No “Game over” for the Winnti Group | WeLiveSecurity
ESET researchers have discovered a new, modular backdoor that they named PipeMon and that was used by the Winnti Group against several South Korea- and Taiwan-based companies that develop MMO (Massively Multiplayer Online) games.
21 May 2020 ... C:\Windows\System32\spool\prtprocs\x64\DEment.dll ... After having registered
the Print Processor, PipeMon restarts the print spooler service ... Table 3.
PipeMon communication channel and their respective named pipes ...