{
  "name": "The Cloud-Native Malware Framework",
  "slug": "the-cloud-native-malware-framework",
  "description": "VoidLink is an advanced malware framework designed for Linux systems, focusing on cloud and container environments. It includes custom loaders, implants, rootkits, and modular plugins for long-term access. The framework employs a flexible architecture with a Plugin API inspired by Cobalt Strike. VoidLink uses multiple security mechanisms, including runtime code encryption and adaptive behavior based on the detected environment. Developed by Chinese-affiliated developers, it demonstrates high technical expertise across multiple programming languages. The framework includes cloud-focused capabilities, credential harvesting, and various command-and-control channels. While its intended use remains unclear, VoidLink appears to be positioned for potential commercial use.",
  "published": "2026-01-13T12:59:45+00:00",
  "created_at": "2026-01-13T12:59:45+00:00",
  "modified_at": "2026-01-13T15:31:13+00:00",
  "created_at_opencti": "2026-01-13T12:59:45+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-01-13",
    "chinese-affiliated",
    "cloud-native",
    "framework",
    "linux",
    "malware",
    "plugins",
    "rootkit",
    "stealth",
    "voidlink"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "15cb93d38b0a4bd931434a501d8308739326ce482da5158eb657b0af0fa7ba49"
      },
      {
        "id": "",
        "name": "e990a39e479e0750d2320735444b6c86cc26822d86a40d37d6e163d0fe058896"
      },
      {
        "id": "",
        "name": "6dcfe9f66d3aef1efd7007c588a59f69e5cd61b7a8eca1fb89a84b8ccef13a2b"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:31cba4e04174ea28",
        "name": "VoidLink",
        "slug": "voidlink"
      }
    ],
    "attack_patterns": [
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "fcd96dc0-500e-4354-bd97-5c65718a9004",
        "name": "T1562"
      },
      {
        "id": "eb118bf2-fdf2-4b49-a470-0acabf7608ad",
        "name": "T1505"
      },
      {
        "id": "af9ed2e3-4663-4723-beab-c606ddc312e0",
        "name": "T1543"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "41ad5d62-aa6a-47d6-a9a9-fb2209601099",
        "name": "T1098"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      },
      {
        "id": "6efb8bea-11d7-418d-a429-9f4a3e6c50f6",
        "name": "T1087"
      },
      {
        "id": "3245033a-53c4-454c-873a-fb653af0bf8a",
        "name": "T1552"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      }
    ]
  },
  "external_refs": [
    "https://research.checkpoint.com/2026/voidlink-the-cloud-native-malware-framework",
    "https://otx.alienvault.com/pulse/69664fd1b1289f678b6bf425"
  ]
}