|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
persistence
remote command execution
process injection
file exfiltration
keylogging
|
|
gptkbp:alsoKnownAs
|
gptkb:Winnti_malware
|
|
gptkbp:associatedWith
|
gptkb:PlugX
gptkb:ShadowPad
supply chain attacks
|
|
gptkbp:category
|
advanced persistent threat tool
|
|
gptkbp:commanded
|
hardcoded IP addresses
domain generation algorithms
|
|
gptkbp:countryOfOrigin
|
gptkb:China
|
|
gptkbp:detects
|
gptkb:security
endpoint detection and response
|
|
gptkbp:developedBy
|
gptkb:Winnti_Group
|
|
gptkbp:discoveredBy
|
2011
|
|
gptkbp:exploits
|
software vulnerabilities
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Winnti backdoor
|
|
gptkbp:notableEvent
|
gptkb:Operation_Winnti
gptkb:CCleaner_supply_chain_attack
ShadowHammer attack
|
|
gptkbp:notableVictim
|
telecommunications companies
gaming industry
pharmaceutical companies
|
|
gptkbp:persistenceMechanism
|
Windows services
registry modifications
|
|
gptkbp:platform
|
gptkb:Microsoft_Windows
|
|
gptkbp:relatedTo
|
gptkb:PlugX
gptkb:APT41
gptkb:ShadowPad
gptkb:Winnti_Group
|
|
gptkbp:signature
|
gptkb:Winnti
|
|
gptkbp:supportsProtocol
|
gptkb:HTTP
DNS tunneling
custom TCP
|
|
gptkbp:usedBy
|
gptkb:APT41
gptkb:APT17
gptkb:Winnti_Group
|
|
gptkbp:usedFor
|
cybercrime
intellectual property theft
|
|
gptkbp:usesMalware
|
Trojan
backdoor
|
|
gptkbp:writtenBy
|
gptkb:C++
C
|
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
|
|
gptkbp:bfsLayer
|
7
|