Winnti backdoor

GPTKB entity

Statements (48)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities persistence
remote command execution
process injection
file exfiltration
keylogging
gptkbp:alsoKnownAs gptkb:Winnti_malware
gptkbp:associatedWith gptkb:PlugX
gptkb:ShadowPad
supply chain attacks
gptkbp:category advanced persistent threat tool
gptkbp:commanded hardcoded IP addresses
domain generation algorithms
gptkbp:countryOfOrigin gptkb:China
gptkbp:detects gptkb:security
endpoint detection and response
gptkbp:developedBy gptkb:Winnti_Group
gptkbp:discoveredBy 2011
gptkbp:exploits software vulnerabilities
https://www.w3.org/2000/01/rdf-schema#label Winnti backdoor
gptkbp:notableEvent gptkb:Operation_Winnti
gptkb:CCleaner_supply_chain_attack
ShadowHammer attack
gptkbp:notableVictim telecommunications companies
gaming industry
pharmaceutical companies
gptkbp:persistenceMechanism Windows services
registry modifications
gptkbp:platform gptkb:Microsoft_Windows
gptkbp:relatedTo gptkb:PlugX
gptkb:APT41
gptkb:ShadowPad
gptkb:Winnti_Group
gptkbp:signature gptkb:Winnti
gptkbp:supportsProtocol gptkb:HTTP
DNS tunneling
custom TCP
gptkbp:usedBy gptkb:APT41
gptkb:APT17
gptkb:Winnti_Group
gptkbp:usedFor cybercrime
intellectual property theft
gptkbp:usesMalware Trojan
backdoor
gptkbp:writtenBy gptkb:C++
C
gptkbp:bfsParent gptkb:Operation_Winnti
gptkbp:bfsLayer 7