{ "name": "Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan", "slug": "winos-40-spreads-via-impersonation-of-official-email-to-target-users-in-taiwan", "description": "An advanced malware framework known as Winos4.0 was used to target companies in Taiwan in January 2025.", "published": "2025-03-05T15:04:41+00:00", "created_at": "2025-03-05T15:04:41+00:00", "modified_at": "2025-03-05T15:39:08+00:00", "created_at_opencti": "2025-03-05T15:04:41+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-03-05", "agent", "c2 server", "corrupt", "pdf", "phishing", "screen capture", "team", "uacme", "valleyrat", "wechat" ], "related_entities": { "observables": [ { "id": "", "name": "206.238.221.60" }, { "id": "", "name": "43.137.42.254" }, { "id": "", "name": "206.238.221.240" }, { "id": "", "name": "124.156.100.172" }, { "id": "", "name": "206.238.221.244" }, { "id": "", "name": "wrwyrdujtw114117-1336065333.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "twzfw.vip" }, { "id": "", "name": "sjujfde-1329400280.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "htrfe4-1329400280.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "rgghrt1140120-1336065333.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "hei-1333855056.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "fuued5-1329400280.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "ffggssa-1329400280.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "fdsjg114-1336065333.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "chakan202501-1329400280.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "0611-1333855056.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "0107-1333855056.cos.ap-guangzhou.myqcloud.com" }, { "id": "", "name": "9010.360sdgg.com" }, { "id": "", "name": "9009.360sdgg.com" }, { "id": "", "name": "9007.360sdgg.com" }, { "id": "", "name": "9005.360sdgg.com" }, { "id": "", "name": "9006.360sdgg.com" }, { "id": "", "name": "9003.360sdgg.com" }, { "id": "", "name": "9002.360sdgg.com" }, { "id": "", "name": "9001.360sdgg.com" }, { "id": "", "name": "1234.360sdgg.com" }, { "id": "", "name": "fed394a3653b7c6fcc1b277eda6e18eb0983a7e024be5b51e5188b3cfb9512e8" }, { "id": "", "name": "f4d3477a19ff468d234a5e39652157b2181c8b51c754b900bcfa13339f577e7c" }, { "id": "", "name": "e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc" }, { "id": "", "name": "dffbeefc632b20d2ef867553684e9971ab76e1223e743604a5275713423b6168" }, { "id": "", "name": "d4ac82de8dda9796579cd8ea0f84b43c7a980cdb0e9cdb8abe8981a2d215ed2f" }, { "id": "", "name": "c9a8db23d089aa71466b4bde51a51a8cfdcc28e8df33b4c63ce867bd381e5fe5" }, { "id": "", "name": "c55757075259fa4be6941dd273c4a4a2fcc29e6ba427dec124b25b299b3505fe" }, { "id": "", "name": "a067d848f099e6d1e465f9761a5b85392d550303bfa75fac920d444fd980c949" }, { "id": "", "name": "8b1b9a789136ca3abe25938204845c351aaf0c97c0708ade8d4d8ba4ded95ba7" }, { "id": "", "name": "7f22305679e46e1fd5043beb136108197c0921643ce0d680f990a3018ade485b" }, { "id": "", "name": "7a5b26f6dd7b8e0d648e9804ec932603b7d7a5f76c7a8c537ab0c2be54f51fa9" }, { "id": "", "name": "79c64d2e77acdbcdbd35cbb29497941335d7e3ab6ebb474064f095e745f0d643" }, { "id": "", "name": "75a4d75c35724140149c9c5056c1bcbd328bbe1e5d1d1ef34205ed5442d2b348" }, { "id": "", "name": "76ac08358f230bca3e8b8448b3c177094aeac25402b929f5f73869ec77173a44" }, { "id": "", "name": "6c33715a14fdc917b5b09b6e1b5dad07bb769493eafbf7ca1023830b4059e003" }, { "id": "", "name": "67395af91263f71cd600961a1fd33ddc222958e83094afdde916190a0dd5d79c" }, { "id": "", "name": "64a876e6cb3cf3122febc84a00ec3e0740c054cff955164971c470e1b5e5f1bb" }, { "id": "", "name": "594d907855d35ee7689a568e4ac43e4e0ed90de047d91b0253ef79da71ecbc08" }, { "id": "", "name": "36afc6d5dfb0257b3b053373e91c9a0a726c7d269211bc937704349a6b4be9b9" }, { "id": "", "name": "514933468ac1dd9f7db4e2693f1be7f84deb35c33f8f9934fad32caaae9ef611" }, { "id": "", "name": "4c1ea827713f1eb57cc0e8e9d171d4e21d116f846b174bc05114eef5674c9653" }, { "id": "", "name": "2ce73cbfab0beb3663c0151ba7c310e4dbf69f295d8a18114435506483d774ac" }, { "id": "", "name": "20c34b5f0983021414b168913c3da267caf298d8f0f5e3ec0ce97db5f4f48316" }, { "id": "", "name": "268c72f5482374660a132d1b91cac0c04b4724a214db4f052eb421e36c282921" }, { "id": "", "name": "1a342426d59e7fdc4abfb74c2225f68382172e03b0f8d496a57ae647411f0fbd" }, { "id": "", "name": "1f3b041eee1ece8cf6aa5c742aeb8c0ac2266cccecca7888772509227c4f8669" }, { "id": "", "name": "1ad1f2eec961bc7a35abeac486f843b7caece0929b13f1dab47fbdc0406ac4e3" }, { "id": "", "name": "0e3c9af7066ec72406eac25cca0b312894f02d6d08245a3ccef5c029bc297bd2" }, { "id": "", "name": "0a4bbb998bd3a3bcc72cf759689a5656dc74590b731d0affbfc317cf484ed28b" } ], "malware": [ { "id": "legacy:malware:c27332452d8f6638", "name": "UACme", "slug": "uacme" }, { "id": "924242f3-4b79-40d6-ae46-8bcdeaee2783", "name": "Agent", "slug": "agent" }, { "id": "legacy:malware:4f9f68da3d056e8c", "name": "ValleyRAT", "slug": "valleyrat" } ], "attack_patterns": [ { "id": "f4a450ef-8297-42e5-9e47-01162138baa2", "name": "T1115" }, { "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed", "name": "T1113" }, { "id": "926a888c-190c-4efb-ab6b-f9d7e6a0fc54", "name": "T1547" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "0156fcda-e385-4662-b388-086c3e16feec", "name": "T1140" }, { "id": "31d29704-da1c-47ea-b93f-76d368813bdf", "name": "T1560" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" }, { "id": "fcd96dc0-500e-4354-bd97-5c65718a9004", "name": "T1562" } ] }, "external_refs": [ "https://www.fortinet.com/blog/threat-research/winos-spreads-via-impersonation-of-official-email-to-target-users-in-taiwan", "https://otx.alienvault.com/pulse/67c8761ab854f0391937dddc" ] }