML document when the victim opened the visible HTML lure. The payload contacted e9f0dkd.c1[.]biz, downloaded and unpacked batch and DLL components, then selected UAC bypass methods before running trap.bat and related payloads. The source frames the activity as notable because it shows a North Korean affiliated group other than Lazarus targeting cryptocurrency and exploiting the WinRAR vulnerability in an APT operation.