IOC Radar
TLP:WHITE11 IOCs

Tracking UAC-0226 Tooling Evolution: From WinRAR ADS to Reflective GIFTEDCROOK Loading

SS
Synaptic Systems
Published June 24, 2026Original Report

Threat Actors

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYGamaredonINFRASTRUCTUREunknownCAPABILITYunknownVICTIMunknown
Adversary(1)
Infrastructure
Capability
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise11

TypeIndicatorConfidenceScoreFirst Seen
SHA2562a8ea9f1ad8936fb302243faa64b91c5767df411923715cbdb1a869e3bfd7e6d
aptespionageexploit
Medium
56
Jun 2, 26
SHA256dc4c906e56ecb446cbb10b227e1fb470e428108584678314533d80e52a2b9b30
exploitfile-hashintel-blog
High
56
Jun 25, 26
CVECVE-2025-8088
aptespionageexploit
High
61
Jun 2, 26
SHA2563006a6639eff677b08595927cf219a3bcd5fdd02bfd592606316bfd4623bb902
exploitfile-hashintel-blog
Medium
53
Jun 25, 26
SHA2566b7e3dd5af5a56dd24e96c5b13282ad084c78d0a589d5e4c1b6ba58b4525d9a8
exploitfile-hashintel-blog
Medium
53
Jun 25, 26
SHA256b268ecbc386d32ace546dd483707fd2c923de8f091741e544f52c7f872fe0d91
file-hashindicatorintel-blog
Medium
53
Jun 25, 26
SHA25678538f945a1d20aa392f3065f222223a4ed47284abfafa8c135bdfd9eacef222
exploitfile-hashintel-blog
Medium
53
Jun 25, 26
SHA2567200a9f1e1ea51b66ab9c9274e9d8f805633179634e8ff4dcb8ef82bc02518df
aptespionageexploit
Medium
56
Jun 2, 26
CVECVE-2025-6218
aptespionageexploit
High
61
Jun 2, 26
SHA256420f1931af9b3f7d02c5edfc78eb69abdad6e71d2c3e9b81f9cbc3823a503654
botnetfile-hashintel-blog
High
86
Jun 23, 26
SHA25605e131555faabae0960f0527cfb72d2b8e2381fd0fde22b0b4e2b365c7faf445
exploitfile-hashintel-blog
Medium
53
Jun 25, 26

IOC Relationship Graph

IOC Relationship Graph11 total IOCs
SHA256CVE
SHA2569CVE2Actors1REPORTTracking UAC-0226 Tooling Gamaredon
scroll to zoom · drag to pan · click IOC to open