MALWARE: Winnti
Winnti is a trojan typically used by a Chinese advanced persistent threat (APT) group of the same name. The Winnti trojan was first identified in 2011. An indication that Winnti has compromised a computer system is the presence of “tmpCCD.tmp” in the Windows temporary folder and the files “ServiceAdobe.dll” and “ksadobe.dat.” When working, the RAT (remote access Trojan) also uses a service pretending to be from Adobe (Adobe Service).
Incidents Caused by this Malware
- Winnti attack on Covestro June 19, 2020:
- Winnti attack on Marriott June 1, 2020:
- June 1, 2019: Winnti malware infection
- January 1, 2018: Winnti attack on BASF
- January 1, 2018: Winnti attack on Siemens
- January 1, 2018: Winnti attack on Henkel
- January 1, 2018: Winnti attack on Roche
- January 1, 2018: Winnti attack on Shin-Etsu
- January 1, 2018: Winnti attack on Sumitomo
- January 1, 2018: Winnti attack on Lion Air
- January 1, 2018: Winnti attack on Valve