Trend Micro researchers Hiroyuki Kakara & Feike Hacquebord examine two separate campaigns that exploit WinRAR CVE-2025-8088 against Ukrainian targets. SHADOW-EARTH-066 & Earth Dahu (Gamaredon) use different tooling and infrastructure, but share the same entry point. https://www.trendmicro.com/en_us/research/26/f/old-winrar-flaw-fuels-attacks-on-ukraine.html