Lonepage

Malware updated a month ago (2024-11-29T14:08:56.305Z)
Download STIX
Preview STIX
Lonepage is a malicious software (malware) that has been actively utilized by the threat actor UAC-0099 since mid-2022 to compromise Ukrainian entities. This malware, along with others like Clogflag, Seaglow, and Overjam, is used to spy on victims and steal data. The operation employs phishing messages containing HTA, RAR, and LNK file attachments, which lead to the deployment of the Visual Basic Script (VBS) malware Lonepage. Once launched, this malware retrieves additional payloads, including keyloggers and info-stealers. The delivery of Lonepage is made possible through the exploitation of a high-severity flaw in the WinRAR software, identified as CVE-2023-38831. In some attacks, this critical vulnerability was exploited to deliver the Lonepage strain of malware. The last-stage malware in these attacks is Lonepage, which utilizes a PowerShell script to fetch next-stage browser stealer (Thumbchop) and keylogger (Clogflag) payloads. On December 26, 2023, it was reported that UAC-0099 was exploiting this flaw in WinRAR to deliver the Lonepage malware in attacks against Ukraine. The CERT-UA disclosed a cyber espionage campaign last month, targeting state organizations and media representatives in Ukraine. These attacks highlight the continued use of the WinRAR vulnerability to distribute the malicious Lonepage malware, underscoring the ongoing threat posed by this particular flaw.
Description last updated: 2024-05-04T20:32:57.404Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
WinRAR
Malware
Exploit
Phishing
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-38831 Vulnerability is associated with Lonepage. CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabilTargets
2
Source Document References
Information about the Lonepage Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more