IOC Radar
TLP:WHITE4 IOCs

Obfuscation Without Effort: Breaking a UAC-0226 GIFTEDCROOK Stealer

SS
Synaptic Systems
Published April 9, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYGamaredonINFRASTRUCTUREunknownCAPABILITYCobalt StrikeVICTIMunknown
Adversary(1)
Infrastructure
Capability(1)
Victim

Attack Flow9 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1190
1/9
Exploit Public-Facing Application
ActionExploit WinRAR vulnerabilities
The attack begins by exploiting known vulnerabilities (CVE-2025-6218 & CVE-2025-8088) within WinRAR to deliver the payload.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise4

TypeIndicatorConfidenceScoreFirst Seen
SHA2562a8ea9f1ad8936fb302243faa64b91c5767df411923715cbdb1a869e3bfd7e6d
aptespionagefile-hash
Medium
53
Jun 2, 26
CVECVE-2025-8088
aptespionageexploit
Medium
51
Jun 2, 26
SHA2567200a9f1e1ea51b66ab9c9274e9d8f805633179634e8ff4dcb8ef82bc02518df
file-hashintel-blogmalware
Medium
53
Jun 2, 26
CVECVE-2025-6218
aptespionageexploit
Medium
54
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph4 total IOCs
SHA256CVE
SHA2562CVE2Actors1Malware1REPORTObfuscation Without EffortGamaredonCobalt Strike
scroll to zoom · drag to pan · click IOC to open