Lonepage

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Lonepage is a malicious software (malware) that has been actively utilized by the threat actor UAC-0099 since mid-2022 to compromise Ukrainian entities. This malware, along with others like Clogflag, Seaglow, and Overjam, is used to spy on victims and steal data. The operation employs phishing messages containing HTA, RAR, and LNK file attachments, which lead to the deployment of the Visual Basic Script (VBS) malware Lonepage. Once launched, this malware retrieves additional payloads, including keyloggers and info-stealers. The delivery of Lonepage is made possible through the exploitation of a high-severity flaw in the WinRAR software, identified as CVE-2023-38831. In some attacks, this critical vulnerability was exploited to deliver the Lonepage strain of malware. The last-stage malware in these attacks is Lonepage, which utilizes a PowerShell script to fetch next-stage browser stealer (Thumbchop) and keylogger (Clogflag) payloads. On December 26, 2023, it was reported that UAC-0099 was exploiting this flaw in WinRAR to deliver the Lonepage malware in attacks against Ukraine. The CERT-UA disclosed a cyber espionage campaign last month, targeting state organizations and media representatives in Ukraine. These attacks highlight the continued use of the WinRAR vulnerability to distribute the malicious Lonepage malware, underscoring the ongoing threat posed by this particular flaw.
What's your take? (Question 1 of 5)
e799c4bc-9d0b-43eb-96e1-4cd65a887f6f Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
WinRAR
Malware
Exploit
Phishing
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-38831Targets
2
CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil
Source Document References
Information about the Lonepage Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
WinRAR Flaw: LONEPAGE Malware Strikes Ukrainian Firms
CERT-EU
5 months ago
WinRAR Flaw: LONEPAGE Malware Strikes Ukrainian Firms
CERT-EU
5 months ago
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware
Securityaffairs
5 months ago
APT group UAC-0099 targets Ukraine exploiting WinRAR flaw
CERT-EU
5 months ago
APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw
CERT-EU
5 months ago
Breaking Cyber News From Cyberint - Cyberint
CERT-EU
a year ago
Cyber security week in review: June 9, 2023
CERT-EU
a year ago
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland
CERT-EU
5 months ago
Cyber Security Week In Review: December 22, 2023