This article examines how the Russian threat group Primitive Bear uses a recently discovered WinRAR vulnerability (CVE-2025-6218) to launch malware attacks targeting Ukrainian entities. The analysis highlights the group's methodology, including the use of deceptive file names to trick victims into executing malicious scripts.