Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

    Thursday, January 29, 2026 In: Threat Research Print

    Date: 01/29/2026

    Severity: High

    Summary

    Multiple threat actors, including Russia- and China-linked state-sponsored groups as well as financially motivated attackers, are actively exploiting the critical CVE-2025-8088 flaw in WinRAR. The vulnerability, patched in July 2025, allows path traversal to drop malicious files into the Windows Startup folder, enabling persistence and payload delivery. Ongoing abuse of this n-day highlights how attackers continue to capitalize on slow patch adoption and gaps in basic software hygiene to gain initial access across varied intrusion campaigns.

    Indicators of Compromise (IOC) List

    Hash

    272c86c6db95f1ef8b83f672b65e64df16494cae261e1aba1aeb1e59dcb68524

    33580073680016f23bf474e6e62c61bf6a776e561385bfb06788a4713114ba9d

    498961237cf1c48f1e7764829818c5ba0af24a234c2f29c4420fb80276aec676

    4f4567abe9ff520797b04b04255bbbe07ecdddb594559d436ac53314ec62c1b3

    53f1b841d323c211c715b8f80d0efb9529440caae921a60340de027052946dd9

    55b3dc57929d8eacfdadc71d92483eabe4874bf3d0189f861b145705a0f0a8fe

    68d9020aa9b509a6d018d6d9f4c77e7604a588b2848e05da6a4d9f82d725f91b

    6d3586aa6603f1c1c79d7bd7e0b5c5f0cc8e8a84577c35d21b0f462656c2e1f9

    ae93d9327a91e90bf7744c6ce0eb4affb3acb62a5d1b2dafd645cba9af28d795

    b90ef1d21523eeffbca17181ccccf269bca3840786fcbf5c73218c6e1d6a51a9

    c7726c166e1947fdbf808a50b75ca7400d56fa6fef2a76cefe314848db22c76c

    e836873479ff558cfb885097e8783356aad1f2d30b69d825b3a71cb7a57cf930

    ffc6c3805bbaef2c4003763fd5fac0ebcccf99a1656f10cf7677f6c2a5d16dbd

    958921ea0995482fb04ea4a50bbdb654f272ab991046a43c1fdbd22da302d544

    defe25e400d4925d8a2bb4b1181044d06a8bf61688fd9c9ea59f1e0bb7bc21d8

    edc1f7528ca93ec432daca820f47e08d218b79cceca1ee764966f8f90d6a58bd

    29f89486bb820d40c9bee8bf70ee8664ea270b16e486af4a53ab703996943256

    2c40e7cf613bf2806ff6e9bc396058fe4f85926493979189dbdbc7d615b7cb14

    3b85d0261ab2531aba9e2992eb85273be0e26fe61e4592862d8f45d6807ceee4

    54305c7b95d8105601461bb18de87f1f679d833f15e38a9ee7895a0c8605c0d0

    5dee69127d501142413fb93fd2af8c8a378682c140c52b48990a5c41f2ce3616

    867a05d67dd184d544d5513f4f07959a7c2b558197c99cb8139ea797ad9fbece

    91e61fd77460393a89a8af657d09df6a815465f6ce22f1db8277d58342b32249

    b2b62703a1ef7d9d3376c6b3609cd901cbccdcca80fba940ce8ed3f4e54cdbe6

    cf35ce47b35f1405969f40633fcf35132ca3ccb3fdfded8cc270fc2223049b80

    d981a16b9da1615514a02f5ebb38416a009f5621c0b718214d5b105c9f552389

    ddd67dda5d58c7480152c9f6e8043c3ea7de2e593beedf86b867b83f005bf0cc

    ea0869fa9d5e23bdd16cddfefbbf9c67744598f379be306ff652f910db1ba162

    ef0e1bb2d389ab8b5f15d2f83cf978662e18e31dbe875f39db563e8a019af577

    f3e5667d02f95c001c717dfc5a0e100d2b701be4ec35a3e6875dc276431a7497

    f6761b5341a33188a7a1ca7a904d5866e07b8ddbde9adebdbce4306923cfc60a

    fc2a6138786fae4e33dc343aea2b1a7cd6411187307ea2c82cd96b45f6d1f2a0

    a97f460bfa612f1d406823620d0d25e381f9b980a0497e2775269917a7150f04

    d418f878fa02729b38b5384bcb3216872a968f5d0c9c77609d8c5aacedb07546

    ba86b6e0199b8907427364246f049efd67dc4eda0b5078f4bc7607253634cf24

    cf8ebfd98da3025dc09d0b3bbeef874d8f9c4d4ba4937719f0a9a3aa04c81beb

    5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b

    8a7ee2a8e6b3476319a3a0d5846805fd25fa388c7f2215668bc134202ea093fa

    3b47df790abb4eb3ac570b50bf96bb1943d4b46851430ebf3fc36f645061491b

    bb4856a66bf7e0de18522e35798c0a8734179c1aab21ed2ad6821aaa99e1cb4c

