{
	"id": "eef7b8e4-8d4c-4c43-873e-d7e434f18d76",
	"created_at": "2026-04-06T01:30:58.933623Z",
	"updated_at": "2026-04-10T03:32:20.899707Z",
	"deleted_at": null,
	"sha1_hash": "458f208240ccb033cfb00721f31de017d82d475f",
	"title": "GitHub - superkhung/winnti-sniff: Old tool we created and used to sniff and decrypt Winnti's traffic within networks after nearly a year to reverse this shit.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 69047,
	"plain_text": "GitHub - superkhung/winnti-sniff: Old tool we created and used to\r\nsniff and decrypt Winnti's traffic within networks after nearly a\r\nyear to reverse this shit.\r\nBy superkhung\r\nArchived: 2026-04-06 01:20:23 UTC\r\nAI CODE CREATION\r\nGitHub CopilotWrite better code with AI\r\nGitHub SparkBuild and deploy intelligent apps\r\nGitHub ModelsManage and compare prompts\r\nMCP RegistryNewIntegrate external tools\r\nDEVELOPER WORKFLOWS\r\nActionsAutomate any workflow\r\nCodespacesInstant dev environments\r\nIssuesPlan and track work\r\nCode ReviewManage code changes\r\nAPPLICATION SECURITY\r\nGitHub Advanced SecurityFind and fix vulnerabilities\r\nCode securitySecure your code as you build\r\nSecret protectionStop leaks before they start\r\nEXPLORE\r\nWhy GitHub\r\nDocumentation\r\nBlog\r\nChangelog\r\nMarketplace\r\nView all features\r\nhttps://github.com/superkhung/winnti-sniff\r\nPage 1 of 3\n\nBY COMPANY SIZE\r\nEnterprises\r\nSmall and medium teams\r\nStartups\r\nNonprofits\r\nBY USE CASE\r\nApp Modernization\r\nDevSecOps\r\nDevOps\r\nCI/CD\r\nView all use cases\r\nBY INDUSTRY\r\nHealthcare\r\nFinancial services\r\nManufacturing\r\nGovernment\r\nView all industries\r\nView all solutions\r\nEXPLORE BY TOPIC\r\nAI\r\nSoftware Development\r\nDevOps\r\nSecurity\r\nView all topics\r\nEXPLORE BY TYPE\r\nCustomer stories\r\nEvents \u0026 webinars\r\nEbooks \u0026 reports\r\nBusiness insights\r\nGitHub Skills\r\nSUPPORT \u0026 SERVICES\r\nDocumentation\r\nCustomer support\r\nCommunity forum\r\nTrust center\r\nhttps://github.com/superkhung/winnti-sniff\r\nPage 2 of 3\n\nPartners\r\nView all resources\r\nCOMMUNITY\r\nGitHub SponsorsFund open source developers\r\nPROGRAMS\r\nSecurity Lab\r\nMaintainer Community\r\nAccelerator\r\nGitHub Stars\r\nArchive Program\r\nREPOSITORIES\r\nTopics\r\nTrending\r\nCollections\r\nENTERPRISE SOLUTIONS\r\nEnterprise platformAI-powered developer platform\r\nAVAILABLE ADD-ONS\r\nGitHub Advanced SecurityEnterprise-grade security features\r\nCopilot for BusinessEnterprise-grade AI features\r\nPremium SupportEnterprise-grade 24/7 support\r\nPricing\r\nSign in\r\nSign up\r\nSource: https://github.com/superkhung/winnti-sniff\r\nhttps://github.com/superkhung/winnti-sniff\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/superkhung/winnti-sniff"
	],
	"report_names": [
		"winnti-sniff"
	],
	"threat_actors": [
		{
			"id": "4d5f939b-aea9-4a0e-8bff-003079a261ea",
			"created_at": "2023-01-06T13:46:39.04841Z",
			"updated_at": "2026-04-10T02:00:03.196806Z",
			"deleted_at": null,
			"main_name": "APT41",
			"aliases": [
				"WICKED PANDA",
				"BRONZE EXPORT",
				"Brass Typhoon",
				"TG-2633",
				"Leopard Typhoon",
				"G0096",
				"Grayfly",
				"BARIUM",
				"BRONZE ATLAS",
				"Red Kelpie",
				"G0044",
				"Earth Baku",
				"TA415",
				"WICKED SPIDER",
				"HOODOO",
				"Winnti",
				"Double Dragon"
			],
			"source_name": "MISPGALAXY:APT41",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2a24d664-6a72-4b4c-9f54-1553b64c453c",
			"created_at": "2025-08-07T02:03:24.553048Z",
			"updated_at": "2026-04-10T02:00:03.787296Z",
			"deleted_at": null,
			"main_name": "BRONZE ATLAS",
			"aliases": [
				"APT41 ",
				"BARIUM ",
				"Blackfly ",
				"Brass Typhoon",
				"CTG-2633",
				"Earth Baku ",
				"GREF",
				"Group 72 ",
				"Red Kelpie ",
				"TA415 ",
				"TG-2633 ",
				"Wicked Panda ",
				"Winnti"
			],
			"source_name": "Secureworks:BRONZE ATLAS",
			"tools": [
				"Acehash",
				"CCleaner v5.33 backdoor",
				"ChinaChopper",
				"Cobalt Strike",
				"DUSTPAN",
				"Dicey MSDN",
				"Dodgebox",
				"ForkPlayground",
				"HUC Proxy Malware (Htran)"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775439058,
	"ts_updated_at": 1775791940,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/458f208240ccb033cfb00721f31de017d82d475f.pdf",
		"text": "https://archive.orkl.eu/458f208240ccb033cfb00721f31de017d82d475f.txt",
		"img": "https://archive.orkl.eu/458f208240ccb033cfb00721f31de017d82d475f.jpg"
	}
}