WINNTI GROUP: Insights From the Past
Tags
cmtmf-attack-pattern: Data Encrypted
country: China Germany South Korea Taiwan U.S. Virgin Islands
maec-delivery-vectors: Watering Hole
attack-pattern: Data Artificial Intelligence - T1588.007 Binary Padding - T1027.001 Code Signing - T1553.002 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Dynamic Dns - T1311 Dynamic Dns - T1333 Exfiltration Over Alternative Protocol - T1639 Exploitation For Privilege Escalation - T1404 Kernel Modules And Extensions - T1547.006 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Binary Padding - T1009 Code Signing - T1116 Connection Proxy - T1090 Data Encrypted - T1022 Exfiltration Over Alternative Protocol - T1048 Exploitation For Privilege Escalation - T1068 Kernel Modules And Extensions - T1215 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID aaf3521c-8c2e-485e-8ebc-9abf1795e6dc
Fingerprint ac788b1d08314609
Analysis status DONE
Considered CTI value 2
Text language
Published April 20, 2020, 6:51 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline WINNTI GROUP: Insights From the Past
Title WINNTI GROUP: Insights From the Past
Detected Hints/Tags/Attributes 120/4/39
Source URLs
Redirection Url
Details Source https://quointelligence.eu/2020/04/winnti-group-insights-from-the-past/
URL Provider
Details Provider Source level domain
Details quointelligence.eu quointelligence.eu
Attributes
Details Type #Events CTI Value
Details Domain 35 
resolver1.opendns.com
Details Domain 1 
dick.mooo.com
Details Domain 4 
mooo.com
Details File 1 
tmpfwrvs.dll
Details File 1 
driver1.sys
Details File 1 
driver2.sys
Details File 3 
dsefix.exe
Details File 11 
vboxdrv.sys
Details File 54 
install.exe
Details md5 1 
c893a12ff72698f09f89f778e4c9cd2b
Details md5 1 
cf140dc4cad9e8216545593a4c08c7be
Details md5 1 
cc95391d75ce2443740f60114fe30ae9
Details md5 1 
b4e66b445b39d0368bbe4b91a3cd98ff
Details md5 1 
eaea9ccb40c82af8f3867cd0f4dd5e9d
Details md5 1 
00961922e22e6a5d30b1d6fbd667d3c4
Details sha1 1 
06256946a69409cd18859bfa429184a282374d76
Details sha1 1 
2b319b44451abb0596b9187e06f1fb7b4ace969d
Details sha1 1 
30d1dd1dd4f0ace7a4f2c24e31fb6a0ee33e8a3a
Details sha1 1 
2bc358ddc72f59ba0373b8635ab08ad747c12180
Details sha1 1 
7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c
Details sha1 1 
0fd54c26b593bd9e9218492d50d8873521c0ec0d
Details sha256 1 
df6af36626d375c5e8aff45c64bfc1975d753b109e126a6cb30ee0523550329c
Details sha256 2 
bfa8948f72061eded548ef683830de068e438a6eaf2da44e0398a37ac3e26860
Details sha256 1 
8ddc6dd9fc3640cd786dfbc72212cd001d9369817aa69e0a2fa25e29560badcf
Details sha256 1 
1865013aaca0f12679e35f06c4dad4e00d6372415ee8390b17b4f910fee1f7a2
Details sha256 3 
cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986
Details sha256 1 
4209b457f3b42dd2e1e119f2c9dd5b5fb1d063a77b49c7acbae89bbe4e284fb9
Details IPv4 27 
208.67.222.222
Details IPv4 1 
45.248.85.200
Details MITRE ATT&CK Techniques 9 
T1215
Details MITRE ATT&CK Techniques 208 
T1068
Details MITRE ATT&CK Techniques 12 
T1009
Details MITRE ATT&CK Techniques 41 
T1014
Details MITRE ATT&CK Techniques 14 
T1116
Details MITRE ATT&CK Techniques 28 
T1022
Details MITRE ATT&CK Techniques 92 
T1048
Details Threat Actor Identifier - APT 522 
APT41
Details Threat Actor Identifier - APT 66 
APT17
Details Threat Actor Identifier - APT 132 
APT32