    aea13e5871b683a19a05015ff0369b412b985d47eb67a3af93f44400a026b4b0

    ed5b920dad5dcd3f9e55828f82a27211a212839c8942531c288535b92df7f453

    a54bcafd9d4ece87fa314d508a68f47b0ec3351c0a270aa2ed3a0e275b9db03c

    b53069a380a9dd3dc1c758888d0e50dd43935f16df0f7124c77569375a9f44f5

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    sha256hash IN ("55b3dc57929d8eacfdadc71d92483eabe4874bf3d0189f861b145705a0f0a8fe","ba86b6e0199b8907427364246f049efd67dc4eda0b5078f4bc7607253634cf24","b53069a380a9dd3dc1c758888d0e50dd43935f16df0f7124c77569375a9f44f5","c7726c166e1947fdbf808a50b75ca7400d56fa6fef2a76cefe314848db22c76c","498961237cf1c48f1e7764829818c5ba0af24a234c2f29c4420fb80276aec676","b90ef1d21523eeffbca17181ccccf269bca3840786fcbf5c73218c6e1d6a51a9","5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b","e836873479ff558cfb885097e8783356aad1f2d30b69d825b3a71cb7a57cf930","ed5b920dad5dcd3f9e55828f82a27211a212839c8942531c288535b92df7f453","272c86c6db95f1ef8b83f672b65e64df16494cae261e1aba1aeb1e59dcb68524","ae93d9327a91e90bf7744c6ce0eb4affb3acb62a5d1b2dafd645cba9af28d795","ffc6c3805bbaef2c4003763fd5fac0ebcccf99a1656f10cf7677f6c2a5d16dbd","a54bcafd9d4ece87fa314d508a68f47b0ec3351c0a270aa2ed3a0e275b9db03c","958921ea0995482fb04ea4a50bbdb654f272ab991046a43c1fdbd22da302d544","edc1f7528ca93ec432daca820f47e08d218b79cceca1ee764966f8f90d6a58bd","53f1b841d323c211c715b8f80d0efb9529440caae921a60340de027052946dd9","aea13e5871b683a19a05015ff0369b412b985d47eb67a3af93f44400a026b4b0","bb4856a66bf7e0de18522e35798c0a8734179c1aab21ed2ad6821aaa99e1cb4c","cf8ebfd98da3025dc09d0b3bbeef874d8f9c4d4ba4937719f0a9a3aa04c81beb","4f4567abe9ff520797b04b04255bbbe07ecdddb594559d436ac53314ec62c1b3","68d9020aa9b509a6d018d6d9f4c77e7604a588b2848e05da6a4d9f82d725f91b","6d3586aa6603f1c1c79d7bd7e0b5c5f0cc8e8a84577c35d21b0f462656c2e1f9","33580073680016f23bf474e6e62c61bf6a776e561385bfb06788a4713114ba9d","defe25e400d4925d8a2bb4b1181044d06a8bf61688fd9c9ea59f1e0bb7bc21d8","29f89486bb820d40c9bee8bf70ee8664ea270b16e486af4a53ab703996943256","2c40e7cf613bf2806ff6e9bc396058fe4f85926493979189dbdbc7d615b7cb14","3b85d0261ab2531aba9e2992eb85273be0e26fe61e4592862d8f45d6807ceee4","54305c7b95d8105601461bb18de87f1f679d833f15e38a9ee7895a0c8605c0d0","5dee69127d501142413fb93fd2af8c8a378682c140c52b48990a5c41f2ce3616","867a05d67dd184d544d5513f4f07959a7c2b558197c99cb8139ea797ad9fbece","91e61fd77460393a89a8af657d09df6a815465f6ce22f1db8277d58342b32249","b2b62703a1ef7d9d3376c6b3609cd901cbccdcca80fba940ce8ed3f4e54cdbe6","cf35ce47b35f1405969f40633fcf35132ca3ccb3fdfded8cc270fc2223049b80","d981a16b9da1615514a02f5ebb38416a009f5621c0b718214d5b105c9f552389","ddd67dda5d58c7480152c9f6e8043c3ea7de2e593beedf86b867b83f005bf0cc","ea0869fa9d5e23bdd16cddfefbbf9c67744598f379be306ff652f910db1ba162","ef0e1bb2d389ab8b5f15d2f83cf978662e18e31dbe875f39db563e8a019af577","f3e5667d02f95c001c717dfc5a0e100d2b701be4ec35a3e6875dc276431a7497","f6761b5341a33188a7a1ca7a904d5866e07b8ddbde9adebdbce4306923cfc60a","fc2a6138786fae4e33dc343aea2b1a7cd6411187307ea2c82cd96b45f6d1f2a0","a97f460bfa612f1d406823620d0d25e381f9b980a0497e2775269917a7150f04","d418f878fa02729b38b5384bcb3216872a968f5d0c9c77609d8c5aacedb07546","8a7ee2a8e6b3476319a3a0d5846805fd25fa388c7f2215668bc134202ea093fa","3b47df790abb4eb3ac570b50bf96bb1943d4b46851430ebf3fc36f645061491b")

    Reference:

    https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability/


    Tags

    VulnerabilityThreat ActorAPTRussiaChinaCVE-2025ExploitWinRAR

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.