Winnti APT group docks in Sri Lanka for new campaign
released on 2022-10-18 @ 04:16:36 PM
Malwarebytes has identified several payloads being dropped in this campaign, including a backdoor that was new to us that they call DBoxAgent due to its use of Dropbox as a command-and-control server. Victimology analysis helped them to confirm their assumption of the Winnti threat group behind this attack with the KeyPlug malware used as final payload.