Winos 4.0 Spreads via Impersonation of Official Email to Target…

Essential information

Published: 05/03/2025 16:04
Modified: 05/03/2025 16:39
Tags: 2025-03-05 agent c2 server corrupt pdf phishing screen capture team uacme valleyrat wechat
Related entities: 55 observables, 8 techniques (mitre), 3 malware

Description

An advanced malware framework known as Winos4.0 was used to target companies in Taiwan in January 2025.

Related entities

206.238.221.60
43.137.42.254
206.238.221.240
124.156.100.172
206.238.221.244
wrwyrdujtw114117-1336065333.cos.ap-guangzhou.myqcloud.com
twzfw.vip
sjujfde-1329400280.cos.ap-guangzhou.myqcloud.com
htrfe4-1329400280.cos.ap-guangzhou.myqcloud.com
rgghrt1140120-1336065333.cos.ap-guangzhou.myqcloud.com
hei-1333855056.cos.ap-guangzhou.myqcloud.com
fuued5-1329400280.cos.ap-guangzhou.myqcloud.com
ffggssa-1329400280.cos.ap-guangzhou.myqcloud.com
fdsjg114-1336065333.cos.ap-guangzhou.myqcloud.com
chakan202501-1329400280.cos.ap-guangzhou.myqcloud.com
0611-1333855056.cos.ap-guangzhou.myqcloud.com
0107-1333855056.cos.ap-guangzhou.myqcloud.com
9010.360sdgg.com
9009.360sdgg.com
9007.360sdgg.com
9005.360sdgg.com
9006.360sdgg.com
9003.360sdgg.com
9002.360sdgg.com
9001.360sdgg.com
1234.360sdgg.com
fed394a3653b7c6fcc1b277eda6e18eb0983a7e024be5b51e5188b3cfb9512e8
f4d3477a19ff468d234a5e39652157b2181c8b51c754b900bcfa13339f577e7c
e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc
dffbeefc632b20d2ef867553684e9971ab76e1223e743604a5275713423b6168
d4ac82de8dda9796579cd8ea0f84b43c7a980cdb0e9cdb8abe8981a2d215ed2f
c9a8db23d089aa71466b4bde51a51a8cfdcc28e8df33b4c63ce867bd381e5fe5
c55757075259fa4be6941dd273c4a4a2fcc29e6ba427dec124b25b299b3505fe
a067d848f099e6d1e465f9761a5b85392d550303bfa75fac920d444fd980c949
8b1b9a789136ca3abe25938204845c351aaf0c97c0708ade8d4d8ba4ded95ba7
7f22305679e46e1fd5043beb136108197c0921643ce0d680f990a3018ade485b
7a5b26f6dd7b8e0d648e9804ec932603b7d7a5f76c7a8c537ab0c2be54f51fa9
79c64d2e77acdbcdbd35cbb29497941335d7e3ab6ebb474064f095e745f0d643
75a4d75c35724140149c9c5056c1bcbd328bbe1e5d1d1ef34205ed5442d2b348
76ac08358f230bca3e8b8448b3c177094aeac25402b929f5f73869ec77173a44
6c33715a14fdc917b5b09b6e1b5dad07bb769493eafbf7ca1023830b4059e003
67395af91263f71cd600961a1fd33ddc222958e83094afdde916190a0dd5d79c
64a876e6cb3cf3122febc84a00ec3e0740c054cff955164971c470e1b5e5f1bb
594d907855d35ee7689a568e4ac43e4e0ed90de047d91b0253ef79da71ecbc08
36afc6d5dfb0257b3b053373e91c9a0a726c7d269211bc937704349a6b4be9b9
514933468ac1dd9f7db4e2693f1be7f84deb35c33f8f9934fad32caaae9ef611
4c1ea827713f1eb57cc0e8e9d171d4e21d116f846b174bc05114eef5674c9653
2ce73cbfab0beb3663c0151ba7c310e4dbf69f295d8a18114435506483d774ac
20c34b5f0983021414b168913c3da267caf298d8f0f5e3ec0ce97db5f4f48316
268c72f5482374660a132d1b91cac0c04b4724a214db4f052eb421e36c282921
1a342426d59e7fdc4abfb74c2225f68382172e03b0f8d496a57ae647411f0fbd
1f3b041eee1ece8cf6aa5c742aeb8c0ac2266cccecca7888772509227c4f8669
1ad1f2eec961bc7a35abeac486f843b7caece0929b13f1dab47fbdc0406ac4e3
0e3c9af7066ec72406eac25cca0b312894f02d6d08245a3ccef5c029bc297bd2
0a4bbb998bd3a3bcc72cf759689a5656dc74590b731d0affbfc317cf484ed28b

Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan

Essential information

Description

External references

Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan

Essential information

Description

Related entities

Observables (55)

Techniques (MITRE) (8)

Malware (3)

External references