Winnti is a trojan typically used by a Chinese advanced persistent threat (APT) group of the same name. The Winnti trojan was first identified in 2011. An indication that Winnti has compromised a computer system is the presence of “tmpCCD.tmp” in the Windows temporary folder and the files “ServiceAdobe.dll” and “ksadobe.dat.” When working, the RAT (remote access Trojan) also uses a service pretending to be from Adobe (Adobe Service).

Incidents Caused by this Malware

Threat Actors Known to use this Malware