SecuriTricks - Attack Report

External References

https://www.trendmicro.com/

https://otx.alienvault.com/

Description

Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows Installer (MSI) files containing legitimate software bundled with malicious Winos payloads. The campaign promotes compromised MSI files embedded with nudifiers, deepfake pornography-generating software, and AI voice and facial technologies. It uses SEO poisoning, social media, and messaging platforms for malware distribution. The malware installs a Winos backdoor during installation, leading to potential system compromise. Void Arachne exploits heightened public interest in software circumventing China's Great Firewall and online censorship.

Date

Published	Created	Modified
June 19, 2024, 11:37 a.m.	June 19, 2024, 11:37 a.m.	June 19, 2024, 12:10 p.m.

Indicators

fbc23b84b2c83e99ab1c5cb7075bd5d26b55dde4afc06eddc0471c6d6b2cc5f2

fae4f96beda54a1ed4914537b0542182d3a020dd9db9d9995df37d303b88e6df

ecf5394d78392b11daec1016c6b447f9da7eae69f7702ecf8c4d1d3f69e3fe64

d2e15264c786917a6cb194bf0cf586a69b8678c6d4d4c87cc14082d7b76fe0b2

c61c8ded2a9481c2e50b4872c8f7bcd8ecc33997a6004e62aa06b60742f54e57

b71e6c4ff7c910dd666f442e98597f90bd2eb3fce4c8889af0ecc694f282bf64

bc01cf528086de6a1b231dee01c1624cf58911b171904bf7a6b08ddfba661d83

b396bfd7bec043cf402e04fa810983c93c79d1a632fd4558098e68eb144abb17

976837663b25f793470f24925198b06e79a72ede014a84ba62311fadede5062f

b022e0f0b2ae9e27847cfc909bfcdbc89a732fcdde6e473443aaab2592a84910

827ed4f36ea7032395bfa35da54c6e9d06d6633aa7396792e8511adf366c1fcc

7ed8c7ea5e2feeadb1966f53c48ab3a580f53a4d20725031d764db7e962607a9

7a3841a5315c01df299d8844b62dc150b1c3e5b5ebe7547c1a211349879659af

78f86c3581ae893e17873e857aff0f0a82dcaed192ad82cd40ad269372366590

768881a43d2ffd9701bf2e241a1d59d8a0c116cf20e27a632a8b087bb81de409

77c77e728b98a923bb057943d0b5765b79106c0378d72814cb3db69749abaebb

6f923b94a614e61cbde73c5b09036b9482f3770c02161ecb0875dbb56bc65843

6f5574d00ffce206525835f72ac083692a183e69114f1551b7ecb99dec3d1d19

6ece1e12d50ade02bf424007a9b70b4a14580244a9a1f5cd32c0a129ec069d6e

6ce947e21128687ed37f247e297f29609251deed934b7b5722d27f4a1f72a90e

65ac9f036b1d8a02e4c9041eeafc230562088e57f2535bd194e8bf592e62cb06

61d73a8920c41483d0832c9a5c5bc9f57ac5f71146a98faefc0cb4d988e77bab

61981a0324586ad83e6cb7015df91a6e4887537ad36a4674be82cb3cfcf5b18b

616c7270a21ecc9ccd880e04563343e9ac53cce88a77244388dbb1fc7bfa4360

5f7e00017b16db29fa7cba60993d7af909ef41d3fe9d3f7ca9f693c1f7ef6d37

5abc2006c7a3a27e033075ba881a668aba5e70797677ed2220f7ab9fb36fc927

5759fc938f228579fc5e64e74cee083581a975d4054deb715c0f371b66b96263

5684fc4f33c168519b2fdcae59cc3be2e6db1f0b0f3718524ef57e0e7423f59d

49120dfcef430df1c90c9c370b92b969c876b9b4327d81eae720cd71fcd75b87

538382dc7a7839f125ffe08a854512b78fc4a657697227e53f832ae566ca2505

47dfa891fc347187ba4ac161980a7e7c47cf656ddbf7b269a74c32a5a1365d4e

4791c23aff8a09061b76a05bb88ee37149995584a87aade236ea4eebab79ed1c

436499efe94c7a1bfefaa84c52f8187bffb3d4d1a49de1cbc8885e7807d11b42

409e09ac0fcf7d39044ef0b3eb798aea6dc0650e5214056760694c1340fc8488

3ac0afec0ce29b69d57c54663c6e4fa6fee703696069cb5b8f00783b5504cf80

2d1904dfc5a555b8bfdd4fa2db46d532e19479fd99affb169449ff2a2a4b459a

2962bb303b949e4a0826c723ee4aee2df8cb0806653a8ca6daaa67fd06f37e6f

2066dd040fe020ca32e5ebfeeb4fa75094d3ac43155c83fe222f380d4940df42

202c378deb628a8104a1dd957bbd70b945beea8e11d55b9ce3e4787fbe496797

186bf42bf48dc74ef12e369ca533422ce30a85791b6732016de079192f4aac5f

16d3c176ca94c84b60e26981231bf59ebe75057ac10dd6f583ce65a3bed11dd0

03669424bdf8241a7ef7f8982cc3d0cf56280a5804f042961f3c6a111252ffd3

11a96c107b8d4254722a35ab9a4d25974819de1ce8aa212e12cae39354929d5f

023822a8ad26f2d7330a2afa310ccf943058f2765b7cbc6975c51c144739b55f

103.214.147.14

Attack Patterns

Winos

Void Arachne

T1608

T1566.002

CVE-2024-21412

Additional Informations

China

Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework

Tags