{ "id": "1ddc0a50-fb12-402a-a99f-a801907da367", "created_at": "2026-04-06T00:17:06.212872Z", "updated_at": "2026-04-10T03:29:07.000483Z", "deleted_at": null, "sha1_hash": "31d117ecd9443c410ea7b7e9f3df5b9567232ac2", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 50961, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-02 10:57:56 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Winos\r\n Tool: Winos\r\nNames Winos\r\nCategory Malware\r\nType Backdoor, Info stealer, Keylogger, Loader, Exfiltration\r\nDescription\r\n(Trend Micro) The final payload of this attack is the Winos 4.0 implant, which is written in\r\nC++ and targets the Windows platform. Winos has features that include file management,\r\ndistributed denial of service (DDoS) using TCP/UDP/ ICMP/HTTP, full disk search, webcam\r\ncontrol, and screen capturing. Additionally, it supports many functionalities including process\r\ninjection and microphone recording, system and service management, remote shell access, and\r\nkeylogging functionalities, further enhancing its ability to control and monitor the infected\r\nsystem.\r\nInformation\r\n\u003chttps://www.trendmicro.com/en_us/research/24/f/behind-the-great-wall-void-arachne-targets-chinese-speaking-user.html\u003e\r\n\u003chttps://www.fortinet.com/blog/threat-research/winos-spreads-via-impersonation-of-official-email-to-target-users-in-taiwan\u003e\r\nLast change to this tool card: 02 March 2025\r\nDownload this tool card in JSON format\r\nAll groups using tool Winos\r\nChanged Name Country Observed\r\nAPT groups\r\n  Void Arachne 2024-Jun 2025  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8c1859a2-f359-4d93-99ca-bdbbf1d8e0e7\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8c1859a2-f359-4d93-99ca-bdbbf1d8e0e7\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8c1859a2-f359-4d93-99ca-bdbbf1d8e0e7\r\nPage 2 of 2\n\nAPT groups Void Arachne 2024-Jun 2025 \n1 group listed (1 APT, 0 other, 0 unknown) \n Page 1 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8c1859a2-f359-4d93-99ca-bdbbf1d8e0e7" ], "report_names": [ "listgroups.cgi?u=8c1859a2-f359-4d93-99ca-bdbbf1d8e0e7" ], "threat_actors": [ { "id": "8f68387a-aced-4c99-b2a6-aa85071a0ca3", "created_at": "2024-06-25T02:00:05.030976Z", "updated_at": "2026-04-10T02:00:03.656871Z", "deleted_at": null, "main_name": "Void Arachne", "aliases": [ "Silver Fox" ], "source_name": "MISPGALAXY:Void Arachne", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a7805d1a-b8d0-4a42-ae86-1d8711e0b2b9", "created_at": "2024-08-28T02:02:09.729503Z", "updated_at": "2026-04-10T02:00:04.967533Z", "deleted_at": null, "main_name": "Void Arachne", "aliases": [ "Silver Fox" ], "source_name": "ETDA:Void Arachne", "tools": [ "Gh0stBins", "Gh0stCringe", "HoldingHands RAT", "Winos" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434626, "ts_updated_at": 1775791747, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/31d117ecd9443c410ea7b7e9f3df5b9567232ac2.pdf", "text": "https://archive.orkl.eu/31d117ecd9443c410ea7b7e9f3df5b9567232ac2.txt", "img": "https://archive.orkl.eu/31d117ecd9443c410ea7b7e9f3df5b9567232ac2.jpg" } }