 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: WINNKIT| Names | WINNKIT | |
| Category | Malware | |
| Type | Rootkit | |
| Description | (Cybereason) The final payload deployed by Winnti is also the most evasive and sophisticated: a driver acting as a rootkit, dubbed WINNKIT. WINNKIT’s previous version was researched in the past, and its purpose is to act as a kernel-mode agent, interacting with the user-mode agent and intercepting TCP/IP requests, by talking directly to the network card. The almost zero detection rate in VirusTotal, together with the compilation timestamp from 2019, illustrates just how evasive this rootkit really is, staying in the shadows for 3 years. | |
| Information | <https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive> | |
Last change to this tool card: 19 July 2022
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| APT 41 |  | 2012-Feb 2023 |  | ||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |