{"id":56358,"date":"2024-06-19T00:00:00","date_gmt":"2024-06-19T00:00:00","guid":{"rendered":"urn:uuid:f015aa72-3f1a-914b-85a5-98d9dec112b1"},"modified":"2024-06-19T00:00:00","modified_gmt":"2024-06-19T00:00:00","slug":"behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/","title":{"rendered":"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework"},"content":{"rendered":"

<\/p>\n

<\/div>\n

The malware then begins to listen for incoming commands from the C&C server. It can execute a variety of tasks, including loading additional plugins, capturing screenshots, and clearing system logs. These functions are managed and executed through controlled switch statements, ensuring precise and efficient handling of each instruction.<\/p>\n

Table 7 lists the malware\u2019s supported functionalities.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Commands<\/b><\/td>\nDescription<\/b><\/td>\n<\/tr>\n
0<\/td>\nLoad plugins<\/td>\n<\/tr>\n
1<\/td>\nLoad the plugin and update the registry<\/td>\n<\/tr>\n
2<\/td>\nTerminate the connection<\/td>\n<\/tr>\n
3<\/td>\nSend the active window information and capture a screenshot<\/td>\n<\/tr>\n
4<\/td>\nCapture a screenshot<\/td>\n<\/tr>\n
5<\/td>\nExecute file and commands<\/td>\n<\/tr>\n
6<\/td>\nDownload a file from the given URL and execute it<\/td>\n<\/tr>\n
7<\/td>\nModify the registry value of specific keys and, if the key doesn\u2019t exist, create it<\/td>\n<\/tr>\n
8<\/td>\nCheck whether a process with the provided name exists on the system by enumerating the list of running processes<\/td>\n<\/tr>\n
9<\/td>\nN\/A<\/td>\n<\/tr>\n
10<\/td>\nCapture a  screenshot<\/td>\n<\/tr>\n
11<\/td>\nClear system logs: Application, security, and system<\/td>\n<\/tr>\n
12<\/td>\nRestart the process<\/td>\n<\/tr>\n
13<\/td>\nTerminate the process<\/td>\n<\/tr>\n
14<\/td>\nLogout from the system<\/td>\n<\/tr>\n
15<\/td>\nRestart the system<\/td>\n<\/tr>\n
16<\/td>\nShutdown the system<\/td>\n<\/tr>\n
17<\/td>\nChange the default plugin loading method<\/td>\n<\/tr>\n
18<\/td>\nUpdate configuration settings<\/td>\n<\/tr>\n
19<\/td>\nCreate a new C&C thread and perform system information collection<\/td>\n<\/tr>\n
100<\/td>\nSet the value of IpDatespecial<\/i> registry<\/td>\n<\/tr>\n
101<\/td>\nRemove the value of IpDatespecial<\/i> registry<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Table 7. A list of the malware\u2019s supported functionalities<\/p>\n

Conclusion<\/h2>\n

In the scope of our research, we conducted an analysis of a Void Arachne campaign that targets the Chinese-speaking demographic. Using SEO poisoning and widely used messaging applications such as Telegram, the Void Arachne threat group has potentially reached a substantial Chinese-speaking demographic as well as the broader East Asian community through the dissemination of malicious MSI files.<\/p>\n

As is the case with Void Arachne\u2019s campaign, threat actors abused the great public interest in AI technologies to deliver malware. Our investigation revealed that Void Arachne promoted compromised MSI files embedded with nudifiers and deepfake pornography-generating software, intending to infect unsuspecting users. Furthermore, the group advertised corrupted AI voice and facial technologies, frequently exploited in virtual kidnapping<\/a> schemes. The proliferation of these artificial technologies has prompted concerns regarding potential misuse, particularly evident in sextortion<\/a> and virtual kidnapping<\/a> schemes that can lead to heartbreaking consequences<\/a>. In its commitment to safeguarding the general public\u2019s online well-being, Trend Micro has curated comprehensive resources designed to educate the community on identifying, preventing, and addressing sextortion attacks<\/a>. In the event of falling victim to sextortion or virtual kidnapping, the prompt reporting of the incident to relevant authorities, such as the Internet Crime Complaint Center (IC3)<\/a>, is strongly recommended.<\/p>\n

Throughout 2024, we have seen an increase in malicious MSI files, such as in a DarkGate<\/a> campaign that exploited the Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability (CVE-2024-21412<\/a>). Individuals are strongly advised to check the source of MSI files and only download them from trusted sources. As previously discussed, MSI files are bundled installers, which mean that malicious software as well as zero-day exploits can be bundled alongside legitimate software. These malicious MSI files pose a significant threat to organizations as they may act as a backdoored installer and poison the software installer supply chain.<\/p>\n

Organizations can protect themselves from these kinds of attacks with Trend Vision One<\/a>, which enables security teams to continuously identify attack surfaces, including known, unknown, managed, and unmanaged cyber assets. Vision One helps organizations prioritize and address potential risks, including vulnerabilities. It considers critical factors, such as the likelihood and impact of potential attacks, and offers a range of prevention, detection, and response capabilities. This is all backed by advanced threat research, threat intelligence, and AI, which helps reduce the time taken to detect, respond, and remediate issues. Ultimately, Trend Vision One can help improve the overall security posture and effectiveness of an organization, including defending an organization against zero-day attacks.<\/p>\n

When faced with uncertain intrusions, behaviors, and routines, organizations should assume that their system is already compromised or breached and work to immediately isolate affected data or toolchains. With a broader perspective and rapid response, organizations can address breaches and protect their remaining systems, especially with technologies such as Trend Micro\u2122 Endpoint Security<\/a>\u2122 and Trend Micro Network Security, as well as comprehensive security solutions such as Trend Micro\u2122 XDR<\/a>, which can detect, scan, and block malicious content across the modern threat landscape.<\/p>\n

The complete list of indicators of compromise (IoCs) can be found here. <\/a><\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":56359,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9508,9513,9509],"class_list":["post-56358","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-malware","tag-trend-micro-research-research"],"yoast_head":"\nBehind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-19T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/24\/Thumbnail_Void%20Arachne.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework\",\"datePublished\":\"2024-06-19T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/\"},\"wordCount\":732,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework.jpg\",\"keywords\":[\"Trend Micro Research : APT&Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/\",\"name\":\"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework.jpg\",\"datePublished\":\"2024-06-19T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework.jpg\",\"width\":2000,\"height\":1440},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/","og_locale":"en_US","og_type":"article","og_title":"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-06-19T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/24\/Thumbnail_Void%20Arachne.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework","datePublished":"2024-06-19T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/"},"wordCount":732,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/06\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework.jpg","keywords":["Trend Micro Research : APT&Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Malware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/","url":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/","name":"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/06\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework.jpg","datePublished":"2024-06-19T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/06\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/06\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework.jpg","width":2000,"height":1440},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/behind-the-great-wall-void-arachne-targets-chinese-speaking-users-with-the-winos-4-0-cc-framework\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56358"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56358\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56359"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}