← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks
The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks.
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
TrojanSpy
Indicators of Compromise (64)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 0359edc4d2038de4660e733f5a80de94 | MD5 of 62eb856a5f646c2883a3982f15c3eb877641f9e69783383ce8a73c688eccd543 | 2025-02-19 | |
| FileHash-MD5 | 0851f82500aafa5e21153d8259ff9335 | MD5 of 888f68917f9250a0936fd66ea46b6c510d0f6a0ca351ee62774dd14268fe5420 | 2025-02-19 | |
| FileHash-MD5 | 27535aabdb1db8ad9b995fe23f4de673 | MD5 of 8ee225bdd38cf6fd014a16beb9e33a0650147a9b7ea2104afe2f47c01bd1db0b | 2025-02-19 | |
| FileHash-MD5 | 28971ced9168cc58fe92749bdff49afe | MD5 of fdfbdd42944c9e3b9697a8d8375e4e5cfd45c86941aa3f8f6dd0d08607b73144 | 2025-02-19 | |
| FileHash-MD5 | 4f6cb09e56494f178fd06ee05c3880ac | MD5 of 5c7d582ba61ac95fb0d330ecc05feeb4853ac1de1f5a6fd12df6491dd0b7ea34 | 2025-02-19 | |
| FileHash-MD5 | 5a4a102594665c3ff927155a43d7520d | MD5 of b3df042c5286fa91a4555e105038364bc66bfe7fdfe3769eb26b96e0ffe6096b | 2025-02-19 | |
| FileHash-MD5 | 6476071b5a91ac078350768dc9b2e953 | MD5 of a059d671d950abee93ef78a170d58a3839c2a465914ab3bd5411e39c89ae55a2 | 2025-02-19 | |
| FileHash-MD5 | 733f92d06a4154475ce4840a60ee5b38 | MD5 of 84ab6c3e1f2dc98cf4d5b8b739237570416bb82e2edaf078e9868663553c5412 | 2025-02-19 | |
| FileHash-MD5 | 7564fc9db09034f49408c33fae34a335 | MD5 of d6d722ae73ddff1ad7c468feca882b159a2a6e267df8b219482b514cdab74c21 | 2025-02-19 | |
| FileHash-MD5 | a5c0541a087cdd75e0065eac3cd14a06 | MD5 of 554d9ddd6fd1ccb15d7686c8badb8653323c71884c7f20efb19b56324ff34fc1 | 2025-02-19 | |
| FileHash-MD5 | db0e698f068ffdba8c1c40a3818e86d5 | MD5 of 915b73a57aaf759fbd5352d79656e1b697545e6c9d953ab05aacf61ed4f6e397 | 2025-02-19 | |
| FileHash-MD5 | e75185a22cdf243af1a5f41fd53d9a0d | MD5 of 54678013c8741db3340960e54ba93001c27619ead5cf5cc2eafd4c0fcf797ae6 | 2025-02-19 | |
| FileHash-MD5 | f68acb34a6164d572fd9fae12223c66d | MD5 of 2e33c2010f95cbda8bf0817f1b5c69b51c860c536064182b67261f695f54e1d5 | 2025-02-19 | |
| FileHash-SHA1 | 11544d204bf319f3c4d77b05ae0d0e9f58c7891a | SHA1 of 915b73a57aaf759fbd5352d79656e1b697545e6c9d953ab05aacf61ed4f6e397 | 2025-02-19 | |
| FileHash-SHA1 | 3368b86b129e6fbe99049a5441770da9c16ed52e | SHA1 of 84ab6c3e1f2dc98cf4d5b8b739237570416bb82e2edaf078e9868663553c5412 | 2025-02-19 | |
| FileHash-SHA1 | 42a01b8c2f0e7215c025892c0c517a80a3b32b49 | SHA1 of 8ee225bdd38cf6fd014a16beb9e33a0650147a9b7ea2104afe2f47c01bd1db0b | 2025-02-19 | |
| FileHash-SHA1 | 45810dc8fa00d54a302d8ea5a7563a21c93c94f4 | SHA1 of 5c7d582ba61ac95fb0d330ecc05feeb4853ac1de1f5a6fd12df6491dd0b7ea34 | 2025-02-19 | |
| FileHash-SHA1 | 681e86b26771ff86c37d8cff72a60b3411f236e9 | SHA1 of 62eb856a5f646c2883a3982f15c3eb877641f9e69783383ce8a73c688eccd543 | 2025-02-19 | |
| FileHash-SHA1 | 6b8cb8a205dc3fef12981306d5b7072f519cff3c | SHA1 of fdfbdd42944c9e3b9697a8d8375e4e5cfd45c86941aa3f8f6dd0d08607b73144 | 2025-02-19 | |
| FileHash-SHA1 | 70aeb55005fd1d672bc74575de29e76540d4aed4 | SHA1 of b3df042c5286fa91a4555e105038364bc66bfe7fdfe3769eb26b96e0ffe6096b | 2025-02-19 | |
| FileHash-SHA1 | 88a82a543e93a50ef5acc9924844c0ce46dc183b | SHA1 of 554d9ddd6fd1ccb15d7686c8badb8653323c71884c7f20efb19b56324ff34fc1 | 2025-02-19 | |
| FileHash-SHA1 | 911e0a5ecec7b40883adc6e86383992e043df912 | SHA1 of 2e33c2010f95cbda8bf0817f1b5c69b51c860c536064182b67261f695f54e1d5 | 2025-02-19 | |
| FileHash-SHA1 | b800205252362b86b10a8e8f56e21143cadab40f | SHA1 of 54678013c8741db3340960e54ba93001c27619ead5cf5cc2eafd4c0fcf797ae6 | 2025-02-19 | |
