{ "type": "Domain", "indicator": "technoads.pw", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/technoads.pw", "alexa": "http://www.alexa.com/siteinfo/technoads.pw", "indicator": "technoads.pw", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4033626868, "indicator": "technoads.pw", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "67a24451b4727ae85c4dd434", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks", "description": "A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited by Russian cybercrime groups to target Ukrainian organizations. The vulnerability allows bypassing Windows Mark-of-the-Web protections through double archiving, enabling execution of malicious content. The campaign involved spear-phishing emails with homoglyph attacks to trick users into executing malicious files. The exploit was likely part of a cyberespionage effort in the ongoing Russo-Ukraine conflict. Affected organizations include government entities and businesses. Recommendations include updating 7-Zip, implementing email security measures, and training employees on phishing and homoglyph attacks.", "modified": "2025-03-06T16:05:43.063000", "created": "2025-02-04T16:46:09.639000", "tags": [ "zero-day", "7-zip", "homoglyph attacks", "smokeloader", "spear-phishing", "cyberespionage", "cve-2025-0411", "mark-of-the-web bypass" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "Russian cybercrime groups", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null } ], "attack_ids": [ { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1036.002", "name": "Right-to-Left Override", "display_name": "T1036.002 - Right-to-Left Override" }, { "id": "T1553.005", "name": "Mark-of-the-Web Bypass", "display_name": "T1553.005 - Mark-of-the-Web Bypass" } ], "industries": [ "Government", "Transportation", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 35, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 16, "domain": 12, "hostname": 1 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 386937, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67b61e717e62f9323ff4a2d1", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks", "description": "The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks.", "modified": "2025-03-21T18:02:14.323000", "created": "2025-02-19T18:09:53.843000", "tags": [ "http", "domains", "ipv4", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "threatmanager", "id": "74623", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 14, "URL": 12, "domain": 11, "hostname": 1 }, "indicator_count": 64, "is_author": false, "is_subscribing": null, "subscriber_count": 507, "modified_text": "437 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a4765bb1833d9e520b35b0", "name": "7-zip vlun - CVE-2025-0411", "description": "Trend Zero Day Initiative (ZDI) \u56e2\u961f\u5728 2024 \u5e74 9 \u6708\u53d1\u73b0 7-Zip \u5b58\u5728 CVE-2025-0411 \u96f6\u65e5\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u88ab \u4fc4\u7f57\u65af\u7f51\u7edc\u72af\u7f6a\u7ec4\u7ec7 \u7528\u4e8e SmokeLoader \u6076\u610f\u8f6f\u4ef6\u653b\u51fb\uff0c\u76ee\u6807\u4e3a\u4e4c\u514b\u5170\u653f\u5e9c\u548c\u6c11\u95f4\u7ec4\u7ec7\u3002\n\n\u8be5\u6f0f\u6d1e\u5141\u8bb8\u901a\u8fc7 \u53cc\u5c42\u538b\u7f29 \u65b9\u5f0f\u7ed5\u8fc7 Windows Mark-of-the-Web (MoTW) \u5b89\u5168\u9632\u62a4\uff0c\u4f7f\u6076\u610f\u6587\u4ef6\u5f97\u4ee5\u6267\u884c\u3002\u653b\u51fb\u8005\u5229\u7528 \u9c7c\u53c9\u5f0f\u9493\u9c7c \u548c \u540c\u5f62\u653b\u51fb (homoglyph attack) \u4f2a\u88c5\u6587\u4ef6\u6269\u5c55\u540d\uff0c\u6b3a\u9a97 Windows \u53ca\u7528\u6237\u6253\u5f00\u6076\u610f\u6587\u4ef6\u3002\n\n7-Zip \u5df2\u4e8e 2024 \u5e74 11 \u6708 30 \u65e5\u53d1\u5e03 24.09 \u7248\u672c \u4fee\u590d\u6b64\u6f0f\u6d1e\u3002\u5efa\u8bae\u7528\u6237 \u5c3d\u5feb\u66f4\u65b0 7-Zip\uff0c\u5f3a\u5316 \u90ae\u4ef6\u5b89\u5168\uff0c\u5e76\u52a0\u5f3a\u5458\u5de5\u7684 \u9493\u9c7c\u9632\u8303\u57f9\u8bad \u4ee5\u62b5\u5fa1\u6b64\u7c7b\u9ad8\u7ea7\u653b\u51fb\u3002", "modified": "2025-03-06T16:05:43.063000", "created": "2025-02-06T08:44:11.124000", "tags": [ "zero-day", "7-zip", "homoglyph attacks", "smokeloader", "spear-phishing", "cyberespionage", "cve-2025-0411", "mark-of-the-web bypass" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "Russian cybercrime groups", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null } ], "attack_ids": [ { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1036.002", "name": "Right-to-Left Override", "display_name": "T1036.002 - Right-to-Left Override" }, { "id": "T1553.005", "name": "Mark-of-the-Web Bypass", "display_name": "T1553.005 - Mark-of-the-Web Bypass" } ], "industries": [ "Government", "Transportation", "Energy" ], "TLP": "white", "cloned_from": "67a24451b4727ae85c4dd434", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 16, "domain": 12, "hostname": 1 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a20d938522f10aadd03c60", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks", "description": "The ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks.", "modified": "2025-03-06T12:00:18.621000", "created": "2025-02-04T12:52:35.885000", "tags": [ "http", "domains", "ipv4", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 14, "URL": 12, "domain": 11, "hostname": 1 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a2f2d41c71c26e8de252d8", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks", "description": "", "modified": "2025-03-06T12:00:18.621000", "created": "2025-02-05T05:10:44.100000", "tags": [ "http", "domains", "ipv4", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "67a20d938522f10aadd03c60", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 14, "URL": 12, "domain": 11, "hostname": 1 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a1da548e9df794c0484262", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | Trend Micro (US)", "description": "El Navegador de Netskope, a Spanish internet operator, says he has \"no idea\" how to respond to the conexi\u00f3n between his team and the rival Netcom.", "modified": "2025-03-06T09:01:48.226000", "created": "2025-02-04T09:13:56.596000", "tags": [ "netskope", "el navegador", "si desea", "intune", "exploits & vulnerabilities", "apt & targeted attacks", "endpoints", "research", "articles", "news", "reports", "trend vision", "cve20240411", "cve20250411", "educate", "vision one", "one threat", "threat insights", "vulnerability", "cyber espionage", "state executive", "service", "ukraine", "twitter" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 20, "domain": 12, "URL": 12, "hostname": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "related": { "alienvault": { "adversary": [ "Russian cybercrime groups" ], "malware_families": [ "Smokeloader" ], "industries": [ "Government", "Energy", "Transportation" ] }, "other": { "adversary": [ "Russian cybercrime groups" ], "malware_families": [ "Smokeloader", "Trojanspy" ], "industries": [ "Government", "Energy", "Transportation" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "67a24451b4727ae85c4dd434", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks", "description": "A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited by Russian cybercrime groups to target Ukrainian organizations. The vulnerability allows bypassing Windows Mark-of-the-Web protections through double archiving, enabling execution of malicious content. The campaign involved spear-phishing emails with homoglyph attacks to trick users into executing malicious files. The exploit was likely part of a cyberespionage effort in the ongoing Russo-Ukraine conflict. Affected organizations include government entities and businesses. Recommendations include updating 7-Zip, implementing email security measures, and training employees on phishing and homoglyph attacks.", "modified": "2025-03-06T16:05:43.063000", "created": "2025-02-04T16:46:09.639000", "tags": [ "zero-day", "7-zip", "homoglyph attacks", "smokeloader", "spear-phishing", "cyberespionage", "cve-2025-0411", "mark-of-the-web bypass" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "Russian cybercrime groups", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null } ], "attack_ids": [ { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1036.002", "name": "Right-to-Left Override", "display_name": "T1036.002 - Right-to-Left Override" }, { "id": "T1553.005", "name": "Mark-of-the-Web Bypass", "display_name": "T1553.005 - Mark-of-the-Web Bypass" } ], "industries": [ "Government", "Transportation", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 35, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 16, "domain": 12, "hostname": 1 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 386937, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67b61e717e62f9323ff4a2d1", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks", "description": "The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks.", "modified": "2025-03-21T18:02:14.323000", "created": "2025-02-19T18:09:53.843000", "tags": [ "http", "domains", "ipv4", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "threatmanager", "id": "74623", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 14, "URL": 12, "domain": 11, "hostname": 1 }, "indicator_count": 64, "is_author": false, "is_subscribing": null, "subscriber_count": 507, "modified_text": "437 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a4765bb1833d9e520b35b0", "name": "7-zip vlun - CVE-2025-0411", "description": "Trend Zero Day Initiative (ZDI) \u56e2\u961f\u5728 2024 \u5e74 9 \u6708\u53d1\u73b0 7-Zip \u5b58\u5728 CVE-2025-0411 \u96f6\u65e5\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u88ab \u4fc4\u7f57\u65af\u7f51\u7edc\u72af\u7f6a\u7ec4\u7ec7 \u7528\u4e8e SmokeLoader \u6076\u610f\u8f6f\u4ef6\u653b\u51fb\uff0c\u76ee\u6807\u4e3a\u4e4c\u514b\u5170\u653f\u5e9c\u548c\u6c11\u95f4\u7ec4\u7ec7\u3002\n\n\u8be5\u6f0f\u6d1e\u5141\u8bb8\u901a\u8fc7 \u53cc\u5c42\u538b\u7f29 \u65b9\u5f0f\u7ed5\u8fc7 Windows Mark-of-the-Web (MoTW) \u5b89\u5168\u9632\u62a4\uff0c\u4f7f\u6076\u610f\u6587\u4ef6\u5f97\u4ee5\u6267\u884c\u3002\u653b\u51fb\u8005\u5229\u7528 \u9c7c\u53c9\u5f0f\u9493\u9c7c \u548c \u540c\u5f62\u653b\u51fb (homoglyph attack) \u4f2a\u88c5\u6587\u4ef6\u6269\u5c55\u540d\uff0c\u6b3a\u9a97 Windows \u53ca\u7528\u6237\u6253\u5f00\u6076\u610f\u6587\u4ef6\u3002\n\n7-Zip \u5df2\u4e8e 2024 \u5e74 11 \u6708 30 \u65e5\u53d1\u5e03 24.09 \u7248\u672c \u4fee\u590d\u6b64\u6f0f\u6d1e\u3002\u5efa\u8bae\u7528\u6237 \u5c3d\u5feb\u66f4\u65b0 7-Zip\uff0c\u5f3a\u5316 \u90ae\u4ef6\u5b89\u5168\uff0c\u5e76\u52a0\u5f3a\u5458\u5de5\u7684 \u9493\u9c7c\u9632\u8303\u57f9\u8bad \u4ee5\u62b5\u5fa1\u6b64\u7c7b\u9ad8\u7ea7\u653b\u51fb\u3002", "modified": "2025-03-06T16:05:43.063000", "created": "2025-02-06T08:44:11.124000", "tags": [ "zero-day", "7-zip", "homoglyph attacks", "smokeloader", "spear-phishing", "cyberespionage", "cve-2025-0411", "mark-of-the-web bypass" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "Russian cybercrime groups", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null } ], "attack_ids": [ { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1036.002", "name": "Right-to-Left Override", "display_name": "T1036.002 - Right-to-Left Override" }, { "id": "T1553.005", "name": "Mark-of-the-Web Bypass", "display_name": "T1553.005 - Mark-of-the-Web Bypass" } ], "industries": [ "Government", "Transportation", "Energy" ], "TLP": "white", "cloned_from": "67a24451b4727ae85c4dd434", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 16, "domain": 12, "hostname": 1 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a20d938522f10aadd03c60", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks", "description": "The ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks.", "modified": "2025-03-06T12:00:18.621000", "created": "2025-02-04T12:52:35.885000", "tags": [ "http", "domains", "ipv4", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 14, "URL": 12, "domain": 11, "hostname": 1 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a2f2d41c71c26e8de252d8", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks", "description": "", "modified": "2025-03-06T12:00:18.621000", "created": "2025-02-05T05:10:44.100000", "tags": [ "http", "domains", "ipv4", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "67a20d938522f10aadd03c60", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 14, "URL": 12, "domain": 11, "hostname": 1 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a1da548e9df794c0484262", "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | Trend Micro (US)", "description": "El Navegador de Netskope, a Spanish internet operator, says he has \"no idea\" how to respond to the conexi\u00f3n between his team and the rival Netcom.", "modified": "2025-03-06T09:01:48.226000", "created": "2025-02-04T09:13:56.596000", "tags": [ "netskope", "el navegador", "si desea", "intune", "exploits & vulnerabilities", "apt & targeted attacks", "endpoints", "research", "articles", "news", "reports", "trend vision", "cve20240411", "cve20250411", "educate", "vision one", "one threat", "threat insights", "vulnerability", "cyber espionage", "state executive", "service", "ukraine", "twitter" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 20, "domain": 12, "URL": 12, "hostname": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "technoads.pw", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "technoads.pw", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780422664.6546223 }