: Security researchers have identified it as a delivery mechanism for the RomCom (or Void Rabisu) threat group, which uses it to install backdoors and steal data. Key Indicators
: The archive exploits CVE-2025-0411 , a vulnerability that allows files to bypass the Mark-of-the-Web (MoTW) security flag. SmallFolicDividedCaptive.7z
: Often delivered via spear-phishing emails disguised as official or urgent documents. : Security researchers have identified it as a