Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework
June 19, 2024, 12:10 p.m.
Tags
External References
Description
Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows Installer (MSI) files containing legitimate software bundled with malicious Winos payloads. The campaign promotes compromised MSI files embedded with nudifiers, deepfake pornography-generating software, and AI voice and facial technologies. It uses SEO poisoning, social media, and messaging platforms for malware distribution. The malware installs a Winos backdoor during installation, leading to potential system compromise. Void Arachne exploits heightened public interest in software circumventing China's Great Firewall and online censorship.
Date
Published: June 19, 2024, 11:37 a.m.
Created: June 19, 2024, 11:37 a.m.
Modified: June 19, 2024, 12:10 p.m.
Indicators
fbc23b84b2c83e99ab1c5cb7075bd5d26b55dde4afc06eddc0471c6d6b2cc5f2
fae4f96beda54a1ed4914537b0542182d3a020dd9db9d9995df37d303b88e6df
ecf5394d78392b11daec1016c6b447f9da7eae69f7702ecf8c4d1d3f69e3fe64
d2e15264c786917a6cb194bf0cf586a69b8678c6d4d4c87cc14082d7b76fe0b2
c61c8ded2a9481c2e50b4872c8f7bcd8ecc33997a6004e62aa06b60742f54e57
b71e6c4ff7c910dd666f442e98597f90bd2eb3fce4c8889af0ecc694f282bf64
bc01cf528086de6a1b231dee01c1624cf58911b171904bf7a6b08ddfba661d83
b396bfd7bec043cf402e04fa810983c93c79d1a632fd4558098e68eb144abb17
976837663b25f793470f24925198b06e79a72ede014a84ba62311fadede5062f
b022e0f0b2ae9e27847cfc909bfcdbc89a732fcdde6e473443aaab2592a84910
827ed4f36ea7032395bfa35da54c6e9d06d6633aa7396792e8511adf366c1fcc
7ed8c7ea5e2feeadb1966f53c48ab3a580f53a4d20725031d764db7e962607a9
7a3841a5315c01df299d8844b62dc150b1c3e5b5ebe7547c1a211349879659af
78f86c3581ae893e17873e857aff0f0a82dcaed192ad82cd40ad269372366590
768881a43d2ffd9701bf2e241a1d59d8a0c116cf20e27a632a8b087bb81de409
77c77e728b98a923bb057943d0b5765b79106c0378d72814cb3db69749abaebb
6f923b94a614e61cbde73c5b09036b9482f3770c02161ecb0875dbb56bc65843
6f5574d00ffce206525835f72ac083692a183e69114f1551b7ecb99dec3d1d19
6ece1e12d50ade02bf424007a9b70b4a14580244a9a1f5cd32c0a129ec069d6e
6ce947e21128687ed37f247e297f29609251deed934b7b5722d27f4a1f72a90e
65ac9f036b1d8a02e4c9041eeafc230562088e57f2535bd194e8bf592e62cb06
61d73a8920c41483d0832c9a5c5bc9f57ac5f71146a98faefc0cb4d988e77bab
61981a0324586ad83e6cb7015df91a6e4887537ad36a4674be82cb3cfcf5b18b
616c7270a21ecc9ccd880e04563343e9ac53cce88a77244388dbb1fc7bfa4360
5f7e00017b16db29fa7cba60993d7af909ef41d3fe9d3f7ca9f693c1f7ef6d37
5abc2006c7a3a27e033075ba881a668aba5e70797677ed2220f7ab9fb36fc927
5759fc938f228579fc5e64e74cee083581a975d4054deb715c0f371b66b96263
5684fc4f33c168519b2fdcae59cc3be2e6db1f0b0f3718524ef57e0e7423f59d
49120dfcef430df1c90c9c370b92b969c876b9b4327d81eae720cd71fcd75b87
538382dc7a7839f125ffe08a854512b78fc4a657697227e53f832ae566ca2505
47dfa891fc347187ba4ac161980a7e7c47cf656ddbf7b269a74c32a5a1365d4e
4791c23aff8a09061b76a05bb88ee37149995584a87aade236ea4eebab79ed1c
436499efe94c7a1bfefaa84c52f8187bffb3d4d1a49de1cbc8885e7807d11b42
409e09ac0fcf7d39044ef0b3eb798aea6dc0650e5214056760694c1340fc8488
3ac0afec0ce29b69d57c54663c6e4fa6fee703696069cb5b8f00783b5504cf80
2d1904dfc5a555b8bfdd4fa2db46d532e19479fd99affb169449ff2a2a4b459a
2962bb303b949e4a0826c723ee4aee2df8cb0806653a8ca6daaa67fd06f37e6f
2066dd040fe020ca32e5ebfeeb4fa75094d3ac43155c83fe222f380d4940df42
202c378deb628a8104a1dd957bbd70b945beea8e11d55b9ce3e4787fbe496797
186bf42bf48dc74ef12e369ca533422ce30a85791b6732016de079192f4aac5f
16d3c176ca94c84b60e26981231bf59ebe75057ac10dd6f583ce65a3bed11dd0
03669424bdf8241a7ef7f8982cc3d0cf56280a5804f042961f3c6a111252ffd3
11a96c107b8d4254722a35ab9a4d25974819de1ce8aa212e12cae39354929d5f
023822a8ad26f2d7330a2afa310ccf943058f2765b7cbc6975c51c144739b55f
103.214.147.14
103.214.147.14.webcamcn.xyz
Attack Patterns
Winos
Void Arachne
T1608
T1566.002
CVE-2024-21412
Additional Informations
China