BRAVE1 A.I CyberSecurity Scoring
BRAVE1
Company Information
Website:https://brave1.gov.ua/en/
Employees number:60
Number of followers:24,886
NAICS:336414
Industry Type:Defense and Space Manufacturing
Homepage:brave1.gov.ua
BRAVE1 Risk Score (AI oriented)
Between 700 and 749
BRAVE1Defense and Space Manufacturing
Updated:
15/06/2026
15/06/2026
734/1000
Moderate
Ba
BRAVE1 Global Score (TPRM)
xxxx
BRAVE1Defense and Space Manufacturing
Score locked

BRAVE1Moderate
Current Score
734Ba (MODERATE)
01000
1 incidents
-13 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
735
JUNE 2026
734
MAY 2026
734
APRIL 2026
746
Cyber Attack
01 Apr 2026 • BRAVE1
Ukrainian law enforcement, Ukrainian military innovation centers and Ukrainian local governments: WinRAR Vulnerability Exploited by Russian Hackers to Deploy GIFTEDCROOK Stealer
Russian Hackers Exploit WinRAR Flaw to Steal Data from Ukrainian Organizations
733
CRITICAL-13
BRAASSMIN1781511853
Russian Hackers Exploit WinRAR Flaw to Steal Data from Ukrainian Organizations
Russian cyber threat groups are actively exploiting a patched WinRAR vulnerability (CVE-2025-8088) to infiltrate Ukrainian organizations, stealing passwords, session cookies, and sensitive files. Despite the flaw being fixed in July 2025, multiple Russia-aligned hacking collectives including SHADOW-EARTH-066 (UAC-0226) and Earth Dahu (Gamaredon) continue to weaponize it as recently as April 2026.
The attacks begin with spear-phishing emails containing malicious RAR archives. When opened with an outdated WinRAR version, the exploit silently drops hidden payloads into the Windows Startup folder while displaying a decoy PDF. Upon the next login, the malware executes automatically, deploying an evolved version of the GIFTEDCROOK information stealer.
SHADOW-EARTH-066 has targeted Ukrainian military innovation centers, law enforcement, and local governments near the eastern border. Earth Dahu, active since at least 2013, delivers espionage tools via HTML Application (HTA) files hosted on Cloudflare Workers. Both groups exploit the same unpatched entry point, though their toolsets differ.
The malware, internally named result.dll, extracts data from Chrome, Edge, Opera, and Firefox including passwords, session cookies, and master decryption keys while scanning for files with 35 extensions (e.g., spreadsheets, email files, KeePass databases). Stolen data is encrypted with dual-layer RC4 and exfiltrated over HTTPS to command-and-control (C&C) servers in France, the Netherlands, and Switzerland. After exfiltration, the malware removes staging files and Startup entries, minimizing forensic traces.
GIFTEDCROOK’s evolution highlights increased sophistication: earlier versions used Telegram bots with plaintext tokens, while the current variant employs encrypted HTTPS communication and a Chrome App-Bound Encryption bypass. PowerShell loaders are heavily obfuscated to evade detection, and the final payload never writes decoded files to disk.
Other Russia-linked groups, including Sandworm, Turla, and Void Rabisu, have also exploited this vulnerability. The persistent abuse underscores a critical gap: WinRAR lacks automatic updates or enterprise patch management, leaving organizations vulnerable if manual updates are overlooked.
Indicators of compromise (IoCs) include LNK or HTA files in the Startup folder, short alphanumeric files (e.g., KKN, ND8) in C:\ProgramData, and connections to C&C servers such as 166[.]0[.]132[.]237 (port 7044) and 194[.]58[.]66[.]82. The malicious RAR archive sample analyzed has a SHA-256 hash of 3d371ef71e40c34a75c168d464d47db096f386499d99aa88d4e16b63cd4acda25.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
746
FEBRUARY 2026
746
JANUARY 2026
746
DECEMBER 2025
746
NOVEMBER 2025
746
OCTOBER 2025
746
SEPTEMBER 2025
746
AUGUST 2025
746
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for BRAVE1 ??
What was BRAVE1's A.I Rankiteo Cyber Score in June 2026 ??
What was BRAVE1's A.I Rankiteo Cyber Score in May 2026 ??
What was BRAVE1's A.I Rankiteo Cyber Score in April 2026 ??
What was BRAVE1's A.I Rankiteo Cyber Score in March 2026 ??
What was BRAVE1's A.I Rankiteo Cyber Score in February 2026 ??
What was BRAVE1's A.I Rankiteo Cyber Score in January 2026 ??
What was BRAVE1's A.I Rankiteo Cyber Score in December 2025 ??
What was BRAVE1's A.I Rankiteo Cyber Score in November 2025 ??
What was BRAVE1's A.I Rankiteo Cyber Score in October 2025 ??
What was BRAVE1's A.I Rankiteo Cyber Score in September 2025 ??
What was BRAVE1's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on BRAVE1's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with BRAVE1 ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view BRAVE1's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?