|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
data exfiltration
persistence
remote command execution
backdoor access
|
|
gptkbp:alsoKnownAs
|
gptkb:Winnti
|
|
gptkbp:analyzes
|
gptkb:Microsoft
gptkb:Palo_Alto_Networks
gptkb:CrowdStrike
gptkb:ESET
gptkb:FireEye
gptkb:Kaspersky_Lab
gptkb:Symantec
gptkb:Qihoo_360
gptkb:Trend_Micro
gptkb:Secureworks
|
|
gptkbp:associatedWith
|
gptkb:China
|
|
gptkbp:category
|
trojan
rootkit
Advanced Persistent Threat (APT) tool
|
|
gptkbp:connectsTo
|
gptkb:PlugX
gptkb:ShadowPad
LEAD malware family
|
|
gptkbp:detects
|
gptkb:security
|
|
gptkbp:developedBy
|
gptkb:Winnti_Group
|
|
gptkbp:discoveredBy
|
2011
|
|
gptkbp:exfiltrates
|
gptkb:intellectual_property
gptkb:law
user credentials
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Winnti malware
|
|
gptkbp:notableEvent
|
gptkb:CCleaner_supply_chain_attack
gptkb:Operation_ShadowHammer
|
|
gptkbp:notableVictim
|
software companies
gaming industry
|
|
gptkbp:platform
|
gptkb:Microsoft_Windows
|
|
gptkbp:relatedTo
|
gptkb:APT41
gptkb:LEAD
gptkb:ShadowPad
BARIUM
|
|
gptkbp:signature
|
code injection
encrypted communication
DLL side-loading
|
|
gptkbp:usedBy
|
gptkb:APT41
gptkb:Winnti_Group
|
|
gptkbp:usedFor
|
cybercrime
supply chain attacks
|
|
gptkbp:uses
|
command and control servers
custom encryption
modular architecture
|
|
gptkbp:writtenBy
|
gptkb:C++
|
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
|
|
gptkbp:bfsLayer
|
7
|