MALWARE: Winnti

Winnti is a trojan typically used by a Chinese advanced persistent threat (APT) group of the same name. The Winnti trojan was first identified in 2011. An indication that Winnti has compromised a computer system is the presence of “tmpCCD.tmp” in the Windows temporary folder and the files “ServiceAdobe.dll” and “ksadobe.dat.” When working, the RAT (remote access Trojan) also uses a service pretending to be from Adobe (Adobe Service).

 

Incidents Caused by this Malware

  • June 19, 2020: Winnti attack on Covestro
  • June 1, 2020: Winnti attack on Marriott
  • June 1, 2019: Winnti malware infection
  • January 1, 2018: Winnti attack on BASF
  • January 1, 2018: Winnti attack on Siemens
  • January 1, 2018: Winnti attack on Henkel
  • January 1, 2018: Winnti attack on Roche
  • January 1, 2018: Winnti attack on Shin-Etsu
  • January 1, 2018: Winnti attack on Sumitomo
  • January 1, 2018: Winnti attack on Lion Air
  • January 1, 2018: Winnti attack on Valve

Threat Actors Known to use this Malware

Pin It on Pinterest

Scroll to Top