APT / THREAT GROUP

AdWind

Internal ID: jar.adwind
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Part of Malware-as-service platform

Used as a generic name for Java-based RAT

Functionality

- collect general system and user information

- terminate process

-log keystroke

-take screenshot and access webcam

- steal cache password from local or web forms

- download and execute Malware

- modify registry

- download components

- Denial of Service attacks

- Acquire VPN certificates

Initial infection vector

1. Email to JAR files attached

2. Malspam URL to downlaod the malware

Persistence

- Runkey - HKCU\Software\Microsoft\Windows\current version\run

Hiding

Uses attrib.exe

Notes on Adwind

The malware is not known to be proxy aware

Threat Analysis

AdWind is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases1

Also Known As

jar.adwind

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.