Emerging Threats
Actor2020
Winnti
2Rules
2References
1Folders
2021-11-27Latest
Summary
Winnti is tracked here as a threat actor, intrusion set, or campaign with 2 Sigma detections spanning 2020. Coverage centers on windows / process_creation.
Related Detections
Search this threatEmerging Threatcriticaltest
Winnti Malware HK University Campaign
Detects specific process characteristics of Winnti malware noticed in Dec/Jan 2020 in a campaign against Honk Kong universities
WindowsProcess Creation
TA0004 · Privilege EscalationTA0003 · PersistenceTA0005 · StealthT1574.001 · DLL+2
Florian Roth (Nextron Systems)+1Sat Feb 012020
Emerging Threatcriticalstable
Winnti Pipemon Characteristics
Detects specific process characteristics of Winnti Pipemon malware reported by ESET
WindowsProcess Creation
TA0004 · Privilege EscalationTA0003 · PersistenceTA0005 · StealthT1574.001 · DLL+2
Florian Roth (Nextron Systems)+1Thu Jul 302020
References