Shares tag: WinRAR
WinRAR Zero-day Abused in Multiple Campaigns
2019-03-26 • Fireeye •
https://www.mandiant.com/resources/blog/winrar-zero-day-abused-multiple-campaigns
Mandiant/FireEye described multiple campaigns abusing a recently disclosed WinRAR ACE handling vulnerability. Observed payloads provided keylogging, password theft and RAT capabilities, with different malware families and varied targeting. Exploits typically wrote payloads to the Windows startup folder, but the vulnerability could write to other paths when WinRAR had sufficient permissions. The report recommends blocking vulnerable WinRAR versions, updating WinRAR, and using endpoint, email and network detections across the attack chain.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 89.34.111.113 | 2019-03-26 | 2020-01-01 |
| HASH | 12def981952667740eb06ee91168e643 | 2019-03-26 | 2019-06-19 |
| HASH | 96986b18a8470f4020ea78df0b3db7d4 | 2019-03-26 | 2019-03-27 |
| IPv4 | 47.91.56.21 | 2019-03-26 | 2019-03-27 |
| IPv4 | 103.225.168.159 | 2019-03-26 | 2019-03-27 |
| HASH | 119a0fd733bc1a013b0d4399112b8626 | 2019-03-26 | 2019-03-26 |
| HASH | 062801f6fdbda4dd67b77834c62e82a4 | 2019-03-26 | 2019-03-26 |
| HASH | 97d74671d0489071baa21f38f456eb74 | 2019-03-26 | 2019-03-26 |
| HASH | 2961c52f04b7fdf7ccf6c01ac259d767 | 2019-03-26 | 2019-03-26 |
| HASH | 7dae2d144dae4447a152bef586520ef8 | 2019-03-26 | 2019-03-26 |
| HASH | aac00312a961e81c4af4664c49b4a2b2 | 2019-03-26 | 2019-03-26 |
| HASH | 9b81b3174c9b699f594d725cf89ffaa4 | 2019-03-26 | 2019-03-26 |
| HASH | 3aabc9767d02c75ef44df6305bc6a41f | 2019-03-26 | 2019-03-26 |
| HASH | 1ba398b0a14328b9604eeb5ebf139b40 | 2019-03-26 | 2019-03-26 |
| HASH | 914ac7ecf2557d5836f26a151c1b9b62 | 2019-03-26 | 2019-03-26 |
| HASH | 8e067e4cda99299b0bf2481cc1fd8e12 | 2019-03-26 | 2019-03-26 |
| HASH | 49419d84076b13e96540fdd911f1c2f0 | 2019-03-26 | 2019-03-26 |
| HASH | 9b19753369b6ed1187159b95fc8a81cd | 2019-03-26 | 2019-03-26 |
| HASH | 1f5fa51ac9517d70f136e187d45f69de | 2019-03-26 | 2019-03-26 |
| HASH | 79b53b4555c1fb39ba3c7b8ce9a4287e | 2019-03-26 | 2019-03-26 |
| HASH | 8c93e024fc194f520e4e72e761c0942d | 2019-03-26 | 2019-03-26 |
| HASH | e9815dfb90776ab449539a2be7c16de5 | 2019-03-26 | 2019-03-26 |
| HASH | dc63d5affde0db95128dac52f9d19578 | 2019-03-26 | 2019-03-26 |
| HASH | 0f56b04a4e9a0df94c7f89c1bccf830c | 2019-03-26 | 2019-03-26 |
| HASH | 31718d7b9b3261688688bdc4e026db99 | 2019-03-26 | 2019-03-26 |
| HASH | eca09fe8dcbc9d1c097277f2b3ef1081 | 2019-03-26 | 2019-03-26 |
| HASH | f36404fb24a640b40e2d43c72c18e66b | 2019-03-26 | 2019-03-26 |
| HASH | bcc49643833a4d8545ed4145fb6fdfd2 | 2019-03-26 | 2019-03-26 |
| URL | http://tiny-share.com/direct/7d… | 2019-03-26 | 2019-03-26 |
| DOMAIN | tiny-share.com | 2019-03-26 | 2019-03-26 |
| IPv4 | 31.148.220.53 | 2019-03-26 | 2019-03-26 |
| IPv4 | 185.162.131.92 | 2019-03-26 | 2019-03-26 |
| IPv4 | 185.49.71.101 | 2019-03-26 | 2019-03-26 |
Related Reports
Shares tag: WinRAR
Shares 3 IOCs • Published within a week
Shares 2 IOCs
Shares 1 IOC