The Defense Forces Of Ukraine Targeted With Malicious File Through Signal CERT-UA9522
"CERT-UA reported an attempted malware attack on a Defense Forces of Ukraine representatives computer. An unidentified person sent a file named ""Support.rar"" via the Signal messenger pretending it was necessary for a UN Peace Support Operations job application. The archive contains an exploit for a WinRAR software vulnerability (CVE-2023-38831). If opened it executes a CMD file (""support.pdf.cmd"") which opens a decoy document and launches PowerShell scripts classified as the CookBox malware."