IOC Radar
TLP:WHITE27 IOCs

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

BO
Botvrij.eu OSINT Feed
Published February 8, 2025Original Report

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREhttps://southlander.r…https://lazaretmed.pw…pay.zipCAPABILITYunknownVICTIMunknown
Adversary
Infrastructure(6)
Capability
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise27

TypeIndicatorConfidenceScoreFirst Seen
SHA25654678013c8741db3340960e54ba93001c27619ead5cf5cc2eafd4c0fcf797ae6
file-hashloadermalware
High
68
Jun 2, 26
SHA2565c7d582ba61ac95fb0d330ecc05feeb4853ac1de1f5a6fd12df6491dd0b7ea34
file-hashloadermalware
High
68
Jun 2, 26
CVECVE-2025-0411
exploitloadermalware
High
68
Jun 2, 26
SHA256554d9ddd6fd1ccb15d7686c8badb8653323c71884c7f20efb19b56324ff34fc1
exploitfile-hashloader
High
68
Jun 2, 26
SHA25684ab6c3e1f2dc98cf4d5b8b739237570416bb82e2edaf078e9868663553c5412
file-hashloadermalware
High
68
Jun 2, 26
URLhttps://southlander.ru/dklfhgjdfhgjd78khdgfjgh/akt.bat
aptespionagenetwork
High
68
Jun 2, 26
SHA256a059d671d950abee93ef78a170d58a3839c2a465914ab3bd5411e39c89ae55a2
file-hashloadermalware
High
68
Jun 2, 26
SHA256fdfbdd42944c9e3b9697a8d8375e4e5cfd45c86941aa3f8f6dd0d08607b73144
file-hashloadermalware
High
68
Jun 2, 26
SHA2562e33c2010f95cbda8bf0817f1b5c69b51c860c536064182b67261f695f54e1d5
exploitfile-hashloader
High
68
Jun 2, 26
SHA25662eb856a5f646c2883a3982f15c3eb877641f9e69783383ce8a73c688eccd543
file-hashloadermalware
High
68
Jun 2, 26
SHA2568ee225bdd38cf6fd014a16beb9e33a0650147a9b7ea2104afe2f47c01bd1db0b
file-hashloadermalware
High
68
Jun 2, 26
SHA256d6d722ae73ddff1ad7c468feca882b159a2a6e267df8b219482b514cdab74c21
file-hashloadermalware
High
68
Jun 2, 26
URLhttps://lazaretmed.pw/index.php
aptespionagenetwork
High
68
Jun 2, 26
Domainpay.zip
indicatornetwork
High
68
Jun 2, 26
URLhttps://alfacentarusmulticopter.ru/index.php
aptespionagenetwork
High
68
Jun 2, 26
SHA256cd123c288f623878218be31125000441bb8c5447375af67bc3c1d27d16eb5f8c
file-hashloadermalware
High
68
Jun 2, 26
SHA256888f68917f9250a0936fd66ea46b6c510d0f6a0ca351ee62774dd14268fe5420
file-hashloadermalware
High
68
Jun 2, 26
URLhttps://johnfabiconinteraption.ru/index.php
aptespionagenetwork
High
68
Jun 2, 26
URLhttps://185.156.72.78/MyFolder/pay.zip
networkurl
High
68
Jun 2, 26
URLhttps://goodmastersportunicum.ru/load/svc.exe
aptespionagenetwork
High
68
Jun 2, 26
URLhttps://technoads.pw/index.php
networkurl
High
68
Jun 2, 26
URLnetfilediscdownloadapplication.ru/file/download/6852365456384563846538458
loadermalwarenetwork
High
68
Jun 2, 26
SHA256b3df042c5286fa91a4555e105038364bc66bfe7fdfe3769eb26b96e0ffe6096b
file-hashloadermalware
High
68
Jun 2, 26
URLhttps://unicalads.ru/index.php
aptespionagenetwork
High
68
Jun 2, 26
SHA256915b73a57aaf759fbd5352d79656e1b697545e6c9d953ab05aacf61ed4f6e397
file-hashloadermalware
High
68
Jun 2, 26
URLhttps://storeagroculturnaya.ru/index.php
aptespionagenetwork
High
68
Jun 2, 26
URLhttps://oncomnigos.online/index.php
networkurl
High
68
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph27 total IOCs
SHA256CVEURLDomain
SHA25614URL11CVE1Domain1REPORTCVE-2025-0411: Ukrainian O
scroll to zoom · drag to pan · click IOC to open