Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
Tags
country: Bolivia China North Korea India Japan South Korea Thailand Taiwan United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Code Signing - T1553.002 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Remote Access Software - T1663 Software - T1592.002 Whois - T1596.002 Code Signing - T1116 Connection Proxy - T1090 Remote Access Tools - T1219
Show in Graph
Common Information
Type Value
UUID 5c3bfe69-e85e-46bf-ae45-c5084bcd57cc
Fingerprint cf909c9b08b19741
Analysis status DONE
Considered CTI value 2
Text language
Published May 3, 2018, midnight
Added to db Nov. 8, 2023, 12:24 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
Title Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
Detected Hints/Tags/Attributes 133/3/10
Source URLs
Redirection Url
Details Source https://401trg.com/burning-umbrella/
URL Provider
Details Provider Source level domain
Details 401trg.com 401trg.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 163 https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 5 
401trg.com
Details Domain 80 
goo.gl
Details Domain 1 
nobody.will.know.whoami.la
Details Domain 1 
secret.whoami.la
Details Domain 1 
no.ip.detect.if.using.ipv6.la
Details md5 2 
3b58e122d9e17121416b146daab4db9d
Details IPv4 1441 
127.0.0.1
Details IPv4 1 
221.216.0.0
Details Threat Actor Identifier - APT 115 
APT1
Details Threat Actor Identifier - APT 66 
APT17