SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): APT17
There is no description at this point.
2024-03-01
⋅
HarfangLab
⋅
A Comprehensive Analysis of i-SOON’s Commercial Offering ShadowPad Winnti |
2023-01-14
⋅
YouTube (CODE BLUE)
⋅
[CB22]Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulation and Scanning ShadowPad Winnti |
2022-10-25
⋅
VMware Threat Analysis Unit
⋅
Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning ShadowPad Winnti |
2022-09-26
⋅
Youtube (Virus Bulletin)
⋅
Tracking the entire iceberg long term APT malware C2 protocol emulation and scanning ShadowPad Winnti |
2022-09-19
⋅
Virus Bulletin
⋅
Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning ShadowPad Winnti |
2022-05-12
⋅
TEAMT5
⋅
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides) KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu |
2022-05-04
⋅
Cybereason
⋅
Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques PRIVATELOG Spyder STASHLOG Winnti |
2022-05-04
⋅
Cybereason
⋅
Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive PRIVATELOG Spyder STASHLOG Winnti |
2022-05-01
⋅
BushidoToken
⋅
Gamer Cheater Hacker Spy Egregor HelloKitty NetfilterRootkit RagnarLocker Winnti |
2022-03-31
⋅
Recorded Future
⋅
China-Linked Group TAG-28 Targets India’s “The Times Group” and UIDAI (Aadhaar) Government Agency With Winnti Malware Winnti TAG-28 |
2022-01-17
⋅
Trend Micro
⋅
Delving Deep: An Analysis of Earth Lusca’s Operations BIOPASS Cobalt Strike FunnySwitch JuicyPotato ShadowPad Winnti Earth Lusca |
2021-11-16
⋅
vmware
⋅
Monitoring Winnti 4.0 C2 Servers for Two Years Winnti |
2021-09-28
⋅
Recorded Future
⋅
4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan PlugX Winnti |
2021-09-21
⋅
Recorded Future
⋅
China-Linked Group TAG-28 Targets India’s “The Times Group” and UIDAI (Aadhaar) Government Agency With Winnti Malware Winnti |
2021-09-14
⋅
McAfee
⋅
Operation ‘Harvest’: A Deep Dive into a Long-term Campaign MimiKatz PlugX Winnti |
2021-07-08
⋅
Recorded Future
⋅
Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling ShadowPad Spyder Winnti |
2021-07-08
⋅
⋅
PTSecurity
⋅
How winnti APT grouping works Korlia ShadowPad Winnti |
2021-07-08
⋅
⋅
YouTube (PT Product Update)
⋅
How winnti APT grouping works Korlia ShadowPad Winnti |
2021-06-05
⋅
Prevailion
⋅
The Gh0st remain the same Winnti |
2021-04-29
⋅
NTT
⋅
The Operations of Winnti group Cobalt Strike ShadowPad Spyder Winnti Earth Lusca |
2021-03-10
⋅
ESET Research
⋅
Exchange servers under siege from at least 10 APT groups Microcin MimiKatz PlugX Winnti APT27 APT41 Calypso Tick ToddyCat Tonto Team Vicious Panda |
2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
2021-01-20
⋅
FireEye
⋅
Emulation of Kernel Mode Rootkits With Speakeasy Winnti |
2020-12-24
⋅
IronNet
⋅
China cyber attacks: the current threat landscape PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti |
2020-11-03
⋅
Kaspersky Labs
⋅
APT trends report Q3 2020 WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX POISONPLUG Rover ShadowPad SoreFang Winnti |
2020-10-30
⋅
YouTube (Kaspersky Tech)
⋅
Around the world in 80 days 4.2bn packets Cobalt Strike Derusbi HyperBro Poison Ivy ShadowPad Winnti |
2020-10-12
⋅
Malwarebytes Labs
⋅
Winnti APT group docks in Sri Lanka for new campaign DBoxAgent SerialVlogger Winnti |
2020-09-22
⋅
vmware
⋅
Detecting Threats in Real-time With Active C2 Information Agent.BTZ Cobalt Strike Dacls NetWire RC PoshC2 Winnti |
2020-09-18
⋅
Symantec
⋅
APT41: Indictments Put Chinese Espionage Group in the Spotlight CROSSWALK PlugX POISONPLUG ShadowPad Winnti |
2020-08-06
⋅
Wired
⋅
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry Cobalt Strike MimiKatz Winnti Red Charon |
2020-08-04
⋅
BlackHat
⋅
Operation Chimera - APT Operation Targets Semiconductor Vendors Cobalt Strike MimiKatz Winnti Red Charon |
2020-04-20
⋅
QuoScient
⋅
WINNTI GROUP: Insights From the Past Winnti |
2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020-03-03
⋅
GIthub (superkhung)
⋅
GitHub Repository: winnti-sniff Winnti |
2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
2020-02-20
⋅
Carbon Black
⋅
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0) Winnti |
2020-01-31
⋅
⋅
Tagesschau
⋅
Deutsches Chemieunternehmen gehackt Winnti |
2020-01-31
⋅
ESET Research
⋅
Winnti Group targeting universities in Hong Kong ShadowPad Winnti |
2020-01-01
⋅
Secureworks
⋅
BRONZE ATLAS Speculoos Winnti ACEHASH CCleaner Backdoor CHINACHOPPER Empire Downloader HTran MimiKatz PlugX Winnti APT41 |
2019-10-01
⋅
CrowdStrike
⋅
Don't miss the forest for the trees gleaning hunting value from too much intrusion data Winnti |
2019-09-30
⋅
Lastline
⋅
HELO Winnti: Attack or Scan? Winnti |
2019-09-23
⋅
MITRE
⋅
APT41 Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
2019-09-04
⋅
CarbonBlack
⋅
CB TAU Threat Intelligence Notification: Winnti Malware 4.0 Winnti |
2019-09-04
⋅
FireEye
⋅
APT41: Double Dragon APT41, a dual espionage and cyber crime operation EASYNIGHT Winnti |
2019-08-09
⋅
FireEye
⋅
Double Dragon APT41, a dual espionage and cyber crime operation CLASSFON crackshot CROSSWALK GEARSHIFT HIGHNOON HIGHNOON.BIN JUMPALL POISONPLUG Winnti |
2019-07-24
⋅
Bayerischer Rundfunk
⋅
Attacking the Heart of the German Industry Winnti |
2019-07-24
⋅
Github (br-data)
⋅
Winnti analysis Winnti |
2019-04-22
⋅
Trend Micro
⋅
C/C++ Runtime Library Code Tampering in Supply Chain shadowhammer ShadowPad Winnti |
2018-10-01
⋅
⋅
Macnica Networks
⋅
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018 Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm |
2018-05-22
⋅
Github (TKCERT)
⋅
Nmap Script to scan for Winnti infections Winnti |
2018-03-05
⋅
Github (TKCERT)
⋅
Suricata rules to detect Winnti communication Winnti |
2017-04-19
⋅
Trend Micro
⋅
Of Pigs and Malware: Examining a Possible Member of the Winnti Group Winnti |
2017-03-22
⋅
Trend Micro
⋅
Winnti Abuses GitHub for C&C Communications Winnti |
2016-03-06
⋅
Github (TKCERT)
⋅
Network detector for Winnti malware Winnti |
2015-06-22
⋅
Kaspersky Labs
⋅
Games are over: Winnti is now targeting pharmaceutical companies Winnti APT41 |
2015-04-06
⋅
Novetta
⋅
WINNTI ANALYSIS Winnti |
2015-01-01
⋅
Ruxcon
⋅
WHY ATTACKER TOOLSETS DO WHAT THEY DO Winnti |
2013-04-01
⋅
Kaspersky Labs
⋅
Winnti - More than just a game portless Winnti |