| FileHash-SHA1 | b8fdc00914943d0aaea0f5ca297f7c51c8c96ab9 | SHA1 of 888f68917f9250a0936fd66ea46b6c510d0f6a0ca351ee62774dd14268fe5420 | 2025-02-19 | |
| FileHash-SHA1 | c0a49e5e0054673b3cea2a9e279c896eb2ebec27 | SHA1 of d6d722ae73ddff1ad7c468feca882b159a2a6e267df8b219482b514cdab74c21 | 2025-02-19 | |
| FileHash-SHA1 | f40fcb5af96c56305a64790ccbaa261c10173782 | SHA1 of a059d671d950abee93ef78a170d58a3839c2a465914ab3bd5411e39c89ae55a2 | 2025-02-19 | |
| FileHash-SHA256 | 2e33c2010f95cbda8bf0817f1b5c69b51c860c536064182b67261f695f54e1d5 | — | 2025-02-19 | |
| FileHash-SHA256 | 54678013c8741db3340960e54ba93001c27619ead5cf5cc2eafd4c0fcf797ae6 | — | 2025-02-19 | |
| FileHash-SHA256 | 554d9ddd6fd1ccb15d7686c8badb8653323c71884c7f20efb19b56324ff34fc1 | — | 2025-02-19 | |
| FileHash-SHA256 | 5c7d582ba61ac95fb0d330ecc05feeb4853ac1de1f5a6fd12df6491dd0b7ea34 | — | 2025-02-19 | |
| FileHash-SHA256 | 62eb856a5f646c2883a3982f15c3eb877641f9e69783383ce8a73c688eccd543 | — | 2025-02-19 | |
| FileHash-SHA256 | 84ab6c3e1f2dc98cf4d5b8b739237570416bb82e2edaf078e9868663553c5412 | — | 2025-02-19 | |
| FileHash-SHA256 | 888f68917f9250a0936fd66ea46b6c510d0f6a0ca351ee62774dd14268fe5420 | — | 2025-02-19 | |
| FileHash-SHA256 | 8ee225bdd38cf6fd014a16beb9e33a0650147a9b7ea2104afe2f47c01bd1db0b | — | 2025-02-19 | |
| FileHash-SHA256 | 915b73a57aaf759fbd5352d79656e1b697545e6c9d953ab05aacf61ed4f6e397 | — | 2025-02-19 | |
| FileHash-SHA256 | a059d671d950abee93ef78a170d58a3839c2a465914ab3bd5411e39c89ae55a2 | — | 2025-02-19 | |
| FileHash-SHA256 | b3df042c5286fa91a4555e105038364bc66bfe7fdfe3769eb26b96e0ffe6096b | — | 2025-02-19 | |
| FileHash-SHA256 | cd123c288f623878218be31125000441bb8c5447375af67bc3c1d27d16eb5f8c | — | 2025-02-19 | |
| FileHash-SHA256 | d6d722ae73ddff1ad7c468feca882b159a2a6e267df8b219482b514cdab74c21 | — | 2025-02-19 | |
| FileHash-SHA256 | fdfbdd42944c9e3b9697a8d8375e4e5cfd45c86941aa3f8f6dd0d08607b73144 | — | 2025-02-19 | |
| URL | http://185.156.72.78/MyFolder/invoce.zip | — | 2025-02-19 | |
| URL | http://185.156.72.78/MyFolder/pay.zip | — | 2025-02-19 | |
| URL | http://alfacentarusmulticopter.ru/index.php | — | 2025-02-19 | |
| URL | http://goodmastersportunicum.ru/load/svc.exe | — | 2025-02-19 | |
| URL | http://johnfabiconinteraption.ru/index.php | — | 2025-02-19 | |
| URL | http://lazaretmed.pw/index.php | — | 2025-02-19 | |
| URL | http://netfilediscdownloadapplication.ru/file/download/6852365456384563846538458 | — | 2025-02-19 | |
| URL | http://oncomnigos.online/index.php | — | 2025-02-19 | |
| URL | http://southlander.ru/dklfhgjdfhgjd78khdgfjgh/akt.bat | — | 2025-02-19 | |
| URL | http://storeagroculturnaya.ru/index.php | — | 2025-02-19 | |
| URL | http://technoads.pw/index.php | — | 2025-02-19 | |
| URL | http://unicalads.ru/index.php | — | 2025-02-19 | |
| domain | alfacentarusmulticopter.ru | — | 2025-02-19 | |
| domain | goodmastersportunicum.ru | — | 2025-02-19 | |
| domain | johnfabiconinteraption.ru | — | 2025-02-19 | |
| domain | lazaretmed.pw | — | 2025-02-19 | |
| domain | netfilediscdownloadapplication.ru | — | 2025-02-19 | |
| domain | oncomnigos.online | — | 2025-02-19 | |
| domain | southlander.ru | — | 2025-02-19 | |
| domain | storeagroculturnaya.ru | — | 2025-02-19 | |
| domain | technoads.pw | — | 2025-02-19 | |
| domain | ukr-netfilediscdownloadapplication.ru | — | 2025-02-19 | |
| domain | unicalads.ru | — | 2025-02-19 | |
| hostname | trojan.win32.downloader.bz | — | 2025-02-19 |