ioc[.]one - OSINT Cyber Threat Intelligence Database

Winnti. More than just a game

Tags

country:

Belarus Bolivia Brazil China Germany India Indonesia Japan South Korea Thailand Peru Philippines Vietnam Taiwan United States Of America

attack-pattern:

Data Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Whois - T1596.002 Rootkit - T1014 Rootkit

Show in Graph

Common Information

Type	Value
UUID	f3d409fd-5db9-4e6c-b227-9196f4083256
Fingerprint	bf208fd9803337c5
Analysis status	DONE
Considered CTI value	0
Text language
Published	April 11, 2013, 5 p.m.
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 17, 2024, 11:36 p.m.
Headline	Winnti. More than just a game
Title	Winnti. More than just a game
Detected Hints/Tags/Attributes	122/2/61

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/winnti-more-than-just-a-game/37029/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	my.gasoft.us
Details	Domain	2	tcpiah.googleclick.net
Details	Domain	2	vn.gcgame.info
Details	Domain	2	rss.6600.org
Details	Domain	2	ap.nhntech.com
Details	Domain	1175	gmail.com
Details	Domain	55	live.com
Details	Domain	2	cnkker.com
Details	Domain	707	google.com
Details	Email	2	evilsex@gmail.com
Details	Email	2	jslee.jcr@gmail.com
Details	Email	2	whoismydns@gmail.com
Details	Email	2	googl3@live.com
Details	Domain	4	blogs.norman.com
Details	Domain	2	6600.org
Details	Domain	2	8866.org
Details	Domain	2	9966.org
Details	Domain	41	ddns.net
Details	Domain	2	ru.gcgame.info
Details	Domain	2	kr.zzsoft.info
Details	Domain	2	jp.xxoo.co
Details	Domain	2	us.nhntech.com
Details	Domain	2	fs.nhntech.com
Details	Domain	2	as.cjinternet.us
Details	Domain	2	newpic.dyndns.tv
Details	Domain	2	lp.zzsoft.info
Details	Domain	2	update.ddns.net
Details	Domain	2	lp.gasoft.us
Details	Domain	2	kr.jcrsoft.com
Details	Domain	2	nd.jcrsoft.com
Details	Domain	2	eya.jcrsoft.com
Details	Domain	2	wm.ibm-support.net
Details	Domain	2	cc.nexoncorp.us
Details	Domain	2	ftpd.9966.org
Details	Domain	2	kr.xxoo.co
Details	Domain	2	docs.nhnclass.com
Details	Domain	2	wi.gcgame.info
Details	Domain	2	rh.jcrsoft.com
Details	Domain	2	ca.zzsoft.info
Details	Domain	2	tcp.nhntech.com
Details	Domain	2	wm.nhntech.com
Details	Domain	2	sn.jcrsoft.com
Details	Domain	2	ka.jcrsoft.com
Details	Domain	2	wm.myxxoo.com
Details	Domain	2	lp.apanku.com
Details	Domain	2	my.zzsoft.info
Details	Domain	2	ka.zzsoft.info
Details	Domain	2	sshd.8866.org
Details	Domain	2	jp.jcrsoft.com
Details	Domain	2	ad.jcrsoft.com
Details	Domain	2	ftpd.6600.org
Details	Domain	2	su.cjinternet.us
Details	Email	2	wzcc@cnkker.com
Details	Email	2	apanku2009@gmail.com
Details	File	2	gcgame.inf
Details	File	2	zzsoft.inf
Details	File	33	config.msi
Details	File	2	cmdplus.dll
Details	IPv4	1441	127.0.0.1
Details	IPv4	2	192.168.1.136
Details	Url	2	http://blogs.norman.com/2011/security-research/invisible-ynk-a-code-signing-conundrum