WINNKIT

Description

(Cybereason) The final payload deployed by Winnti is also the most evasive and sophisticated: a driver acting as a rootkit, dubbed WINNKIT. WINNKIT’s previous version was researched in the past, and its purpose is to act as a kernel-mode agent, interacting with the user-mode agent and intercepting TCP/IP requests, by talking directly to the network card. The almost zero detection rate in VirusTotal, together with the compilation timestamp from 2019, illustrates just how evasive this rootkit really is, staying in the shadows for 3 years.

Names

Name
WINNKIT

Type

Rootkit

Information

https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive

Other Information

Uuid

a054d70c-913c-424b-a214-6d47c525a169

Last Card Change

2022-07-19

Threat Intelligence Garden

Explorer

WINNKIT

WINNKIT

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks