← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
7-zip vlun - CVE-2025-0411
WHITE Russian cybercrime groups celestre 2025-02-06 Modified: 2025-03-06
29
IOCs
MEDIUM VOLUME
Trend Zero Day Initiative (ZDI) 团队在 2024 年 9 月发现 7-Zip 存在 CVE-2025-0411 零日漏洞,该漏洞被 俄罗斯网络犯罪组织 用于 SmokeLoader 恶意软件攻击,目标为乌克兰政府和民间组织。 该漏洞允许通过 双层压缩 方式绕过 Windows Mark-of-the-Web (MoTW) 安全防护,使恶意文件得以执行。攻击者利用 鱼叉式钓鱼 和 同形攻击 (homoglyph attack) 伪装文件扩展名,欺骗 Windows 及用户打开恶意文件。 7-Zip 已于 2024 年 11 月 30 日发布 24.09 版本 修复此漏洞。建议用户 尽快更新 7-Zip,强化 邮件安全,并加强员工的 钓鱼防范培训 以抵御此类高级攻击。
zero-day7-ziphomoglyph attackssmokeloaderspear-phishingcyberespionagecve-2025-0411mark-of-the-web bypass
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SmokeLoader
Indicators of Compromise (29)
All FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 2e33c2010f95cbda8bf0817f1b5c69b51c860c536064182b67261f695f54e1d5 2025-02-06
FileHash-SHA256 54678013c8741db3340960e54ba93001c27619ead5cf5cc2eafd4c0fcf797ae6 2025-02-06
FileHash-SHA256 554d9ddd6fd1ccb15d7686c8badb8653323c71884c7f20efb19b56324ff34fc1 2025-02-06
FileHash-SHA256 5c7d582ba61ac95fb0d330ecc05feeb4853ac1de1f5a6fd12df6491dd0b7ea34 2025-02-06
FileHash-SHA256 62eb856a5f646c2883a3982f15c3eb877641f9e69783383ce8a73c688eccd543 2025-02-06
FileHash-SHA256 84ab6c3e1f2dc98cf4d5b8b739237570416bb82e2edaf078e9868663553c5412 2025-02-06
FileHash-SHA256 888f68917f9250a0936fd66ea46b6c510d0f6a0ca351ee62774dd14268fe5420 2025-02-06
FileHash-SHA256 8ee225bdd38cf6fd014a16beb9e33a0650147a9b7ea2104afe2f47c01bd1db0b 2025-02-06
FileHash-SHA256 915b73a57aaf759fbd5352d79656e1b697545e6c9d953ab05aacf61ed4f6e397 2025-02-06
FileHash-SHA256 a059d671d950abee93ef78a170d58a3839c2a465914ab3bd5411e39c89ae55a2 2025-02-06
FileHash-SHA256 b3df042c5286fa91a4555e105038364bc66bfe7fdfe3769eb26b96e0ffe6096b 2025-02-06
FileHash-SHA256 cd123c288f623878218be31125000441bb8c5447375af67bc3c1d27d16eb5f8c 2025-02-06
FileHash-SHA256 d6d722ae73ddff1ad7c468feca882b159a2a6e267df8b219482b514cdab74c21 2025-02-06
FileHash-SHA256 fdfbdd42944c9e3b9697a8d8375e4e5cfd45c86941aa3f8f6dd0d08607b73144 2025-02-06
domain alfacentarusmulticopter.ru 2025-02-06
domain goodmastersportunicum.ru 2025-02-06
domain johnfabiconinteraption.ru 2025-02-06
domain lazaretmed.pw 2025-02-06
domain netfilediscdownloadapplication.ru 2025-02-06
domain oncomnigos.online 2025-02-06
domain southlander.ru 2025-02-06
domain storeagroculturnaya.ru 2025-02-06
domain technoads.pw 2025-02-06
domain ukr-netfilediscdownloadapplication.ru 2025-02-06
domain unicalads.ru 2025-02-06
hostname trojan.win32.downloader.bz 2025-02-06
FileHash-SHA256 7786501e3666c1a5071c9c5e5a019e2bc86a1f169d469cc4bfef2fe339aaf384 2025-02-06
FileHash-SHA256 ba74ecae43adc78efaee227a0d7170829b9036e5e7f602cf38f32715efa51826 2025-02-06
domain rosoft.com 2025-02-06
References (1)
↗ https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html