Rule Info
Name
Winnti_APT_Hdump_Tool
Author
Florian Roth
Description
Password dumper used by Winnti group - file pn.exe
Score
105
Reference
Internal Research
Date
2016-09-30
Minimum Yara
1.7
Rule Hash
bc0c5568d601860803b1c6de7ff561d7
Tags
['T1003', 'EXE', 'FILE', 'CHINA', 'APT', 'G0044']
Required Modules
[]
Virustotal Matches
Antivirus Verdicts
Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
3
Clean (0 engines)
0
Rule Matches
Timestamp
Positives
Total
Hash
VT