Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Winnti Malware 4.0

The Winnti malware family dates to at least 2013 and continues to evolve to stay under the radar of security researchers. The latest version of the malicious software uses AES encryption and the third-party library libtomcrypt for decryption. The malware uses various techniques for persistence and defense evasion including software packing, installing a new service, and modifying the registry.
Name Modified Date Sources
Operation Winnti Malware 4.0 2019-09-17